last executing test programs:

17m13.89353347s ago: executing program 32 (id=10):
r0 = io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x5f41, 0x80})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000340), 0x14)
write$binfmt_script(r1, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000500)=@gcm_128={{0x303}, "668f4918bdecc7bf", "a590d6cbe29665fffe6115bb3dbf924c", "c8beb772", "c8f6140f4d4f5b4c"}, 0x28)
close_range(r0, 0xffffffffffffffff, 0x0)

15m19.396001277s ago: executing program 2 (id=370):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a828542625fc6096aedc0ac5c144f0965071274bea051007e398cf9090c53d4b8b7dc784e3d83b78b007a43d744aa99d6a7c576e20b4281eff511122ccb399bcef0a0471639c81aab7445cebfc9b00b31fcbaf63086b3c16f51b593acee0b3a4830dd6af1accb15cc6163cabc01442527aa10000000000000000a4ba25997affe74ec552bf9deafbd63e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000300)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
r4 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r4, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r1, 0xe0, &(0x7f00000007c0)={0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)={r6}, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r7, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000200)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f90020", 0x10, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x80, 0x7e8, 0x1}}}}}}, 0x0)

15m19.135252044s ago: executing program 2 (id=372):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0)
r2 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c0460cbff563b781695432f5a83f5ab8979bf6fd1c17aaa22ada927f1feb5074053514edf5734d63b2b58edc5b848d6fa38f7956549438addc5e72bb0cdbce326b0b3f", 0x79, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

15m14.896293224s ago: executing program 2 (id=380):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x75, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18)
close(r1)

15m14.419514079s ago: executing program 2 (id=384):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0)
sendto$inet6(r0, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r0, r1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001f00)=""/4106, 0xfffffffffffffccb, 0x0, 0x0}, &(0x7f0000000080)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000300)=""/187, 0xbb, 0x0, 0x0}, &(0x7f0000000280)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000001200)=0x40)

15m14.13628075s ago: executing program 2 (id=386):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000500)={0xe26, 0x100008b}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1, 0x200007, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r3}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20)

15m12.43335357s ago: executing program 2 (id=388):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
syz_io_uring_setup(0x7a8e, 0x0, &(0x7f0000000000), 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

14m56.465658381s ago: executing program 33 (id=388):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
syz_io_uring_setup(0x7a8e, 0x0, &(0x7f0000000000), 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

5m35.027286045s ago: executing program 4 (id=1720):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
io_uring_setup(0x10d7, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

5m33.753105221s ago: executing program 4 (id=1724):
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r4=>0x0, &(0x7f00000005c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5m31.214124929s ago: executing program 4 (id=1728):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mount$afs(0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r3, 0x52b242d)
keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x3})

5m29.655152845s ago: executing program 4 (id=1732):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
listxattr(0x0, 0x0, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca30000000000003403000040feffff720af1ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61144400000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

5m28.514101653s ago: executing program 4 (id=1733):
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x1, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000ac0)=ANY=[@ANYBLOB="000504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_RENAMEAT={0x23, 0x14, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)='./file0\x00'})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

5m23.864438979s ago: executing program 4 (id=1741):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x6, 0x0, 0x41000, 0x31, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0xa9d, &(0x7f0000000100)=0x4)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x21, 0x13, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

5m8.725763007s ago: executing program 34 (id=1741):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x6, 0x0, 0x41000, 0x31, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0xa9d, &(0x7f0000000100)=0x4)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x21, 0x13, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3m36.770077898s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

2m53.475399762s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

2m33.725573895s ago: executing program 6 (id=2092):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xf)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x110e, 0x0, 0x0, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000040)=0x6, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r2 = syz_open_dev$dri(&(0x7f0000000f00), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r3=>0x0], &(0x7f0000000340), 0x3, 0x0, 0xeeeeeeee})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r1, 0xc01864ba, &(0x7f0000000300)={0x22, r3})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x614}, [@IFLA_MTU={0x8, 0x4, 0x44}]}, 0x28}, 0x9}, 0x0)

2m32.251685301s ago: executing program 6 (id=2095):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000200)={<r1=>r0, 0x2, 0xfff, 0x8})
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r1)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000a80)={0x9, {{0x2, 0x4e26, @multicast2}}, 0x0, 0x3, [{{0x2, 0x4e24, @rand_addr=0x64010102}}, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x4e21, @rand_addr=0x64010101}}]}, 0x210)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x0, 0xff}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000791208000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
socket(0x840000000002, 0x3, 0xfa)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x1000, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={r6, 0x89c}, 0x8)

2m31.683250019s ago: executing program 6 (id=2098):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000100)=""/204)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x30, 0x0, 0x121, 0x70bd28, 0x25dfdbfb, {0x3}, [@SEG6_ATTR_DST={0x14, 0x1, @private2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xc005}, 0x0)
sendmsg$SEG6_CMD_GET_TUNSRC(r1, 0x0, 0x800)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200029010203010902"], 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x2000000, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

2m28.002895717s ago: executing program 6 (id=2103):
ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0x2284, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280), 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000300)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xb, 0x8, 0x9}, {0x4, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r5}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x7, 0x8}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2m26.688571599s ago: executing program 6 (id=2107):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x40, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
r2 = syz_clone3(&(0x7f00000003c0)={0x218000, 0x0, 0x0, &(0x7f0000000100), {0x37}, &(0x7f0000000200)=""/107, 0x6b, 0x0, 0x0}, 0x58)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, r2, 0x0, 0x4001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$phonet(0xffffffffffffffff, 0x0, 0x0)
r3 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil)
shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x5000)
shmctl$SHM_LOCK(r3, 0xb)
r4 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4004550d, &(0x7f0000000500))

2m26.488165114s ago: executing program 6 (id=2109):
unshare(0x8000000)
semget$private(0x0, 0x3, 0x555)
r0 = semget$private(0x0, 0x0, 0x587)
semop(r0, &(0x7f0000000240)=[{0x4, 0x4, 0x460f613af7346a4b}, {0x4, 0x0, 0x38c652153765b23a}], 0x2)
semctl$SETVAL(r0, 0x2, 0x8, 0x0)
semtimedop(r0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0)
mount(&(0x7f0000000300)=@sg0, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='xfs\x00', 0x0, &(0x7f0000000000)='usrquota')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)

2m22.317626041s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

2m11.397409576s ago: executing program 35 (id=2109):
unshare(0x8000000)
semget$private(0x0, 0x3, 0x555)
r0 = semget$private(0x0, 0x0, 0x587)
semop(r0, &(0x7f0000000240)=[{0x4, 0x4, 0x460f613af7346a4b}, {0x4, 0x0, 0x38c652153765b23a}], 0x2)
semctl$SETVAL(r0, 0x2, 0x8, 0x0)
semtimedop(r0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0)
mount(&(0x7f0000000300)=@sg0, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='xfs\x00', 0x0, &(0x7f0000000000)='usrquota')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)

2m8.141859693s ago: executing program 5 (id=2141):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = inotify_init()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = inotify_add_watch(r3, &(0x7f0000000280)='.\x00', 0x25000001)
inotify_rm_watch(r3, r4)
mkdir(0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

2m6.679114916s ago: executing program 5 (id=2143):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2(&(0x7f0000000240), 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$can_raw(0x1d, 0x3, 0x1)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20)

2m5.92075413s ago: executing program 5 (id=2144):
io_setup(0x81, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3)
kcmp(0xffffffffffffffff, r2, 0x5, r0, r0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000005c00), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000005c40)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000005cc0)={&(0x7f0000005c80)={0x1c, r5, 0x711, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x10)

2m4.544803731s ago: executing program 5 (id=2146):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x80801, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r2, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0)
openat$ppp(0xffffff9c, &(0x7f00000001c0), 0x22000, 0x0)

2m0.773630859s ago: executing program 5 (id=2150):
unshare(0x8000000)
semget$private(0x0, 0x3, 0x555)
r0 = semget$private(0x0, 0x0, 0x587)
semop(r0, 0x0, 0x0)
semctl$SETVAL(r0, 0x2, 0x8, 0x0)
semtimedop(r0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0)
mount(0x0, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='xfs\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1m59.60434604s ago: executing program 5 (id=2152):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x18)
connect$unix(r2, &(0x7f0000001080)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r3, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)="28e6ceb00e919b519d9c75d8fcf6370a0e5820a3ab6a48c49f564a91ccef167412e24838a1258d11365ba45a2f25b09276ee5b5f9480a756f4470e00000100efb8c84c471dc9", 0x46}, {&(0x7f00000006c0)="52fad8a2f6e21b15aade9d6f12393327d118219aab8428e0f3480004e52eafe4592e182d4cd7f609834f6214afcceeaacdd3ce254ca8f3f4330db1ee806231cfa98b5736d6f3afbadd8022414c8613ac341b8d1538b6cf5d199b7f2b725c9353de81c0b1e0c8ac5d35b8", 0x6a}, {&(0x7f0000000300)="1b3599cc95cb5e69b24ff9b2fd5b1d69d1f18403cf", 0x15}], 0x3}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000f00)="300c9fd7cbdc2b2f231d94cd6d13c6ea067c8650bb37ea78", 0x18}, {&(0x7f0000000b00)="06cedc4940a621666d04c16c7bc82365a6c30f93012a61487c83", 0x1a}, {&(0x7f0000000a40)}, {0x0}], 0x4}}], 0x2, 0xc0)
sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

1m45.033705411s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

1m44.485590607s ago: executing program 36 (id=2152):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x18)
connect$unix(r2, &(0x7f0000001080)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r3, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)="28e6ceb00e919b519d9c75d8fcf6370a0e5820a3ab6a48c49f564a91ccef167412e24838a1258d11365ba45a2f25b09276ee5b5f9480a756f4470e00000100efb8c84c471dc9", 0x46}, {&(0x7f00000006c0)="52fad8a2f6e21b15aade9d6f12393327d118219aab8428e0f3480004e52eafe4592e182d4cd7f609834f6214afcceeaacdd3ce254ca8f3f4330db1ee806231cfa98b5736d6f3afbadd8022414c8613ac341b8d1538b6cf5d199b7f2b725c9353de81c0b1e0c8ac5d35b8", 0x6a}, {&(0x7f0000000300)="1b3599cc95cb5e69b24ff9b2fd5b1d69d1f18403cf", 0x15}], 0x3}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000f00)="300c9fd7cbdc2b2f231d94cd6d13c6ea067c8650bb37ea78", 0x18}, {&(0x7f0000000b00)="06cedc4940a621666d04c16c7bc82365a6c30f93012a61487c83", 0x1a}, {&(0x7f0000000a40)}, {0x0}], 0x4}}], 0x2, 0xc0)
sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

1m26.443225706s ago: executing program 8 (id=2134):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)

1m24.819446782s ago: executing program 8 (id=2205):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

1m22.989777594s ago: executing program 8 (id=2208):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sync()
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000bc0)={{@my=0x0}, {@my=0x0, 0x4000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b8317ad07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7d9ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162f3abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c900"}, 0x418})

1m7.713841231s ago: executing program 37 (id=2208):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sync()
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000bc0)={{@my=0x0}, {@my=0x0, 0x4000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b8317ad07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7d9ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162f3abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c900"}, 0x418})

1m7.664143545s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

39.615657125s ago: executing program 3 (id=1364):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
write$FUSE_IOCTL(r3, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f00000002c0)=""/161, 0xa1, 0x140, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x7fff)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000140))
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0b0e00", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x44, r1, 0x1, 0x70bd24, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x92, 0xb2, 0x7}, @void}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
setresgid(0xee00, 0x0, 0xee00)

16.446585585s ago: executing program 7 (id=2340):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x100})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
socket$l2tp(0x2, 0x2, 0x73)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20000, 0x2)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0)
getsockopt$inet_int(r2, 0x0, 0x21, 0x0, &(0x7f0000000080))

16.253591342s ago: executing program 0 (id=2341):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_setup(0x2a2e, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
setgroups(0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2d, 0x9, 0x70bd26, 0x0, {0x4}, [@typed={0x8, 0xd9, 0x0, 0x0, @fd=r0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008044}, 0x84)

14.688070689s ago: executing program 9 (id=2343):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000055)
setgid(0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000240)={@initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, 0x1, "0d9c6e9f9c929c0f2bf87cb3e6da5bc11efab4b594828e344082b7ec45049cc9", 0x0, 0x1, 0xfffff86d, 0x4}, 0x3c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
gettid()
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f00000005c0)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x48)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getegid()
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000300)=ANY=[], 0x45)

14.493667333s ago: executing program 1 (id=2344):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x4000, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0xfffffffe, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x8, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c)
r4 = memfd_create(0x0, 0x3)
fcntl$addseals(r4, 0x409, 0x7)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001200)={0x18, 0x1418, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0xf00, 0x0, 0x4884d}, 0x10)

14.423197418s ago: executing program 0 (id=2345):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$tipc(0x1e, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000019c0)={0x28, r4, 0xacf5e67dd0b583a1, 0x70bd29, 0x0, {{0x5}, {@val={0x7}, @val={0xc}}}}, 0x28}}, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='afs_receive_data\x00', r0}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x2}]})
close_range(r7, 0xffffffffffffffff, 0x0)

13.344576275s ago: executing program 1 (id=2346):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
eventfd2(0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
socket$netlink(0x10, 0x3, 0x9)
syz_open_dev$usbmon(&(0x7f0000000040), 0x5b, 0x2340)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x20000000000001f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_io_uring_setup(0x24fa, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x1c5}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24844})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

12.629062656s ago: executing program 9 (id=2347):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mincore(&(0x7f0000f0c000/0x3000)=nil, 0x3000, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20048810)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000"], 0x70}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x3ef, 0x0)

12.239290919s ago: executing program 1 (id=2348):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$inet(0x2, 0x3, 0x5)
syz_open_dev$video(0x0, 0xc000, 0x482002)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x1c4)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
creat(&(0x7f0000000240)='./file0/bus\x00', 0x0)
acct(&(0x7f0000000100)='./file0/bus\x00')
chroot(&(0x7f00000003c0)='./file0\x00')
umount2(&(0x7f0000000280)='./file0\x00', 0x0)

12.236392663s ago: executing program 7 (id=2349):
pipe(&(0x7f0000000580))
semtimedop(0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r3, 0x0, 0xfd}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000))
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)

11.719003021s ago: executing program 0 (id=2350):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="020000000400000008000000010000008000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000021000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

11.012897154s ago: executing program 9 (id=2351):
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x14\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x5)
fallocate(r1, 0x0, 0x400000000000000, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x40000)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x5)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000100)={0x29, 0xa, 0x2, "140d59875aab192ffdffffff0000000300000000000000ffff00000000b28d00", 0x32314d56})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
pread64(r5, &(0x7f00000001c0)=""/140, 0x8c, 0x7)

10.560622062s ago: executing program 1 (id=2352):
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone3(&(0x7f0000000280)={0x100000800, 0x0, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, 0x0}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x5, 0x40}})
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000140)={0x0, 0x5, 0x3009})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
userfaultfd(0x80001)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000017c0000040042801400018006000600800a000006001700980a0000040002"], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800)

10.082891422s ago: executing program 7 (id=2353):
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)

10.019033008s ago: executing program 0 (id=2354):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff)
getsockopt$IP_VS_SO_GET_DAEMON(r2, 0x0, 0x487, &(0x7f0000002b40), &(0x7f0000002b80)=0x30)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getpid()
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socket$nl_route(0x10, 0x3, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='msdos\x00', 0x0, 0x0)

9.8552389s ago: executing program 9 (id=2355):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x4976a000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f00000002c0)=r1}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvmsg$unix(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002)

9.846725605s ago: executing program 1 (id=2356):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x4000, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0xfffffffe, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x8, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c)
r4 = memfd_create(0x0, 0x3)
fcntl$addseals(r4, 0x409, 0x7)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001200)={0x18, 0x1418, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0xf00, 0x0, 0x4884d}, 0x10)

6.619626508s ago: executing program 0 (id=2357):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
getpeername(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x229ffa1c4ce5369, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vim2m(0x0, 0x8, 0x2)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000440)={r1, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a5fd03"}, 0x38)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0xa, 0x80000, 0x1ff)

6.482201895s ago: executing program 7 (id=2358):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000049500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x1)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000580)={0x239, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239)
r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(r6, 0x5404)
close_range(r4, 0xffffffffffffffff, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x13, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000)

5.44238581s ago: executing program 1 (id=2359):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
io_uring_setup(0x6280, &(0x7f0000000580)={0x0, 0x90000000, 0x1, 0x0, 0x1d2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r3, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r4], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0)

5.086089602s ago: executing program 9 (id=2360):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
mknod(0x0, 0x8001420, 0x1)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@updpolicy={0xc4, 0x19, 0x501, 0x0, 0x0, {{@in6=@private0, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0xfffffffffffffffc}}, [@offload={0xc, 0x1c, {0x0, 0x4}}]}, 0xc4}}, 0x0)

1.88898489s ago: executing program 7 (id=2361):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r1 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

1.858477827s ago: executing program 0 (id=2362):
socket$netlink(0x10, 0x3, 0x12)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
r7 = dup(0xffffffffffffffff)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000300)=ANY=[], 0xb0)
mount$9p_fd(0x0, 0x0, 0x0, 0x10, 0x0)
io_uring_enter(r1, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
write(r0, &(0x7f0000000340), 0x11000)

1.343299512s ago: executing program 7 (id=2363):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0x95, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r2, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)

0s ago: executing program 9 (id=2364):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x4000001)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r1)
fcntl$setstatus(r1, 0x4, 0x2c00)
gettid()
creat(0x0, 0x0)
fanotify_init(0xf00, 0x40000)
r2 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
renameat2(r3, &(0x7f0000000080)='./bus\x00', r3, 0x0, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0xe)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0/bus\x00', &(0x7f0000000140), 0x0, 0x0, 0x0)
epoll_create1(0x0)

kernel console output (not intermixed with test programs):

w USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.372647][T10093] usb 6-1: config 0 descriptor??
[  698.827848][T10093] koneplus 0003:1E7D:2E22.0007: item fetching failed at offset 3/5
[  698.854012][T10093] koneplus 0003:1E7D:2E22.0007: parse failed
[  698.865592][T10093] koneplus 0003:1E7D:2E22.0007: probe with driver koneplus failed with error -22
[  699.486134][T11850] xt_CT: You must specify a L4 protocol and not use inversions on it
[  699.748868][T11836] 9pnet_virtio: no channels available for device 
[  699.894243][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  699.905799][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  699.914668][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  699.927038][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  699.953119][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  702.009802][   T51] Bluetooth: hci2: command tx timeout
[  702.413455][T10104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  702.467167][T11879] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1480'.
[  702.496317][T10104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  702.876041][T10104] bond0 (unregistering): Released all slaves
[  703.587349][   T30] audit: type=1800 audit(1749735646.480:123): pid=11854 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1470" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  703.608008][T11854] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  703.618550][T11854] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  703.666441][T11854] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  704.150799][   T51] Bluetooth: hci2: command tx timeout
[  704.642269][ T5925] usb 6-1: USB disconnect, device number 10
[  704.644937][T11854] syz.5.1470 (11854) used greatest stack depth: 19712 bytes left
[  706.252442][   T51] Bluetooth: hci2: command tx timeout
[  707.090576][T10104] hsr_slave_0: left promiscuous mode
[  707.101040][T10104] hsr_slave_1: left promiscuous mode
[  707.121030][T10104] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.145057][T10104] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.313301][T10104] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.481116][T10104] batman_adv: batadv0: Removing interface: batadv_slave_1
[  708.354702][   T51] Bluetooth: hci2: command tx timeout
[  708.384158][T10104] veth1_macvtap: left promiscuous mode
[  708.392943][T10104] veth0_macvtap: left promiscuous mode
[  708.398793][T10104] veth1_vlan: left promiscuous mode
[  708.413543][T10104] veth0_vlan: left promiscuous mode
[  708.757824][T11932] delete_channel: no stack
[  712.613254][T11959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1501'.
[  713.477685][T11966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1501'.
[  716.915504][T10104] team0 (unregistering): Port device team_slave_1 removed
[  717.514434][T10104] team0 (unregistering): Port device team_slave_0 removed
[  719.223421][T11952] netlink: 'syz.4.1499': attribute type 4 has an invalid length.
[  721.781915][T12020] overlayfs: failed to clone upperpath
[  721.792693][T11858] chnl_net:caif_netlink_parms(): no params data found
[  724.908340][T12055] ubi31: attaching mtd0
[  724.926577][T12055] ubi31 error: ubi_attach_mtd_dev: bad VID header (12288) or data offsets (12352)
[  725.562174][T11858] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.580507][T11858] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.601591][T11858] bridge_slave_0: entered allmulticast mode
[  725.625631][T11858] bridge_slave_0: entered promiscuous mode
[  725.664301][T11858] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.690475][T11858] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.721733][T11858] bridge_slave_1: entered allmulticast mode
[  725.736524][T11858] bridge_slave_1: entered promiscuous mode
[  725.825947][T11858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.861662][T11858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  726.101027][T12081] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  726.274484][T11858] team0: Port device team_slave_0 added
[  726.662998][T11858] team0: Port device team_slave_1 added
[  729.036883][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1533'.
[  729.190830][T12097] 8021q: adding VLAN 0 to HW filter on device bond1
[  729.217465][T11858] batman_adv: batadv0: Adding interface: batadv_slave_0
[  729.233058][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  729.813998][ T5913] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  729.854315][T11858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  729.882329][T11858] batman_adv: batadv0: Adding interface: batadv_slave_1
[  729.906963][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  729.988773][T11858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  730.118731][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  730.133112][ T5913] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  730.142222][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.157723][ T5913] usb 5-1: config 0 descriptor??
[  730.256258][T12117] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  733.480375][T11858] hsr_slave_0: entered promiscuous mode
[  733.606898][T11858] hsr_slave_1: entered promiscuous mode
[  733.713439][T11858] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  733.801758][T11858] Cannot create hsr debugfs directory
[  734.265495][T10117] usb 5-1: USB disconnect, device number 11
[  734.475095][T12134] netlink: 'syz.6.1542': attribute type 14 has an invalid length.
[  736.461821][T12152] team0: entered promiscuous mode
[  736.481144][T12152] team_slave_0: entered promiscuous mode
[  736.501164][T12152] team_slave_1: entered promiscuous mode
[  736.537773][T12152] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  736.554808][T12152] Cannot create hsr debugfs directory
[  736.571584][T12152] hsr1: entered allmulticast mode
[  736.584598][T12152] team0: entered allmulticast mode
[  736.611729][T12152] team_slave_0: entered allmulticast mode
[  736.663641][T12152] team_slave_1: entered allmulticast mode
[  736.679207][T12152] 8021q: adding VLAN 0 to HW filter on device hsr1
[  736.810345][T12157] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  737.317229][T12158] futex_wake_op: syz.5.1548 tries to shift op by 144; fix this program
[  737.490786][T11858] 8021q: adding VLAN 0 to HW filter on device bond0
[  737.570887][T11858] 8021q: adding VLAN 0 to HW filter on device team0
[  737.606432][T10100] bridge0: port 1(bridge_slave_0) entered blocking state
[  737.613747][T10100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  737.657421][ T7169] bridge0: port 2(bridge_slave_1) entered blocking state
[  737.664746][ T7169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  737.848470][T10117] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  738.053171][T10117] usb 5-1: Using ep0 maxpacket: 32
[  738.076484][T10117] usb 5-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  738.114357][T10117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.154427][T10117] usb 5-1: config 0 descriptor??
[  738.366790][T10117] usb 5-1: selecting invalid altsetting 3
[  738.817395][T10117] comedi comedi0: could not set alternate setting 3 in high speed
[  738.891080][T10117] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  738.908416][T10117] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22
[  739.137185][ T5925] usb 5-1: USB disconnect, device number 12
[  739.232789][T11858] 8021q: adding VLAN 0 to HW filter on device batadv0
[  741.668681][T11858] veth0_vlan: entered promiscuous mode
[  741.865699][T11858] veth1_vlan: entered promiscuous mode
[  742.912431][T11858] veth0_macvtap: entered promiscuous mode
[  743.105909][T11858] veth1_macvtap: entered promiscuous mode
[  744.181786][T11858] batman_adv: batadv0: Interface activated: batadv_slave_0
[  744.217089][T11858] batman_adv: batadv0: Interface activated: batadv_slave_1
[  744.388968][T12248] overlayfs: failed to resolve './file1': -2
[  745.509714][T10095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  745.541420][T10095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  745.601936][T10100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  745.616233][T10100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  747.353053][T12281] syz.4.1569: attempt to access beyond end of device
[  747.353053][T12281] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  747.366544][T12281] hfsplus: unable to find HFS+ superblock
[  747.446639][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  747.463878][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  747.819649][T10091] bridge_slave_1: left allmulticast mode
[  747.826524][T10091] bridge_slave_1: left promiscuous mode
[  747.832356][T10091] bridge0: port 2(bridge_slave_1) entered disabled state
[  748.878928][T12293] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  748.950666][T10091] bridge_slave_0: left allmulticast mode
[  748.950727][T10091] bridge_slave_0: left promiscuous mode
[  748.950956][T10091] bridge0: port 1(bridge_slave_0) entered disabled state
[  749.812972][T10117] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  750.333194][T10117] usb 5-1: Using ep0 maxpacket: 32
[  750.355013][T10117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.384903][T10117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  750.396507][T10117] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  750.407240][T10117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.506569][T10117] usb 5-1: config 0 descriptor??
[  750.521860][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  750.532333][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  750.541949][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  750.569695][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  750.589870][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  750.729868][T10091] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  750.744496][T10091] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  750.756615][T10091] bond0 (unregistering): Released all slaves
[  750.976628][T10117] ft260 0003:0403:6030.0008: item fetching failed at offset 0/2
[  750.996180][T10117] ft260 0003:0403:6030.0008: failed to parse HID
[  751.020801][T10117] ft260 0003:0403:6030.0008: probe with driver ft260 failed with error -22
[  751.232862][ T5880] usb 5-1: USB disconnect, device number 13
[  751.648068][T12341] ip6erspan0: entered promiscuous mode
[  751.803001][T10091] hsr_slave_0: left promiscuous mode
[  751.868556][T10091] hsr_slave_1: left promiscuous mode
[  751.896096][T10091] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  751.910579][T10091] batman_adv: batadv0: Removing interface: batadv_slave_0
[  751.946113][T10091] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  751.993620][T10091] batman_adv: batadv0: Removing interface: batadv_slave_1
[  752.720650][T10091] veth1_macvtap: left promiscuous mode
[  752.729552][T10091] veth0_macvtap: left promiscuous mode
[  752.737934][T10091] veth1_vlan: left promiscuous mode
[  752.743681][   T51] Bluetooth: hci2: command tx timeout
[  752.756510][T10091] veth0_vlan: left promiscuous mode
[  754.823338][   T51] Bluetooth: hci2: command tx timeout
[  756.882954][   T51] Bluetooth: hci2: command tx timeout
[  757.048292][T10091] team0 (unregistering): Port device team_slave_1 removed
[  757.099787][T10091] team0 (unregistering): Port device team_slave_0 removed
[  757.566747][T12356] batman_adv: batadv0: Adding interface: dummy0
[  757.573300][T12356] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  757.598879][T12356] batman_adv: batadv0: Interface activated: dummy0
[  757.615849][T12357] batadv0: mtu less than device minimum
[  757.623381][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.635654][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.647327][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.658728][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.670184][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.681562][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.693001][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.704281][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  757.715692][T12357] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  759.032846][   T51] Bluetooth: hci2: command tx timeout
[  759.942052][T12322] chnl_net:caif_netlink_parms(): no params data found
[  762.666842][T12322] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.055568][T12322] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.310110][T12322] bridge_slave_0: entered allmulticast mode
[  763.345122][T12322] bridge_slave_0: entered promiscuous mode
[  763.740710][T12322] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.796081][T12322] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.811861][T12322] bridge_slave_1: entered allmulticast mode
[  763.855135][T12322] bridge_slave_1: entered promiscuous mode
[  764.494298][T12468] vlan0: entered promiscuous mode
[  764.500252][T12468] vlan0: entered allmulticast mode
[  764.513762][T12468] hsr_slave_1: entered allmulticast mode
[  764.601824][T12322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  764.613092][T12468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'.
[  764.740377][T12322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  767.069315][T12322] team0: Port device team_slave_0 added
[  767.105985][T12322] team0: Port device team_slave_1 added
[  767.262005][T12322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  767.331522][T12322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.748730][T12322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  767.818686][T12322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  767.856092][T12322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.912854][T12322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  768.770120][T12322] hsr_slave_0: entered promiscuous mode
[  768.805178][T12322] hsr_slave_1: entered promiscuous mode
[  768.826665][T12322] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  768.837672][T12322] Cannot create hsr debugfs directory
[  769.227132][T12529] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1623'.
[  770.902092][T12562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1632'.
[  772.041059][T12322] 8021q: adding VLAN 0 to HW filter on device bond0
[  772.845913][T12322] 8021q: adding VLAN 0 to HW filter on device team0
[  772.877713][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.884953][ T6042] bridge0: port 1(bridge_slave_0) entered forwarding state
[  773.090618][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.097911][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state
[  773.450967][T12322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  773.566093][T12594] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1639'.
[  775.860481][T12322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  776.493502][T12626] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  776.886613][   T30] audit: type=1326 audit(1749735718.789:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12617 comm="syz.6.1643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04e258e929 code=0x7fc00000
[  777.162948][T10109] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  777.299763][T12644] use of bytesused == 0 is deprecated and will be removed in the future,
[  777.836650][T12644] use the actual size instead.
[  777.837532][T10109] usb 6-1: Using ep0 maxpacket: 32
[  777.869121][T12322] veth0_vlan: entered promiscuous mode
[  777.872556][T10109] usb 6-1: config 0 has an invalid interface number: 221 but max is 0
[  777.976953][T12322] veth1_vlan: entered promiscuous mode
[  777.979747][T10109] usb 6-1: config 0 has no interface number 0
[  778.174254][T10109] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  778.247723][T10109] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.256650][T10109] usb 6-1: Product: syz
[  778.261240][T10109] usb 6-1: Manufacturer: syz
[  778.264925][ T5913] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  778.266015][T10109] usb 6-1: SerialNumber: syz
[  778.287294][T10109] usb 6-1: config 0 descriptor??
[  778.606761][T12322] veth0_macvtap: entered promiscuous mode
[  778.641155][T12322] veth1_macvtap: entered promiscuous mode
[  779.343931][T10160] usb 6-1: USB disconnect, device number 11
[  779.359630][ T5913] usb 2-1: New USB device found, idVendor=0681, idProduct=0010, bcdDevice=6d.59
[  779.394206][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.409933][T12322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  779.464586][T12322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  779.619223][ T5913] usb 2-1: config 0 descriptor??
[  779.752596][T10098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  779.767238][T10098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  780.992167][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  781.025333][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  781.027448][T10160] usb 2-1: USB disconnect, device number 17
[  781.161225][T12684] overlayfs: failed to clone upperpath
[  784.351316][T12322] syz-executor (12322) used greatest stack depth: 19648 bytes left
[  784.600160][T10098] bridge_slave_1: left allmulticast mode
[  784.645707][T10098] bridge_slave_1: left promiscuous mode
[  784.689537][T10098] bridge0: port 2(bridge_slave_1) entered disabled state
[  784.798376][T10098] bridge_slave_0: left allmulticast mode
[  784.809313][T10098] bridge_slave_0: left promiscuous mode
[  784.824892][T10098] bridge0: port 1(bridge_slave_0) entered disabled state
[  785.060519][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x5610
[  785.077121][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc1) = 0x5610
[  785.096753][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x5720
[  785.105917][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x5720
[  785.158655][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x8060
[  785.171905][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x8060
[  785.233684][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xb060
[  785.253052][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0xb060
[  785.273542][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xb070
[  785.283957][T12722] kvm: kvm [12721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x187) = 0xb070
[  787.267719][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  787.279555][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  788.055079][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  788.293061][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  788.302319][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  788.447091][T10098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  788.609237][T10098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  788.829925][T10098] bond0 (unregistering): Released all slaves
[  790.412928][   T51] Bluetooth: hci2: command tx timeout
[  792.484189][   T51] Bluetooth: hci2: command tx timeout
[  793.173782][T12806] netlink: 'syz.6.1680': attribute type 10 has an invalid length.
[  793.210630][T12806] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1680'.
[  793.401671][T12806] bridge0: port 4(team0) entered blocking state
[  793.468385][T12806] bridge0: port 4(team0) entered disabled state
[  793.523810][T12806] net_ratelimit: 10 callbacks suppressed
[  793.523829][T12806] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  794.438915][T10098] hsr_slave_0: left promiscuous mode
[  794.450608][T10098] hsr_slave_1: left promiscuous mode
[  794.489734][T10098] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  794.498054][T10098] batman_adv: batadv0: Removing interface: batadv_slave_0
[  794.515468][T10098] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  794.537270][T10098] batman_adv: batadv0: Removing interface: batadv_slave_1
[  794.562970][   T51] Bluetooth: hci2: command tx timeout
[  794.825604][T10098] veth1_macvtap: left promiscuous mode
[  794.836315][T10098] veth0_macvtap: left promiscuous mode
[  794.849448][T10098] veth1_vlan: left promiscuous mode
[  794.869563][T10098] veth0_vlan: left promiscuous mode
[  796.713094][   T51] Bluetooth: hci2: command tx timeout
[  800.378577][T10098] team0 (unregistering): Port device team_slave_1 removed
[  800.796199][T10098] team0 (unregistering): Port device team_slave_0 removed
[  802.295187][T12894] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1698'.
[  806.389512][T12759] chnl_net:caif_netlink_parms(): no params data found
[  808.576092][T12759] bridge0: port 1(bridge_slave_0) entered blocking state
[  808.637448][T12759] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.645229][T12759] bridge_slave_0: entered allmulticast mode
[  808.653210][T12759] bridge_slave_0: entered promiscuous mode
[  808.667876][T12759] bridge0: port 2(bridge_slave_1) entered blocking state
[  808.675392][T12759] bridge0: port 2(bridge_slave_1) entered disabled state
[  808.683645][T12759] bridge_slave_1: entered allmulticast mode
[  808.704377][T12759] bridge_slave_1: entered promiscuous mode
[  808.736830][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  808.743690][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  808.767648][   T36] kworker/u8:2 (36) used greatest stack depth: 19560 bytes left
[  808.832154][T12941] ALSA: mixer_oss: invalid OSS volume '¢“ò¹œÃéÞ¨c">ø†<ö£/4¤'
[  808.923219][T12941] ALSA: mixer_oss: invalid OSS volume 'ÄNi)À·E{:ÊT%½cB'
[  809.510960][T12759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  809.608199][T12941] ALSA: mixer_oss: invalid OSS volume 'fEøà,MTÔóÝé‹8P„דT}¦'‘§Wàül©{'
[  809.617391][T12941] ALSA: mixer_oss: invalid OSS volume 'Áé;›y@¸]Ì>ë#óÒaèýÍ6\9/¸ü[Óø\'
[  809.628733][T12941] ALSA: mixer_oss: invalid OSS volume 'þçý¦� F÷�4ïõ|׃Œ‹|ò„t@ÜÕ'
[  809.637618][T12941] ALSA: mixer_oss: invalid OSS volume 'GJJ³Ý<­m¼œÒË7ÈÔ–N­F‚cͲaD¶¤÷'
[  809.767030][T12759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  811.167916][T12759] team0: Port device team_slave_0 added
[  811.195508][T12759] team0: Port device team_slave_1 added
[  811.932161][T12759] batman_adv: batadv0: Adding interface: batadv_slave_0
[  811.942389][T12759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.089387][T12759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  812.134410][T12759] batman_adv: batadv0: Adding interface: batadv_slave_1
[  812.146572][T12968] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  812.221038][T12759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.466901][T12759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  813.177581][T12759] hsr_slave_0: entered promiscuous mode
[  813.191346][T12759] hsr_slave_1: entered promiscuous mode
[  813.208924][T12759] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  813.221537][T12974] netlink: 'syz.6.1717': attribute type 4 has an invalid length.
[  813.249010][T12759] Cannot create hsr debugfs directory
[  814.410295][   T10] kworker/0:1 (10) used greatest stack depth: 15928 bytes left
[  814.582159][T12993] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  814.582159][T12993] The task syz.6.1719 (12993) triggered the difference, watch for misbehavior.
[  815.091066][T12996] xt_socket: unknown flags 0x4c
[  815.558468][T12759] 8021q: adding VLAN 0 to HW filter on device bond0
[  815.681251][T12759] 8021q: adding VLAN 0 to HW filter on device team0
[  815.740585][ T7169] bridge0: port 1(bridge_slave_0) entered blocking state
[  815.747898][ T7169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  815.946024][ T7169] bridge0: port 2(bridge_slave_1) entered blocking state
[  815.953404][ T7169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  818.081077][T12759] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  818.097102][T12759] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  821.754281][T12759] 8021q: adding VLAN 0 to HW filter on device batadv0
[  821.924582][T10117] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  822.612889][T10117] usb 5-1: Using ep0 maxpacket: 32
[  822.649560][T10117] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  822.678090][T10117] usb 5-1: config 0 has no interface number 0
[  822.694572][T10117] usb 5-1: config 0 interface 184 has no altsetting 0
[  822.741843][T10117] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  822.780363][T10117] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.819469][T10117] usb 5-1: Product: syz
[  822.834079][T10117] usb 5-1: Manufacturer: syz
[  822.838755][T10117] usb 5-1: SerialNumber: syz
[  822.901025][T10117] usb 5-1: config 0 descriptor??
[  822.934549][T10117] smsc75xx v1.0.0
[  822.943928][T10117] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  822.994014][T10117] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  825.411096][T12759] veth0_vlan: entered promiscuous mode
[  825.550562][T10117] usb 5-1: USB disconnect, device number 14
[  825.579386][T12759] veth1_vlan: entered promiscuous mode
[  825.711396][T12759] veth0_macvtap: entered promiscuous mode
[  825.771309][T12759] veth1_macvtap: entered promiscuous mode
[  825.833520][T12759] batman_adv: batadv0: Interface activated: batadv_slave_0
[  826.019105][T12759] batman_adv: batadv0: Interface activated: batadv_slave_1
[  826.863628][T13125] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1740'.
[  827.011705][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.058221][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  827.129618][T13130] tipc: Can't bind to reserved service type 2
[  827.163861][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.175241][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  830.865047][T10095] bridge_slave_1: left allmulticast mode
[  830.870874][T10095] bridge_slave_1: left promiscuous mode
[  830.913017][T10095] bridge0: port 2(bridge_slave_1) entered disabled state
[  830.945272][T10095] bridge_slave_0: left allmulticast mode
[  830.973098][T10095] bridge_slave_0: left promiscuous mode
[  830.981505][T10095] bridge0: port 1(bridge_slave_0) entered disabled state
[  831.578677][T13162] syz.1.1750: attempt to access beyond end of device
[  831.578677][T13162] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  831.592840][T13162] SQUASHFS error: Failed to read block 0x0: -5
[  831.599101][T13162] unable to read squashfs_super_block
[  831.979778][T10095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  831.991446][T10095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  832.001789][T10095] bond0 (unregistering): Released all slaves
[  833.484412][T10095] hsr_slave_0: left promiscuous mode
[  833.513909][T10095] hsr_slave_1: left promiscuous mode
[  833.520016][T10095] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  833.913115][T10095] batman_adv: batadv0: Removing interface: batadv_slave_0
[  833.929302][T10095] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  833.937822][T10095] batman_adv: batadv0: Removing interface: batadv_slave_1
[  833.983106][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  834.024242][T10095] veth1_macvtap: left promiscuous mode
[  834.030301][T10095] veth0_macvtap: left promiscuous mode
[  834.036842][T10095] veth1_vlan: left promiscuous mode
[  834.042533][T10095] veth0_vlan: left promiscuous mode
[  834.608266][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  834.617783][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  834.629057][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  834.639535][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  837.008360][T11394] Bluetooth: hci2: command tx timeout
[  839.014739][T10095] team0 (unregistering): Port device team_slave_1 removed
[  839.042966][T11394] Bluetooth: hci2: command tx timeout
[  839.088814][T13229] overlayfs: failed to clone upperpath
[  839.107079][T10095] team0 (unregistering): Port device team_slave_0 removed
[  840.817627][T13247] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1773'.
[  840.844455][T13247] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1773'.
[  840.860150][T13250] syz_tun: entered allmulticast mode
[  841.113936][T13248] syz_tun: left allmulticast mode
[  841.123823][   T51] Bluetooth: hci2: command tx timeout
[  841.129878][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  841.147566][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  841.156498][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  841.166023][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  841.174335][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  841.437267][T13186] chnl_net:caif_netlink_parms(): no params data found
[  841.704835][T13186] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.714565][T13186] bridge0: port 1(bridge_slave_0) entered disabled state
[  841.733636][T13186] bridge_slave_0: entered allmulticast mode
[  841.760484][T13186] bridge_slave_0: entered promiscuous mode
[  841.810999][T13186] bridge0: port 2(bridge_slave_1) entered blocking state
[  841.823762][T13186] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.832210][T13186] bridge_slave_1: entered allmulticast mode
[  841.847537][T13186] bridge_slave_1: entered promiscuous mode
[  841.978318][T13186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  842.042452][T13186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  842.169382][T13186] team0: Port device team_slave_0 added
[  842.210280][T13252] chnl_net:caif_netlink_parms(): no params data found
[  842.268639][T13186] team0: Port device team_slave_1 added
[  842.394608][T13186] batman_adv: batadv0: Adding interface: batadv_slave_0
[  842.407287][T13186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  842.450875][T13186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  842.578574][T13186] batman_adv: batadv0: Adding interface: batadv_slave_1
[  842.615366][T13186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  842.700380][T13186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  842.939098][T13186] hsr_slave_0: entered promiscuous mode
[  843.263107][T11394] Bluetooth: hci2: command tx timeout
[  843.269984][T13186] hsr_slave_1: entered promiscuous mode
[  843.288636][T11394] Bluetooth: hci3: command tx timeout
[  843.335611][T13186] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  843.352286][T13186] Cannot create hsr debugfs directory
[  843.440877][T13252] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.633569][T13252] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.640881][T13252] bridge_slave_0: entered allmulticast mode
[  843.665306][T13252] bridge_slave_0: entered promiscuous mode
[  843.678604][T13252] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.700632][T13252] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.727529][T13252] bridge_slave_1: entered allmulticast mode
[  843.753974][T13252] bridge_slave_1: entered promiscuous mode
[  845.363003][T11394] Bluetooth: hci3: command tx timeout
[  845.445968][T13252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  845.678520][T13252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  845.823522][T13252] team0: Port device team_slave_0 added
[  845.875369][T13252] team0: Port device team_slave_1 added
[  846.049720][T13252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  846.062485][T13252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  846.105135][T13252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  846.336821][T13252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  846.354696][T13252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  846.487216][T13310] xt_connbytes: Forcing CT accounting to be enabled
[  846.494239][T13310] set match dimension is over the limit!
[  846.736916][T13252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  846.950073][T13252] hsr_slave_0: entered promiscuous mode
[  846.972049][T13252] hsr_slave_1: entered promiscuous mode
[  847.108131][T13252] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  847.115891][T13252] Cannot create hsr debugfs directory
[  847.454225][T11394] Bluetooth: hci3: command tx timeout
[  849.632870][T11394] Bluetooth: hci3: command tx timeout
[  850.277525][T13186] 8021q: adding VLAN 0 to HW filter on device bond0
[  850.709031][T13186] 8021q: adding VLAN 0 to HW filter on device team0
[  851.429837][ T7169] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.437112][ T7169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  851.463773][ T7169] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.470962][ T7169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  851.615858][T13186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  851.689790][T13356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  851.758556][T13252] 8021q: adding VLAN 0 to HW filter on device bond0
[  851.840554][T13252] 8021q: adding VLAN 0 to HW filter on device team0
[  851.866918][T10098] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.874271][T10098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  852.375229][T10098] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.382457][T10098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  852.559443][T13367] overlayfs: failed to get inode (-116)
[  852.587135][T13367] overlayfs: failed to look up (bus) for ino (-116)
[  852.836043][T13186] 8021q: adding VLAN 0 to HW filter on device batadv0
[  854.975231][T13252] 8021q: adding VLAN 0 to HW filter on device batadv0
[  856.694926][T13411] gfs2: gfs2 mount does not exist
[  857.612808][   T43] IPVS: starting estimator thread 0...
[  857.722930][T13425] IPVS: using max 29 ests per chain, 69600 per kthread
[  857.731226][T13186] veth0_vlan: entered promiscuous mode
[  857.781818][T13186] veth1_vlan: entered promiscuous mode
[  857.881885][T13186] veth0_macvtap: entered promiscuous mode
[  857.909062][T13186] veth1_macvtap: entered promiscuous mode
[  857.944855][T13186] batman_adv: batadv0: Interface activated: batadv_slave_0
[  858.021301][T13186] batman_adv: batadv0: Interface activated: batadv_slave_1
[  858.308273][T13435] overlayfs: failed to resolve './file1': -2
[  858.450965][T13252] veth0_vlan: entered promiscuous mode
[  858.540297][T13252] veth1_vlan: entered promiscuous mode
[  858.585790][ T6287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  858.607603][ T6287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  858.649475][T13443] ip6tnl1: entered promiscuous mode
[  858.661468][T13443] ip6tnl1: entered allmulticast mode
[  858.720338][ T6287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  858.740940][ T6287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  858.801347][T13252] veth0_macvtap: entered promiscuous mode
[  858.837887][T13252] veth1_macvtap: entered promiscuous mode
[  858.890809][T13252] batman_adv: batadv0: Interface activated: batadv_slave_0
[  858.937757][T13252] batman_adv: batadv0: Interface activated: batadv_slave_1
[  859.580515][ T7169] bridge_slave_1: left allmulticast mode
[  859.591191][ T7169] bridge_slave_1: left promiscuous mode
[  859.600895][ T7169] bridge0: port 2(bridge_slave_1) entered disabled state
[  859.624020][ T5925] usb 2-1: new low-speed USB device number 18 using dummy_hcd
[  859.638498][ T7169] bridge_slave_0: left allmulticast mode
[  859.646338][ T7169] bridge_slave_0: left promiscuous mode
[  859.659246][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state
[  859.895385][ T5925] usb 2-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  859.912915][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.935638][ T5925] usb 2-1: config 0 descriptor??
[  859.954350][ T5925] lan78xx 2-1:0.0 (unnamed net_device) (uninitialized): USB bus speed not supported
[  859.970880][ T5925] lan78xx 2-1:0.0: probe with driver lan78xx failed with error -5
[  860.209776][ T5925] usb 2-1: USB disconnect, device number 18
[  860.279719][ T7169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  860.293436][ T7169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  860.306589][ T7169] bond0 (unregistering): Released all slaves
[  860.436204][T10098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.446830][T10098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  860.498870][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.509376][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  860.663137][ T7169] hsr_slave_0: left promiscuous mode
[  860.682309][ T7169] hsr_slave_1: left promiscuous mode
[  860.900737][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  860.922887][ T7169] batman_adv: batadv0: Removing interface: batadv_slave_0
[  860.958926][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  860.975043][ T7169] batman_adv: batadv0: Removing interface: batadv_slave_1
[  862.447380][ T7169] veth1_macvtap: left promiscuous mode
[  862.492927][ T7169] veth0_macvtap: left promiscuous mode
[  862.498657][ T7169] veth1_vlan: left promiscuous mode
[  862.529825][ T7169] veth0_vlan: left promiscuous mode
[  862.734250][T13471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  864.336361][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  864.357317][T13481] netlink: 'syz.1.1822': attribute type 5 has an invalid length.
[  864.358869][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  864.494683][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  864.878057][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  865.394109][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  865.535959][T13485] netlink: 'syz.5.1824': attribute type 1 has an invalid length.
[  865.758465][T13492] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1824'.
[  866.321189][ T7169] team0 (unregistering): Port device team_slave_1 removed
[  866.567964][ T7169] team0 (unregistering): Port device team_slave_0 removed
[  867.446204][T11394] Bluetooth: hci2: command tx timeout
[  868.193586][T13459] bridge0: port 3(erspan0) entered blocking state
[  868.213078][T13459] bridge0: port 3(erspan0) entered disabled state
[  868.220521][T13459] erspan0: entered allmulticast mode
[  868.236044][T13459] erspan0: entered promiscuous mode
[  868.250769][T13459] bridge0: port 3(erspan0) entered blocking state
[  868.257630][T13459] bridge0: port 3(erspan0) entered forwarding state
[  869.749618][T11394] Bluetooth: hci2: command tx timeout
[  869.791063][T13487] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  869.845193][ T6042] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  869.869719][T13488] 8021q: adding VLAN 0 to HW filter on device bond1
[  870.167085][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  870.177093][T13492] bond1 (unregistering): (slave ip6gretap1): Removing an active aggregator
[  870.575318][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  870.597508][T13492] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  870.609931][T13492] bond1 (unregistering): Released all slaves
[  870.776806][T13551] bridge0: port 2(dummy0) entered disabled state
[  871.972324][T11394] Bluetooth: hci2: command tx timeout
[  874.023780][   T51] Bluetooth: hci2: command tx timeout
[  874.522956][ T5925] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  874.703078][ T5925] usb 8-1: Using ep0 maxpacket: 16
[  874.907522][T13551] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  874.934777][T13551] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  874.948398][T13551] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  874.958230][T13551] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  877.638127][T13478] chnl_net:caif_netlink_parms(): no params data found
[  878.111626][ T5925] usb 8-1: unable to get BOS descriptor or descriptor too short
[  879.003702][ T5925] usb 8-1: unable to read config index 0 descriptor/start: -71
[  879.011382][ T5925] usb 8-1: can't read configurations, error -71
[  879.081338][ T5913] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  879.640003][ T5913] usb 6-1: Using ep0 maxpacket: 32
[  879.692758][T13623] syz.7.1850 (13623): drop_caches: 2
[  880.791350][ T5913] usb 6-1: device descriptor read/all, error -71
[  881.596377][T13478] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.747790][T13478] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.846694][T13478] bridge_slave_0: entered allmulticast mode
[  885.904115][T13478] bridge_slave_0: entered promiscuous mode
[  886.119253][T13478] bridge0: port 2(bridge_slave_1) entered blocking state
[  886.128705][T13478] bridge0: port 2(bridge_slave_1) entered disabled state
[  886.141435][T13478] bridge_slave_1: entered allmulticast mode
[  886.150605][T13478] bridge_slave_1: entered promiscuous mode
[  886.266587][T13651] binder: 13650:13651 ioctl c0306201 0 returned -14
[  886.446409][T13478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  886.514615][T13654] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  886.523931][T13654] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  886.532800][T13654] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  886.542304][T13654] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  887.684495][T13660] ubi31: attaching mtd0
[  887.702581][T13660] ubi31: scanning is finished
[  887.707501][T13660] ubi31: empty MTD device detected
[  888.554635][T13654] vxlan0: entered promiscuous mode
[  888.560037][T13654] vxlan0: entered allmulticast mode
[  888.577957][T13654] team0: Port device vxlan0 added
[  888.593857][T13478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  888.775187][T13660] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  889.025451][T13478] team0: Port device team_slave_0 added
[  889.397608][T13478] team0: Port device team_slave_1 added
[  890.152504][T13478] batman_adv: batadv0: Adding interface: batadv_slave_0
[  890.180839][T13478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  890.252013][T13478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  890.413814][T13478] batman_adv: batadv0: Adding interface: batadv_slave_1
[  890.420837][T13478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  890.765149][T13478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  891.459814][T13478] hsr_slave_0: entered promiscuous mode
[  891.497677][T13478] hsr_slave_1: entered promiscuous mode
[  891.506795][T13478] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  891.515322][T13478] Cannot create hsr debugfs directory
[  892.960514][T13719] lo speed is unknown, defaulting to 1000
[  892.966660][T13719] lo speed is unknown, defaulting to 1000
[  892.973594][T13719] lo speed is unknown, defaulting to 1000
[  892.995354][T13719] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  893.025351][T13719] lo speed is unknown, defaulting to 1000
[  893.033043][T13719] lo speed is unknown, defaulting to 1000
[  893.057411][T13719] lo speed is unknown, defaulting to 1000
[  893.066183][T13719] lo speed is unknown, defaulting to 1000
[  893.107519][T13719] lo speed is unknown, defaulting to 1000
[  893.133602][T13719] lo speed is unknown, defaulting to 1000
[  894.540688][T13478] 8021q: adding VLAN 0 to HW filter on device bond0
[  894.578897][T13478] 8021q: adding VLAN 0 to HW filter on device team0
[  895.212194][T13478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  895.224549][T13478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  895.245446][T10098] bridge0: port 1(bridge_slave_0) entered blocking state
[  895.252722][T10098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  895.265767][   T43] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  895.270082][T10098] bridge0: port 2(bridge_slave_1) entered blocking state
[  895.280569][T10098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  895.847336][   T43] usb 8-1: Using ep0 maxpacket: 32
[  895.858264][   T43] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  896.009628][   T43] usb 8-1: config 0 has no interface number 0
[  896.018289][   T43] usb 8-1: config 0 interface 184 has no altsetting 0
[  896.029512][   T43] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  896.043301][   T43] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  896.051340][   T43] usb 8-1: Product: syz
[  896.056988][   T43] usb 8-1: Manufacturer: syz
[  896.061631][   T43] usb 8-1: SerialNumber: syz
[  896.070421][   T43] usb 8-1: config 0 descriptor??
[  896.079217][   T43] smsc75xx v1.0.0
[  896.083580][   T43] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  896.095509][   T43] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22
[  897.334485][T13478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.479750][T10160] usb 8-1: USB disconnect, device number 4
[  897.982833][T10109] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  898.492961][T10109] usb 8-1: Using ep0 maxpacket: 16
[  898.521243][T10109] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  898.595426][T10109] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  898.673374][T10109] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  898.693536][T10109] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.728307][T10109] usb 8-1: config 0 descriptor??
[  899.358583][T13478] veth0_vlan: entered promiscuous mode
[  899.382280][T13478] veth1_vlan: entered promiscuous mode
[  899.506960][T13478] veth0_macvtap: entered promiscuous mode
[  899.516274][T13478] veth1_macvtap: entered promiscuous mode
[  899.621651][T13478] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.781177][T13478] batman_adv: batadv0: Interface activated: batadv_slave_1
[  900.851289][ T6042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  901.072030][ T6042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.495928][T10091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  901.504633][T10091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.541997][T10117] usb 8-1: USB disconnect, device number 5
[  903.306212][ T6287] bridge_slave_1: left allmulticast mode
[  903.311946][ T6287] bridge_slave_1: left promiscuous mode
[  903.363310][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state
[  903.396335][T10117] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  903.420985][ T6287] bridge_slave_0: left allmulticast mode
[  903.449489][ T6287] bridge_slave_0: left promiscuous mode
[  903.648197][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state
[  903.740828][T10117] usb 6-1: Using ep0 maxpacket: 32
[  903.757443][T10117] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  903.781565][T10117] usb 6-1: config 0 has no interface number 0
[  903.795629][T10117] usb 6-1: config 0 interface 184 has no altsetting 0
[  903.855591][T10117] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  903.907421][T10117] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.916351][T10117] usb 6-1: Product: syz
[  903.920702][T10117] usb 6-1: Manufacturer: syz
[  903.925959][T10117] usb 6-1: SerialNumber: syz
[  903.943601][T10117] usb 6-1: config 0 descriptor??
[  904.016072][T10117] smsc75xx v1.0.0
[  904.025839][T10117] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  904.037202][T10117] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  904.791425][T13841] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1903'.
[  904.801689][T13841] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  904.847722][ T6287] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  904.912590][ T6287] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  905.135080][ T6287] bond0 (unregistering): Released all slaves
[  906.412855][ T5901] usb 6-1: USB disconnect, device number 14
[  908.618372][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  908.636439][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  908.645972][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  908.666481][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  908.675509][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  908.761524][T13879] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1912'.
[  909.123390][T13880] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1912'.
[  910.723369][ T6287] hsr_slave_0: left promiscuous mode
[  910.737132][   T51] Bluetooth: hci2: command tx timeout
[  910.763601][ T6287] hsr_slave_1: left promiscuous mode
[  910.784191][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  910.833060][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0
[  910.886312][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  910.898639][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1
[  910.980979][ T6287] veth1_macvtap: left promiscuous mode
[  911.013173][ T6287] veth0_macvtap: left promiscuous mode
[  911.029496][ T6287] veth1_vlan: left promiscuous mode
[  911.052969][ T6287] veth0_vlan: left promiscuous mode
[  911.683070][T10117] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  911.874854][T10117] usb 8-1: Using ep0 maxpacket: 32
[  911.890412][T10117] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  911.902977][T10117] usb 8-1: config 0 has no interface number 0
[  911.937484][T10117] usb 8-1: config 0 interface 184 has no altsetting 0
[  911.987372][T10117] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  912.002895][T10117] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  912.021472][T10117] usb 8-1: Product: syz
[  912.026706][T10117] usb 8-1: Manufacturer: syz
[  912.033380][T10117] usb 8-1: SerialNumber: syz
[  912.057952][T10117] usb 8-1: config 0 descriptor??
[  912.095693][T10117] smsc75xx v1.0.0
[  912.099970][T10117] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  912.119973][T10117] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22
[  912.584509][ T6287] team0 (unregistering): Port device team_slave_1 removed
[  912.690079][ T6287] team0 (unregistering): Port device team_slave_0 removed
[  912.803034][   T51] Bluetooth: hci2: command tx timeout
[  913.108300][T13908] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1920'.
[  913.733265][T13911] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  914.459741][T13873] lo speed is unknown, defaulting to 1000
[  914.882853][   T51] Bluetooth: hci2: command tx timeout
[  915.771143][T10109] usb 8-1: USB disconnect, device number 6
[  917.099815][   T51] Bluetooth: hci2: command tx timeout
[  917.167352][T13873] chnl_net:caif_netlink_parms(): no params data found
[  918.035337][T13873] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.076962][T13873] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.099263][T13873] bridge_slave_0: entered allmulticast mode
[  918.111665][T13873] bridge_slave_0: entered promiscuous mode
[  918.359957][T13873] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.367800][T13873] bridge0: port 2(bridge_slave_1) entered disabled state
[  918.375496][T13873] bridge_slave_1: entered allmulticast mode
[  918.389762][T13873] bridge_slave_1: entered promiscuous mode
[  918.915273][T13873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  918.965972][T13873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  919.819372][T13873] team0: Port device team_slave_0 added
[  919.861039][T13873] team0: Port device team_slave_1 added
[  920.011769][T13873] batman_adv: batadv0: Adding interface: batadv_slave_0
[  920.026653][T13873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  920.178295][T13873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  920.191413][T13873] batman_adv: batadv0: Adding interface: batadv_slave_1
[  920.198921][T13873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  920.278952][T13873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  922.479797][T13873] hsr_slave_0: entered promiscuous mode
[  922.506828][T13873] hsr_slave_1: entered promiscuous mode
[  922.518397][T13873] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  922.526719][T13873] Cannot create hsr debugfs directory
[  924.318590][T14016] macvlan0: entered promiscuous mode
[  924.350904][T14016] netlink: 'syz.7.1945': attribute type 1 has an invalid length.
[  924.401129][T14016] netlink: 'syz.7.1945': attribute type 2 has an invalid length.
[  924.435494][T13873] 8021q: adding VLAN 0 to HW filter on device bond0
[  924.823783][T13873] 8021q: adding VLAN 0 to HW filter on device team0
[  924.852917][ T6175] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.860144][ T6175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  924.883415][T10117] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  924.908268][T13517] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.915481][T13517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.135047][T10117] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  925.348441][T10117] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  925.385935][T10117] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  925.820471][T10117] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  925.839979][T10117] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  925.854854][T10117] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  925.881694][T10117] usb 8-1: Product: syz
[  925.906851][T10117] usb 8-1: Manufacturer: syz
[  926.144497][T10117] cdc_wdm 8-1:1.0: skipping garbage
[  926.168066][T10117] cdc_wdm 8-1:1.0: skipping garbage
[  926.181256][T10117] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  926.225686][T10117] cdc_wdm 8-1:1.0: Unknown control protocol
[  926.460336][T10117] usb 8-1: USB disconnect, device number 7
[  926.707657][T13873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  928.344500][T14060] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1955'.
[  929.461990][T13873] veth0_vlan: entered promiscuous mode
[  929.646397][T13873] veth1_vlan: entered promiscuous mode
[  930.009480][T14070] xt_hashlimit: size too large, truncated to 1048576
[  930.208178][T13873] veth0_macvtap: entered promiscuous mode
[  930.265636][T13873] veth1_macvtap: entered promiscuous mode
[  930.551091][T13873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  930.600200][T13873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  930.974337][T14082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1960'.
[  931.583816][T10091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  931.592095][ T7169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  931.609727][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.633577][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  931.663515][T10091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  931.671069][ T7169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  932.594876][T14096] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1965'.
[  932.646132][ T6287] bridge_slave_1: left allmulticast mode
[  932.664544][ T6287] bridge_slave_1: left promiscuous mode
[  932.680298][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.748420][ T6287] bridge_slave_0: left allmulticast mode
[  932.765188][ T6287] bridge_slave_0: left promiscuous mode
[  932.781751][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state
[  932.873293][T10109] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  933.445573][T10109] usb 8-1: config 0 has an invalid interface number: 32 but max is 0
[  933.474901][T10109] usb 8-1: config 0 has no interface number 0
[  933.497043][T10109] usb 8-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  933.536188][T10109] usb 8-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  933.551566][T10109] usb 8-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  933.561908][T10109] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  933.584503][T10109] usb 8-1: config 0 descriptor??
[  933.992287][ T6287] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  934.004549][ T6287] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  934.017622][ T6287] bond0 (unregistering): Released all slaves
[  934.059719][T10109] logitech-djreceiver 0003:046D:C71B.0009: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.7-1/input32
[  934.256629][T10109] usb 8-1: USB disconnect, device number 8
[  934.316544][ T6287] hsr_slave_0: left promiscuous mode
[  934.326480][ T6287] hsr_slave_1: left promiscuous mode
[  934.336378][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  934.343941][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0
[  934.351924][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  934.361166][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1
[  934.628249][ T6287] veth1_macvtap: left promiscuous mode
[  934.637467][ T6287] veth0_macvtap: left promiscuous mode
[  934.645968][ T6287] veth1_vlan: left promiscuous mode
[  934.651337][ T6287] veth0_vlan: left promiscuous mode
[  936.527178][T14118] xt_hashlimit: size too large, truncated to 1048576
[  936.721302][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  936.734649][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  936.744124][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  936.762268][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  936.924054][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  939.038275][   T51] Bluetooth: hci2: command tx timeout
[  940.490491][T14153] Invalid source name
[  940.494821][T14153] UBIFS error (pid: 14153): cannot open "./file0", error -22
[  941.133680][   T51] Bluetooth: hci2: command tx timeout
[  943.076843][ T6287] team0 (unregistering): Port device team_slave_1 removed
[  943.389407][   T51] Bluetooth: hci2: command tx timeout
[  943.870072][ T6287] team0 (unregistering): Port device team_slave_0 removed
[  944.613301][T14182] ubi31: attaching mtd0
[  944.625541][T14182] ubi31: scanning is finished
[  945.447934][   T51] Bluetooth: hci2: command tx timeout
[  945.506540][T14182] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  947.171751][T14124] lo speed is unknown, defaulting to 1000
[  950.123470][T14229] xt_nat: multiple ranges no longer supported
[  951.311997][T14124] chnl_net:caif_netlink_parms(): no params data found
[  952.342971][T14237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  952.359389][T14246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  953.306957][T14124] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.321506][T14124] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.347922][T14124] bridge_slave_0: entered allmulticast mode
[  953.376888][T14124] bridge_slave_0: entered promiscuous mode
[  953.397675][T14124] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.412360][T14124] bridge0: port 2(bridge_slave_1) entered disabled state
[  953.421918][T14124] bridge_slave_1: entered allmulticast mode
[  953.468665][T14124] bridge_slave_1: entered promiscuous mode
[  954.537148][T14124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  954.917327][T14124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  955.300190][T14282] xt_TCPMSS: Only works on TCP SYN packets
[  956.906438][T14292] xt_socket: unknown flags 0x50
[  956.951299][T14296] netlink: 'syz.1.2011': attribute type 1 has an invalid length.
[  957.491192][T14124] team0: Port device team_slave_0 added
[  957.577956][T14299] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  957.596188][T10095] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  957.616431][T14303] 8021q: adding VLAN 0 to HW filter on device bond1
[  957.626061][T14124] team0: Port device team_slave_1 added
[  957.876706][T10091] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  959.308378][T14124] batman_adv: batadv0: Adding interface: batadv_slave_0
[  959.315890][T14124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  959.985400][T14124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  959.999311][T14124] batman_adv: batadv0: Adding interface: batadv_slave_1
[  960.006833][T14124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  960.033168][T14124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  961.844265][T14124] hsr_slave_0: entered promiscuous mode
[  961.851662][T14124] hsr_slave_1: entered promiscuous mode
[  962.006992][T14340] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2021'.
[  962.511456][T14124] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  962.575559][T14124] Cannot create hsr debugfs directory
[  963.409294][T14354] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  964.253314][T14357] netfs: Couldn't get user pages (rc=-14)
[  964.700244][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  965.028927][T14124] 8021q: adding VLAN 0 to HW filter on device bond0
[  965.070826][T14380] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2032'.
[  965.088304][T14124] 8021q: adding VLAN 0 to HW filter on device team0
[  965.104531][T13517] bridge0: port 1(bridge_slave_0) entered blocking state
[  965.111727][T13517] bridge0: port 1(bridge_slave_0) entered forwarding state
[  965.125287][T14377] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2033'.
[  965.145811][T14380] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2032'.
[  965.414877][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state
[  965.422107][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state
[  965.777232][T14384] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  966.100269][T14124] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  969.059064][T14124] 8021q: adding VLAN 0 to HW filter on device batadv0
[  969.276826][T14417] netlink: 'syz.5.2039': attribute type 11 has an invalid length.
[  970.708260][T14433] lo speed is unknown, defaulting to 1000
[  970.714664][T14433] lo speed is unknown, defaulting to 1000
[  970.725408][T14433] lo speed is unknown, defaulting to 1000
[  970.771846][T14433] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  972.006626][T14433] lo speed is unknown, defaulting to 1000
[  972.124978][T14433] lo speed is unknown, defaulting to 1000
[  972.140072][T14433] lo speed is unknown, defaulting to 1000
[  972.148017][T14124] veth0_vlan: entered promiscuous mode
[  972.160993][T14433] lo speed is unknown, defaulting to 1000
[  972.169014][T14124] veth1_vlan: entered promiscuous mode
[  972.179891][T14433] lo speed is unknown, defaulting to 1000
[  972.196226][T14433] lo speed is unknown, defaulting to 1000
[  972.267144][T14124] veth0_macvtap: entered promiscuous mode
[  972.288104][T14437] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2045'.
[  972.315022][T14124] veth1_macvtap: entered promiscuous mode
[  972.396200][T14124] batman_adv: batadv0: Interface activated: batadv_slave_0
[  972.696280][T14124] batman_adv: batadv0: Interface activated: batadv_slave_1
[  974.024526][ T7169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.062095][ T7169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  974.631576][T10095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.672195][T10095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  974.723726][T10117] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  975.379050][T10117] usb 6-1: Using ep0 maxpacket: 32
[  975.538193][T10117] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  975.546571][T10117] usb 6-1: config 0 has no interface number 0
[  975.553226][T10117] usb 6-1: config 0 interface 184 has no altsetting 0
[  975.740493][T10117] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  975.886321][T10117] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.896387][T10117] usb 6-1: Product: syz
[  975.901019][T10117] usb 6-1: Manufacturer: syz
[  975.906424][T10117] usb 6-1: SerialNumber: syz
[  976.414162][T10117] usb 6-1: config 0 descriptor??
[  976.440039][T10117] smsc75xx v1.0.0
[  976.449153][T10117] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  976.474649][ T3979] bridge_slave_1: left allmulticast mode
[  976.481283][ T3979] bridge_slave_1: left promiscuous mode
[  976.488063][ T3979] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.511238][ T3979] bridge_slave_0: left allmulticast mode
[  976.517358][ T3979] bridge_slave_0: left promiscuous mode
[  976.524212][ T3979] bridge0: port 1(bridge_slave_0) entered disabled state
[  976.534018][T10117] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  977.106731][ T3979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  977.118673][ T3979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  977.130662][ T3979] bond0 (unregistering): Released all slaves
[  977.410282][ T3979] hsr_slave_0: left promiscuous mode
[  977.419595][ T3979] hsr_slave_1: left promiscuous mode
[  977.426089][ T3979] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  977.434632][ T3979] batman_adv: batadv0: Removing interface: batadv_slave_0
[  977.444204][ T3979] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  977.451623][ T3979] batman_adv: batadv0: Removing interface: batadv_slave_1
[  977.478161][ T3979] veth1_macvtap: left promiscuous mode
[  977.483996][ T3979] veth0_macvtap: left promiscuous mode
[  977.489597][ T3979] veth1_vlan: left promiscuous mode
[  977.495487][ T3979] veth0_vlan: left promiscuous mode
[  977.700757][ T5925] usb 6-1: USB disconnect, device number 15
[  979.625095][T14497] netlink: 'syz.6.2062': attribute type 21 has an invalid length.
[  980.776263][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  980.787962][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  980.796880][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  980.806187][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  980.814748][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  981.497627][ T3979] team0 (unregistering): Port device team_slave_1 removed
[  981.532917][ T5925] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  981.557485][ T3979] team0 (unregistering): Port device team_slave_0 removed
[  981.787715][ T5925] usb 8-1: config 0 has no interfaces?
[  981.797010][ T5925] usb 8-1: New USB device found, idVendor=145f, idProduct=013a, bcdDevice= 5.86
[  981.807411][ T5925] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  981.816179][ T5925] usb 8-1: Product: syz
[  981.820734][ T5925] usb 8-1: Manufacturer: syz
[  981.825597][ T5925] usb 8-1: SerialNumber: syz
[  981.834877][ T5925] usb 8-1: config 0 descriptor??
[  982.126776][ T5925] usb 8-1: USB disconnect, device number 9
[  982.199510][T14497] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2062'.
[  982.258031][T14508] lo speed is unknown, defaulting to 1000
[  982.265895][T14508] lo speed is unknown, defaulting to 1000
[  982.883084][   T51] Bluetooth: hci2: command tx timeout
[  983.064512][T14508] chnl_net:caif_netlink_parms(): no params data found
[  984.122521][T14508] bridge0: port 1(bridge_slave_0) entered blocking state
[  984.453583][T14508] bridge0: port 1(bridge_slave_0) entered disabled state
[  984.460901][T14508] bridge_slave_0: entered allmulticast mode
[  984.484237][T14508] bridge_slave_0: entered promiscuous mode
[  984.501349][T14508] bridge0: port 2(bridge_slave_1) entered blocking state
[  984.509309][T14508] bridge0: port 2(bridge_slave_1) entered disabled state
[  984.516741][T14508] bridge_slave_1: entered allmulticast mode
[  984.525191][T14508] bridge_slave_1: entered promiscuous mode
[  984.639037][T14508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  984.654600][T14508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  984.962836][   T51] Bluetooth: hci2: command tx timeout
[  985.023425][T14508] team0: Port device team_slave_0 added
[  985.244717][T14508] team0: Port device team_slave_1 added
[  985.665527][T14508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  985.725782][T14508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  986.007777][T14508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  986.969877][T14508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  986.990229][T14508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  987.042999][   T51] Bluetooth: hci2: command tx timeout
[  987.058922][T14508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  987.288179][T14567] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  987.297745][T14567] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  987.307476][T14567] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  987.677232][   T30] audit: type=1800 audit(1749735929.189:125): pid=14567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2080" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  989.125696][   T51] Bluetooth: hci2: command tx timeout
[  989.991556][T14508] hsr_slave_0: entered promiscuous mode
[  989.999821][T14508] hsr_slave_1: entered promiscuous mode
[  990.006400][T14508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  990.014102][T14508] Cannot create hsr debugfs directory
[  993.048868][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  993.057548][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  993.644271][T10117] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  993.667729][T14599] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  993.812736][T10117] usb 6-1: Using ep0 maxpacket: 32
[  993.895662][T10117] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  993.912757][T10117] usb 6-1: config 0 has no interface number 0
[  993.919416][T10117] usb 6-1: config 0 interface 184 has no altsetting 0
[  994.273587][T10117] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  994.295869][T10117] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.323283][T10117] usb 6-1: Product: syz
[  994.338064][T10117] usb 6-1: Manufacturer: syz
[  994.397698][T10117] usb 6-1: SerialNumber: syz
[  994.422172][T10117] usb 6-1: config 0 descriptor??
[  994.465729][T10117] smsc75xx v1.0.0
[  994.471632][T10117] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  994.486161][T10117] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  994.638173][T14508] 8021q: adding VLAN 0 to HW filter on device bond0
[  994.912113][T14508] 8021q: adding VLAN 0 to HW filter on device team0
[  995.671210][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.678510][ T6042] bridge0: port 1(bridge_slave_0) entered forwarding state
[  995.960570][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.967905][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state
[  996.704712][T14508] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  996.715327][T14508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  997.125358][T10117] usb 6-1: USB disconnect, device number 16
[  997.661473][T14646] xt_hashlimit: size too large, truncated to 1048576
[  998.021337][T14657] rdma_rxe: rxe_newlink: failed to add lo
[  998.356947][T14659] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2098'.
[  998.825403][T14508] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1001.358639][T14508] veth0_vlan: entered promiscuous mode
[ 1001.412404][T14508] veth1_vlan: entered promiscuous mode
[ 1001.975371][T14508] veth0_macvtap: entered promiscuous mode
[ 1002.010030][T14508] veth1_macvtap: entered promiscuous mode
[ 1002.071199][T14508] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1002.106344][T14508] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1002.150472][T14692] batman_adv: batadv0: Interface deactivated: dummy0
[ 1002.171927][T14692] batman_adv: batadv0: Removing interface: dummy0
[ 1002.173361][T14694] netlink: 'syz.5.2104': attribute type 10 has an invalid length.
[ 1002.222473][T10117] lo speed is unknown, defaulting to 1000
[ 1002.667769][T14694] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1002.711313][T14694] team0: Port device bond0 added
[ 1002.759549][T14692] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2104'.
[ 1003.708516][T14692] team0 (unregistering): Port device bond0 removed
[ 1003.983077][ T3979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1004.152924][ T3979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1004.164879][T13517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1004.181555][T13517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.237758][   T65] bridge_slave_1: left allmulticast mode
[ 1007.388648][   T65] bridge_slave_1: left promiscuous mode
[ 1007.416120][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1008.338625][T14740] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2118'.
[ 1008.384287][   T65] bridge_slave_0: left allmulticast mode
[ 1008.411059][   T65] bridge_slave_0: left promiscuous mode
[ 1008.437227][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1009.412851][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1009.834542][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1009.864962][   T65] bond0 (unregistering): Released all slaves
[ 1011.368429][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2121'.
[ 1011.380841][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2121'.
[ 1011.390057][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2121'.
[ 1011.399519][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2121'.
[ 1011.482130][   T65] hsr_slave_0: left promiscuous mode
[ 1012.140792][   T65] hsr_slave_1: left promiscuous mode
[ 1012.150229][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1012.158550][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1012.167761][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1012.189776][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1012.197901][T11394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1012.215970][T11394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1012.229957][T11394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1012.257496][T11394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1012.479633][T11394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1012.494673][   T65] veth1_macvtap: left promiscuous mode
[ 1012.500276][   T65] veth0_macvtap: left promiscuous mode
[ 1012.506538][   T65] veth1_vlan: left promiscuous mode
[ 1012.511903][   T65] veth0_vlan: left promiscuous mode
[ 1013.032702][T14776] siw: device registration error -23
[ 1013.603127][T14780] input: syz0 as /devices/virtual/input/input16
[ 1014.462893][T14789] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2126'.
[ 1014.463581][T14792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2126'.
[ 1014.563163][T11394] Bluetooth: hci2: command tx timeout
[ 1015.151081][   T65] team0 (unregistering): Port device team_slave_1 removed
[ 1015.203835][   T65] team0 (unregistering): Port device team_slave_0 removed
[ 1015.923589][T14763] lo speed is unknown, defaulting to 1000
[ 1015.931070][T14763] lo speed is unknown, defaulting to 1000
[ 1016.804075][T11394] Bluetooth: hci2: command tx timeout
[ 1017.727612][ T5901] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1017.951608][ T5901] usb 8-1: device descriptor read/64, error -71
[ 1018.225460][ T5901] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1018.663226][ T5901] usb 8-1: device descriptor read/64, error -71
[ 1018.686624][T14763] chnl_net:caif_netlink_parms(): no params data found
[ 1018.809061][ T5901] usb usb8-port1: attempt power cycle
[ 1018.893123][T11394] Bluetooth: hci2: command tx timeout
[ 1018.956649][   T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1018.966462][   T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1018.977596][   T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1018.991342][   T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1019.044625][   T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1020.963664][T11394] Bluetooth: hci2: command tx timeout
[ 1020.998509][T14763] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.006644][T14851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1021.033796][T14763] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.116443][T14763] bridge_slave_0: entered allmulticast mode
[ 1021.129172][T11394] Bluetooth: hci6: command tx timeout
[ 1021.301920][T14763] bridge_slave_0: entered promiscuous mode
[ 1021.536511][T14763] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.666381][T14763] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.825125][T14763] bridge_slave_1: entered allmulticast mode
[ 1021.847301][T14763] bridge_slave_1: entered promiscuous mode
[ 1022.295939][T14763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1022.309734][T14763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1022.324621][T14829] lo speed is unknown, defaulting to 1000
[ 1022.835501][T14829] lo speed is unknown, defaulting to 1000
[ 1023.213110][T11394] Bluetooth: hci6: command tx timeout
[ 1023.270428][T14763] team0: Port device team_slave_0 added
[ 1023.325611][T14763] team0: Port device team_slave_1 added
[ 1023.659473][T14763] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1024.683626][T14763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1024.720342][T14763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1024.799340][T14763] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1024.821836][T14763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1024.912003][T14763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1025.458797][T11394] Bluetooth: hci6: command tx timeout
[ 1027.522922][T11394] Bluetooth: hci6: command tx timeout
[ 1027.567917][T14763] hsr_slave_0: entered promiscuous mode
[ 1028.539884][T14763] hsr_slave_1: entered promiscuous mode
[ 1028.546480][T14763] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1028.554157][T14763] Cannot create hsr debugfs directory
[ 1031.409490][T14829] chnl_net:caif_netlink_parms(): no params data found
[ 1032.628467][T14829] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1032.639300][T14829] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1032.651555][T14829] bridge_slave_0: entered allmulticast mode
[ 1032.674285][T14829] bridge_slave_0: entered promiscuous mode
[ 1033.278549][T14829] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1033.318796][T14829] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1033.333114][T14829] bridge_slave_1: entered allmulticast mode
[ 1033.340942][T14829] bridge_slave_1: entered promiscuous mode
[ 1033.565315][T14763] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1033.586110][T14763] 8021q: adding VLAN 0 to HW filter on device team0
[ 1033.965493][T14930] --map-set only usable from mangle table
[ 1034.091476][T14829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1034.109820][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1034.117056][ T6042] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1034.136647][T14829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1034.357729][T14829] team0: Port device team_slave_0 added
[ 1034.387244][T14829] team0: Port device team_slave_1 added
[ 1034.650457][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1034.657757][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1035.196653][T14942] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1035.363565][T14829] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1035.389321][T14829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1035.416666][T14829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1035.541065][T14829] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1035.555783][T14829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1035.592021][T14829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1036.756807][T14829] hsr_slave_0: entered promiscuous mode
[ 1036.801113][T14829] hsr_slave_1: entered promiscuous mode
[ 1036.815184][T14829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1036.851944][T14829] Cannot create hsr debugfs directory
[ 1039.533361][T14763] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1040.002212][T14829] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1040.092509][T14829] 8021q: adding VLAN 0 to HW filter on device team0
[ 1040.159697][T13517] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1040.166987][T13517] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1040.511640][T13517] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1040.518933][T13517] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1040.977155][T14996] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1041.859952][T14763] veth0_vlan: entered promiscuous mode
[ 1041.900438][T14763] veth1_vlan: entered promiscuous mode
[ 1042.096869][T14763] veth0_macvtap: entered promiscuous mode
[ 1042.129698][T14829] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1042.395392][T14763] veth1_macvtap: entered promiscuous mode
[ 1043.268234][T14763] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1043.282063][T14763] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1043.531244][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1043.549790][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1043.632180][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1043.642860][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1044.341632][ T7169] bridge_slave_1: left allmulticast mode
[ 1044.362872][ T7169] bridge_slave_1: left promiscuous mode
[ 1044.893992][ T7169] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.948520][ T7169] bridge_slave_0: left allmulticast mode
[ 1044.963935][ T7169] bridge_slave_0: left promiscuous mode
[ 1044.969768][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1046.026552][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1046.037258][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1046.049386][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1046.059914][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1046.068442][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1046.197013][ T7169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1046.210380][ T7169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1046.221324][ T7169] bond0 (unregistering): Released all slaves
[ 1046.305397][T15032] lo speed is unknown, defaulting to 1000
[ 1046.340804][T14829] veth0_vlan: entered promiscuous mode
[ 1046.349861][T15032] lo speed is unknown, defaulting to 1000
[ 1046.361341][T14829] veth1_vlan: entered promiscuous mode
[ 1046.592150][T14829] veth0_macvtap: entered promiscuous mode
[ 1046.640722][T14829] veth1_macvtap: entered promiscuous mode
[ 1046.668850][ T7169] hsr_slave_0: left promiscuous mode
[ 1046.675307][ T7169] hsr_slave_1: left promiscuous mode
[ 1046.681198][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1046.689213][ T7169] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1046.697987][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1046.705822][ T7169] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1046.729307][ T7169] veth1_macvtap: left promiscuous mode
[ 1046.734989][ T7169] veth0_macvtap: left promiscuous mode
[ 1046.740699][ T7169] veth1_vlan: left promiscuous mode
[ 1046.746343][ T7169] veth0_vlan: left promiscuous mode
[ 1048.162907][   T51] Bluetooth: hci2: command tx timeout
[ 1048.225152][   T30] audit: type=1326 audit(1749735990.129:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1048.291325][   T30] audit: type=1326 audit(1749735990.149:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1048.385817][   T30] audit: type=1326 audit(1749735990.149:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1048.595586][   T30] audit: type=1326 audit(1749735990.149:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1049.387276][   T30] audit: type=1326 audit(1749735990.149:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1049.488802][   T30] audit: type=1326 audit(1749735990.159:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fba1078e963 code=0x7ffc0000
[ 1049.510436][   T30] audit: type=1326 audit(1749735990.159:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fba1078e963 code=0x7ffc0000
[ 1049.533163][   T30] audit: type=1326 audit(1749735990.159:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1049.554889][   T30] audit: type=1326 audit(1749735990.159:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1049.578867][T11394] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1049.922245][   T30] audit: type=1326 audit(1749735990.159:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15049 comm="syz.7.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1078e929 code=0x7ffc0000
[ 1049.937512][T11394] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1049.953299][T11394] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1050.019687][T11394] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1050.384922][T13254] Bluetooth: hci2: command tx timeout
[ 1050.412368][T13254] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1052.723039][   T51] Bluetooth: hci2: command tx timeout
[ 1052.728586][   T51] Bluetooth: hci7: command tx timeout
[ 1053.590620][ T7169] team0 (unregistering): Port device team_slave_1 removed
[ 1053.751340][ T7169] team0 (unregistering): Port device team_slave_0 removed
[ 1054.584430][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.591979][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.806364][   T51] Bluetooth: hci7: command tx timeout
[ 1054.819748][T13254] Bluetooth: hci2: command tx timeout
[ 1056.110406][T15032] chnl_net:caif_netlink_parms(): no params data found
[ 1056.222041][T14829] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1056.336418][T14829] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1056.459861][T15060] lo speed is unknown, defaulting to 1000
[ 1056.990567][T13254] Bluetooth: hci7: command tx timeout
[ 1057.001555][T15060] lo speed is unknown, defaulting to 1000
[ 1057.623002][T15032] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1057.630237][T15032] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1057.689973][T15032] bridge_slave_0: entered allmulticast mode
[ 1057.707507][T15032] bridge_slave_0: entered promiscuous mode
[ 1057.716173][T15032] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1057.724144][T15032] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1057.731666][T15032] bridge_slave_1: entered allmulticast mode
[ 1057.754249][T15032] bridge_slave_1: entered promiscuous mode
[ 1058.769693][T15032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1058.788654][T15032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1058.866536][T15032] team0: Port device team_slave_0 added
[ 1059.043220][T13254] Bluetooth: hci7: command tx timeout
[ 1059.170965][T15032] team0: Port device team_slave_1 added
[ 1059.517367][ T6042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1059.539541][ T6042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.604076][T15032] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1059.623087][T15032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1059.661632][T15032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1059.680298][T15032] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1059.701041][T15032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1059.736035][T15032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1060.006332][ T6287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1060.031972][ T6287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1061.148520][T15032] hsr_slave_0: entered promiscuous mode
[ 1061.155888][T15032] hsr_slave_1: entered promiscuous mode
[ 1061.171557][T15032] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1061.182732][T15032] Cannot create hsr debugfs directory
[ 1062.888782][T15060] chnl_net:caif_netlink_parms(): no params data found
[ 1063.216708][T15154] xt_hashlimit: size too large, truncated to 1048576
[ 1066.103720][T15060] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1066.113136][T15060] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1066.120360][T15060] bridge_slave_0: entered allmulticast mode
[ 1066.136478][T15060] bridge_slave_0: entered promiscuous mode
[ 1066.146240][T15060] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1066.153830][T15060] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1066.161448][T15060] bridge_slave_1: entered allmulticast mode
[ 1066.170287][T15060] bridge_slave_1: entered promiscuous mode
[ 1066.752514][T15060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1066.790349][T15060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1066.875846][T15060] team0: Port device team_slave_0 added
[ 1066.926535][T15060] team0: Port device team_slave_1 added
[ 1067.114614][T15060] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1067.122096][T15060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1067.153634][T15060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1067.184914][T15060] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1067.199379][T15060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1067.236423][T15060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1067.400578][T15060] hsr_slave_0: entered promiscuous mode
[ 1067.745913][T15060] hsr_slave_1: entered promiscuous mode
[ 1067.752393][T15060] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1067.868565][T15060] Cannot create hsr debugfs directory
[ 1068.429085][T15032] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1068.770217][T15205] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[ 1070.095360][T15032] 8021q: adding VLAN 0 to HW filter on device team0
[ 1070.163466][T10091] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1070.170754][T10091] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1070.271372][T10091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1070.278626][T10091] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1070.617243][T15222] xt_hashlimit: size too large, truncated to 1048576
[ 1071.531861][T15060] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1071.617408][T15060] 8021q: adding VLAN 0 to HW filter on device team0
[ 1071.659471][ T6175] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1071.666732][ T6175] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1071.741523][ T6175] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1071.748822][ T6175] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1072.369862][T15032] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1074.980140][T15060] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1075.697843][T15032] veth0_vlan: entered promiscuous mode
[ 1075.715230][T15032] veth1_vlan: entered promiscuous mode
[ 1075.904394][T15032] veth0_macvtap: entered promiscuous mode
[ 1076.068056][T15032] veth1_macvtap: entered promiscuous mode
[ 1076.141291][T15032] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1076.181111][T15032] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1077.064869][T15060] veth0_vlan: entered promiscuous mode
[ 1077.093921][ T6175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1077.113985][ T6175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1077.150182][T15060] veth1_vlan: entered promiscuous mode
[ 1077.779525][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1077.800196][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1077.811608][T15060] veth0_macvtap: entered promiscuous mode
[ 1077.848053][T15060] veth1_macvtap: entered promiscuous mode
[ 1077.928795][T15060] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1077.966739][T15060] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1079.126774][T15297] xt_hashlimit: size too large, truncated to 1048576
[ 1079.393046][T10091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1079.413203][ T7169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1079.449181][T10091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1079.460547][ T7169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1081.257162][T15311] overlay: Unknown parameter 'pcr'
[ 1082.072901][T15317] Lens B: =================  START STATUS  =================
[ 1082.080979][T15317] Lens B: Focus, Absolute: 0
[ 1082.088229][T15317] Lens B: ==================  END STATUS  ==================
[ 1082.278957][   T65] bridge_slave_1: left allmulticast mode
[ 1082.366294][   T65] bridge_slave_1: left promiscuous mode
[ 1082.446959][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1082.799965][   T65] bridge_slave_0: left allmulticast mode
[ 1082.819606][   T65] bridge_slave_0: left promiscuous mode
[ 1082.848816][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1083.188514][   T51] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1083.199917][   T51] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1083.227060][   T51] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1083.237811][   T51] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1083.257345][   T51] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1083.548850][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1083.561725][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1083.578114][   T65] bond0 (unregistering): Released all slaves
[ 1083.615429][T15324] lo speed is unknown, defaulting to 1000
[ 1083.622443][T15324] lo speed is unknown, defaulting to 1000
[ 1083.871079][   T65] hsr_slave_0: left promiscuous mode
[ 1083.878411][   T65] hsr_slave_1: left promiscuous mode
[ 1083.884574][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1083.891996][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1083.901402][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1083.909071][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1083.945798][   T65] veth1_macvtap: left promiscuous mode
[ 1083.951372][   T65] veth0_macvtap: left promiscuous mode
[ 1083.957636][   T65] veth1_vlan: left promiscuous mode
[ 1083.963557][   T65] veth0_vlan: left promiscuous mode
[ 1085.417617][T13254] Bluetooth: hci7: command tx timeout
[ 1085.586462][   T65] team0 (unregistering): Port device team_slave_1 removed
[ 1085.665542][   T65] team0 (unregistering): Port device team_slave_0 removed
[ 1085.863123][   T51] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1085.881080][   T51] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1085.907610][   T51] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1085.917386][   T51] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1085.925945][   T51] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1086.411104][T15342] lo speed is unknown, defaulting to 1000
[ 1086.456616][T15324] chnl_net:caif_netlink_parms(): no params data found
[ 1086.766627][T15342] lo speed is unknown, defaulting to 1000
[ 1087.540867][   T51] Bluetooth: hci7: command tx timeout
[ 1088.002800][   T51] Bluetooth: hci8: command tx timeout
[ 1089.444531][T15324] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1089.452067][T15324] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1089.459610][T15324] bridge_slave_0: entered allmulticast mode
[ 1089.784032][T15324] bridge_slave_0: entered promiscuous mode
[ 1089.784270][   T51] Bluetooth: hci7: command tx timeout
[ 1089.828389][T15372] overlayfs: failed to clone upperpath
[ 1089.848896][T15324] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1089.859291][T15324] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1089.869030][T15324] bridge_slave_1: entered allmulticast mode
[ 1089.879760][T15324] bridge_slave_1: entered promiscuous mode
[ 1089.969178][T15324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1089.999009][T15324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1090.088826][   T51] Bluetooth: hci8: command tx timeout
[ 1090.097975][T15324] team0: Port device team_slave_0 added
[ 1090.114956][T15324] team0: Port device team_slave_1 added
[ 1090.166257][T15342] chnl_net:caif_netlink_parms(): no params data found
[ 1090.444085][T15324] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1090.467081][T15324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1090.510531][T15324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1090.549713][T15324] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1090.558100][T15324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1090.585037][T15324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1090.877090][T15386] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1091.166452][T15388] sctp: [Deprecated]: syz.1.2245 (pid 15388) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1091.166452][T15388] Use struct sctp_sack_info instead
[ 1091.240756][T15342] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1091.273662][T15342] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1091.293952][T15342] bridge_slave_0: entered allmulticast mode
[ 1091.302004][T15342] bridge_slave_0: entered promiscuous mode
[ 1091.358225][T15342] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1091.366610][T15342] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1091.375433][T15342] bridge_slave_1: entered allmulticast mode
[ 1091.475744][T15342] bridge_slave_1: entered promiscuous mode
[ 1091.496351][T15324] hsr_slave_0: entered promiscuous mode
[ 1091.525025][T15324] hsr_slave_1: entered promiscuous mode
[ 1091.531284][T15324] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1091.539779][T15324] Cannot create hsr debugfs directory
[ 1091.740505][T15395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2249'.
[ 1091.801552][T15342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1091.852792][   T51] Bluetooth: hci7: command tx timeout
[ 1091.875968][T15342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1092.284090][   T51] Bluetooth: hci8: command tx timeout
[ 1092.416667][T15342] team0: Port device team_slave_0 added
[ 1092.502072][T15342] team0: Port device team_slave_1 added
[ 1093.789247][T15342] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1093.796438][T15342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1093.823241][T15342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1093.868505][T15342] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1093.877977][T15342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1093.910042][T15342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1094.542929][   T51] Bluetooth: hci8: command tx timeout
[ 1094.996061][T15420] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1095.005561][T15420] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1095.015229][T15420] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1095.834526][T15342] hsr_slave_0: entered promiscuous mode
[ 1095.977145][T15430] xt_addrtype: ipv6 BLACKHOLE matching not supported
[ 1096.215656][T15342] hsr_slave_1: entered promiscuous mode
[ 1096.263568][T15342] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1096.326295][T15342] Cannot create hsr debugfs directory
[ 1097.243305][T15434] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[ 1097.277527][T15434] bond1: entered promiscuous mode
[ 1097.283462][T15434] bond1: entered allmulticast mode
[ 1097.289147][T15434] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1100.285503][T15324] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1101.691827][T15324] 8021q: adding VLAN 0 to HW filter on device team0
[ 1101.751214][T15342] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1101.774490][T15342] 8021q: adding VLAN 0 to HW filter on device team0
[ 1101.825784][T15342] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1101.867190][T15342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1101.942103][ T3979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1101.949398][ T3979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1101.974915][ T3979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1101.982115][ T3979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1101.999405][ T3979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1102.006752][ T3979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1103.166569][T10095] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1103.173962][T10095] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1103.813911][T15507] rdma_rxe: rxe_newlink: failed to add lo
[ 1103.826104][T15324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1104.667254][T15519] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2277'.
[ 1104.907265][T15342] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1105.894789][T15531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1105.967554][T15324] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1107.626704][T15342] veth0_vlan: entered promiscuous mode
[ 1107.650835][T15342] veth1_vlan: entered promiscuous mode
[ 1108.025182][T15556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2285'.
[ 1108.063688][T15342] veth0_macvtap: entered promiscuous mode
[ 1108.081176][T15342] veth1_macvtap: entered promiscuous mode
[ 1108.141628][T15342] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1108.191193][T15342] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1108.550956][ T6042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1108.570227][ T6042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1108.659771][T15324] veth0_vlan: entered promiscuous mode
[ 1108.730537][T15324] veth1_vlan: entered promiscuous mode
[ 1108.787448][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1108.851638][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1108.931781][T15324] veth0_macvtap: entered promiscuous mode
[ 1108.961459][T15324] veth1_macvtap: entered promiscuous mode
[ 1109.045817][T15324] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1109.081611][T15324] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1109.779909][T13517] bridge_slave_1: left allmulticast mode
[ 1109.822971][T13517] bridge_slave_1: left promiscuous mode
[ 1109.846509][T13517] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.889458][T15580] netlink: 'syz.7.2293': attribute type 2 has an invalid length.
[ 1110.016575][T13517] bridge_slave_0: left allmulticast mode
[ 1110.022319][T13517] bridge_slave_0: left promiscuous mode
[ 1110.045887][T13517] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.781794][T13517] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1110.795619][T13517] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1110.819317][T13517] bond0 (unregistering): Released all slaves
[ 1111.003098][ T6175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1111.054819][ T6175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1111.125498][ T6287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1111.143753][ T6287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1111.169999][T13517] hsr_slave_0: left promiscuous mode
[ 1111.179516][T13517] hsr_slave_1: left promiscuous mode
[ 1111.186647][T13517] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1111.194763][T13517] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1111.204038][T13517] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1111.211591][T13517] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1111.245976][T13517] veth1_macvtap: left promiscuous mode
[ 1111.251617][T13517] veth0_macvtap: left promiscuous mode
[ 1111.257920][T13517] veth1_vlan: left promiscuous mode
[ 1111.265627][T13517] veth0_vlan: left promiscuous mode
[ 1111.955219][T15593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1111.977673][T13517] team0 (unregistering): Port device team_slave_1 removed
[ 1112.028735][T15593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1112.053703][T13517] team0 (unregistering): Port device team_slave_0 removed
[ 1112.113412][T15593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1113.149253][T13254] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1113.163927][T13254] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1113.173048][T13254] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1113.185056][T13254] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1113.194077][T13254] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1114.870382][T15603] lo speed is unknown, defaulting to 1000
[ 1114.881733][T15603] lo speed is unknown, defaulting to 1000
[ 1115.383139][T13254] Bluetooth: hci8: command tx timeout
[ 1115.934595][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.941120][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.662135][T15627] tipc: Started in network mode
[ 1116.682960][T15627] tipc: Node identity _, cluster identity 4711
[ 1117.469343][T13254] Bluetooth: hci8: command tx timeout
[ 1119.298802][T15603] chnl_net:caif_netlink_parms(): no params data found
[ 1119.682912][T13254] Bluetooth: hci8: command tx timeout
[ 1120.043305][T15668] xt_nat: multiple ranges no longer supported
[ 1121.299780][T15678] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2312'.
[ 1121.545318][T15603] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1121.555425][T15603] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1121.570408][T15603] bridge_slave_0: entered allmulticast mode
[ 1121.584141][T15603] bridge_slave_0: entered promiscuous mode
[ 1121.597143][T15603] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1121.630202][T15603] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1121.805224][T13254] Bluetooth: hci8: command tx timeout
[ 1121.900883][T15603] bridge_slave_1: entered allmulticast mode
[ 1121.914503][T15603] bridge_slave_1: entered promiscuous mode
[ 1122.115946][T15603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1122.141802][T15603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1122.223158][T15603] team0: Port device team_slave_0 added
[ 1122.239069][T15603] team0: Port device team_slave_1 added
[ 1122.305038][T15603] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1122.312051][T15603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1122.341613][T15603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1122.358371][T15603] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1122.365927][T15603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1122.393126][T15603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1122.453924][T15603] hsr_slave_0: entered promiscuous mode
[ 1122.460860][T15603] hsr_slave_1: entered promiscuous mode
[ 1122.467988][   T43] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1122.524894][T15603] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1122.539300][T15603] Cannot create hsr debugfs directory
[ 1123.282908][   T43] usb 10-1: Using ep0 maxpacket: 32
[ 1123.307412][   T43] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[ 1123.342809][   T43] usb 10-1: config 0 has no interface number 0
[ 1123.720399][   T43] usb 10-1: config 0 interface 184 has no altsetting 0
[ 1123.739272][   T43] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1123.760275][   T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.776742][   T43] usb 10-1: Product: syz
[ 1123.781583][   T43] usb 10-1: Manufacturer: syz
[ 1123.786995][   T43] usb 10-1: SerialNumber: syz
[ 1124.008344][   T43] usb 10-1: config 0 descriptor??
[ 1124.016583][   T43] smsc75xx v1.0.0
[ 1124.021223][   T43] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1124.034273][   T43] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -22
[ 1124.758114][T15603] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1125.323966][T15603] 8021q: adding VLAN 0 to HW filter on device team0
[ 1125.348084][ T5880] usb 10-1: USB disconnect, device number 2
[ 1125.815913][ T3979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1125.823283][ T3979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1125.864884][ T3979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1125.872050][ T3979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1126.331502][ T5913] Process accounting resumed
[ 1127.086797][T15742] FAT-fs (nullb0): bogus number of reserved sectors
[ 1127.093909][T15742] FAT-fs (nullb0): Can't find a valid FAT filesystem
[ 1128.384058][T15761] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2331'.
[ 1131.713171][T15603] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1135.114340][T15823] netlink: 'syz.0.2345': attribute type 3 has an invalid length.
[ 1135.711453][T15828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1136.760568][T15823] random: crng reseeded on system resumption
[ 1136.822826][   T30] kauditd_printk_skb: 27 callbacks suppressed
[ 1136.822857][   T30] audit: type=1326 audit(2000000024.870:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15821 comm="syz.0.2345" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbfab18e929 code=0x0
[ 1137.104766][T15603] veth0_vlan: entered promiscuous mode
[ 1137.527199][T15603] veth1_vlan: entered promiscuous mode
[ 1137.561695][T15603] veth0_macvtap: entered promiscuous mode
[ 1137.646300][T15603] veth1_macvtap: entered promiscuous mode
[ 1138.119612][T15603] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1138.190725][T15603] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1138.493144][T15842] Process accounting resumed
[ 1140.959312][T15861] FAT-fs (nullb0): bogus number of reserved sectors
[ 1140.966350][T15861] FAT-fs (nullb0): Can't find a valid FAT filesystem
[ 1142.935223][ T6042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1143.488706][T15871] loop6: detected capacity change from 0 to 524287999
[ 1143.498265][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.506765][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.515030][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.523315][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.531502][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.540030][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.549521][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.557830][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.569833][T15871] ldm_validate_partition_table(): Disk read failed.
[ 1143.570029][ T6042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1143.584881][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.595462][T15871] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1143.606538][T15871] Dev loop6: unable to read RDB block 0
[ 1143.612895][T15871]  loop6: unable to read partition table
[ 1143.619037][T15871] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1146.432723][T13254] Bluetooth: hci6: command 0x0406 tx timeout
[ 1147.617192][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1147.633949][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1147.763861][T15893] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2359'.
[ 1148.592394][T15893] macvtap1: entered promiscuous mode
[ 1148.598505][T15893] team0: entered promiscuous mode
[ 1148.604052][T15893] geneve0: entered promiscuous mode
[ 1148.624814][T15893] macvtap1: entered allmulticast mode
[ 1149.298951][   T31] INFO: task syz.6.2109:14707 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1149.344841][T15893] team0: entered allmulticast mode
[ 1149.382833][   T31]       Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0
[ 1149.420093][T15893] geneve0: entered allmulticast mode
[ 1149.498142][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1149.522730][   T31] task:syz.6.2109      state:D stack:26720 pid:14707 tgid:14704 ppid:7664   task_flags:0x400140 flags:0x00004004
[ 1149.537862][T15893] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1149.657280][   T31] Call Trace:
[ 1149.660649][   T31]  <TASK>
[ 1149.701472][   T31]  __schedule+0x16a2/0x4cb0
[ 1149.758862][   T31]  ? schedule+0x165/0x360
[ 1149.890981][   T31]  ? __pfx___schedule+0x10/0x10
[ 1149.913761][   T31]  ? schedule+0x91/0x360
[ 1149.918094][   T31]  schedule+0x165/0x360
[ 1149.922306][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1149.962664][   T31]  __mutex_lock+0x724/0xe80
[ 1149.967253][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1149.971982][   T31]  ? nfsd_shutdown_threads+0x4e/0xd0
[ 1150.185151][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1150.190268][   T31]  ? net_generic+0x1e/0x240
[ 1150.202755][   T31]  ? net_generic+0x1e/0x240
[ 1150.207336][   T31]  ? net_generic+0x1e/0x240
[ 1150.211880][   T31]  ? net_generic+0x1e/0x240
[ 1150.217727][   T31]  nfsd_shutdown_threads+0x4e/0xd0
[ 1150.242658][   T31]  nfsd_umount+0x42/0xd0
[ 1150.258648][   T31]  deactivate_locked_super+0xbc/0x130
[ 1150.272978][   T31]  cleanup_mnt+0x425/0x4c0
[ 1150.277465][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.303130][   T31]  task_work_run+0x1d1/0x260
[ 1150.307799][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1150.323061][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1150.328706][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1150.353457][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1150.358145][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.373304][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.379439][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1150.392684][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.398669][   T31] RIP: 0033:0x7f04e258e929
[ 1150.422717][   T31] RSP: 002b:00007f04e3434038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1150.431229][   T31] RAX: fffffffffffffffe RBX: 00007f04e27b5fa0 RCX: 00007f04e258e929
[ 1150.453274][   T31] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000000000000000
[ 1150.462319][   T31] RBP: 00007f04e2610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1150.502857][   T31] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000
[ 1150.510901][   T31] R13: 0000000000000000 R14: 00007f04e27b5fa0 R15: 00007ffea633feb8
[ 1150.533606][   T31]  </TASK>
[ 1150.543070][   T31] 
[ 1150.543070][   T31] Showing all locks held in the system:
[ 1150.585021][   T31] 2 locks held by ksoftirqd/0/15:
[ 1150.590141][   T31] 1 lock held by khungtaskd/31:
[ 1150.621303][   T31]  #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1150.655227][   T31] 2 locks held by getty/5583:
[ 1150.661710][   T31]  #0: ffff8880308160a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1150.675718][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1150.686555][   T31] 2 locks held by syz-executor/6149:
[ 1150.691877][   T31]  #0: ffff88806f2d00e0 (&type->s_umount_key#84){++++}-{4:4}, at: deactivate_super+0xa9/0xe0
[ 1150.702976][   T31]  #1: ffffffff8e41b3a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x4e/0xd0
[ 1150.713049][   T31] 3 locks held by kworker/u8:10/6287:
[ 1150.718616][   T31]  #0: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1150.728896][   T31]  #1: ffffc90003f1fbc0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1150.743740][   T31]  #2: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_change+0xe5/0x250
[ 1150.755545][   T31] 3 locks held by kworker/u8:12/10091:
[ 1150.761035][   T31]  #0: ffff88814c914948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1150.773676][   T31]  #1: ffffc9000c247bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1150.786775][   T31]  #2: ffffffff8f4fdd48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0
[ 1150.801938][   T31] 3 locks held by kworker/u8:16/10104:
[ 1150.807785][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1150.819629][   T31]  #1: ffffc90004747bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1150.830685][   T31]  #2: ffffffff8f4fdd48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1150.839771][   T31] 2 locks held by syz.4.1741/13117:
[ 1150.845103][   T31]  #0: ffffffff8f563eb0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1150.853793][   T31]  #1: ffffffff8e41b3a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12a/0x1650
[ 1150.864176][   T31] 3 locks held by kworker/u8:0/13517:
[ 1150.870552][   T31] 2 locks held by syz.6.2109/14707:
[ 1150.875865][   T31]  #0: ffff88807e81c0e0 (&type->s_umount_key#84){++++}-{4:4}, at: deactivate_super+0xa9/0xe0
[ 1150.886451][   T31]  #1: ffffffff8e41b3a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x4e/0xd0
[ 1150.896215][   T31] 1 lock held by syz.8.2208/15188:
[ 1150.901345][   T31]  #0: ffff88807e81c0e0 (&type->s_umount_key#84){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[ 1150.911316][   T31] 4 locks held by syz-executor/15603:
[ 1150.916816][   T31]  #0: ffff88805d178d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fe/0x500
[ 1150.926941][   T31]  #1: ffff88805d178078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1150.936744][   T31]  #2: ffffffff8f665d68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1150.946894][   T31]  #3: ffff8880302ac338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 1150.956591][   T31] 2 locks held by syz.1.2359/15892:
[ 1150.961813][   T31]  #0: ffff88805cab3808 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1150.973573][   T31]  #1: ffff88801fea7258 (sk_lock-AF_CAN){+.+.}-{0:0}, at: bcm_release+0x1cd/0x920
[ 1150.983010][   T31] 2 locks held by syz.1.2359/15903:
[ 1150.988226][   T31]  #0: ffffffff8f4fdd48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1150.997457][   T31]  #1: ffffffff8f4f4db0 (dev_addr_sem){++++}-{4:4}, at: do_setlink+0x713/0x41c0
[ 1151.006752][   T31] 1 lock held by dhcpcd/15907:
[ 1151.011548][   T31]  #0: ffff88807c990258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1151.021595][   T31] 2 locks held by dhcpcd/15908:
[ 1151.026537][   T31]  #0: ffff88805756e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1151.036385][   T31]  #1: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1151.047405][   T31] 1 lock held by dhcpcd/15910:
[ 1151.052180][   T31]  #0: ffff88807f6e8258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1151.063461][   T31] 
[ 1151.065840][   T31] =============================================
[ 1151.065840][   T31] 
[ 1151.084620][T15903] team0: left allmulticast mode
[ 1151.089614][T15903] geneve0: left allmulticast mode
[ 1151.095644][   T31] NMI backtrace for cpu 1
[ 1151.095664][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) 
[ 1151.095693][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1151.095705][   T31] Call Trace:
[ 1151.095713][   T31]  <TASK>
[ 1151.095721][   T31]  dump_stack_lvl+0x189/0x250
[ 1151.095757][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1151.095783][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1151.095813][   T31]  ? __pfx__printk+0x10/0x10
[ 1151.095848][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1151.095884][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1151.095907][   T31]  ? _printk+0xcf/0x120
[ 1151.095933][   T31]  ? __pfx__printk+0x10/0x10
[ 1151.095956][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1151.095985][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1151.096015][   T31]  watchdog+0xfee/0x1030
[ 1151.096045][   T31]  ? watchdog+0x1de/0x1030
[ 1151.096106][   T31]  kthread+0x70e/0x8a0
[ 1151.096132][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1151.096160][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.096185][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1151.096215][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.096243][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.096267][   T31]  ret_from_fork+0x3fc/0x770
[ 1151.096299][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1151.096341][   T31]  ? __switch_to_asm+0x39/0x70
[ 1151.096360][   T31]  ? __switch_to_asm+0x33/0x70
[ 1151.096378][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.096402][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1151.096440][   T31]  </TASK>
[ 1151.096448][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1151.133801][T15903] team0: left promiscuous mode
[ 1151.135278][    C0] NMI backtrace for cpu 0
[ 1151.135306][    C0] CPU: 0 UID: 0 PID: 15903 Comm: syz.1.2359 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) 
[ 1151.135327][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1151.135338][    C0] RIP: 0010:io_serial_in+0x77/0xc0
[ 1151.135362][    C0] Code: e8 7e 64 80 fc 44 89 f9 d3 e3 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 0f b1 e1 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
[ 1151.135378][    C0] RSP: 0018:ffffc9000b18e150 EFLAGS: 00000002
[ 1151.135393][    C0] RAX: 1ffffffff33b2800 RBX: 00000000000003fd RCX: 0000000000000000
[ 1151.135405][    C0] RDX: 00000000000003fd RSI: 000000000000cb96 RDI: 000000000000cb97
[ 1151.135416][    C0] RBP: ffffffff99d947d0 R08: ffff888024280237 R09: 1ffff11004850046
[ 1151.135428][    C0] R10: dffffc0000000000 R11: ffffffff853fe920 R12: dffffc0000000000
[ 1151.135441][    C0] R13: 0000000000000000 R14: ffffffff99d94540 R15: 0000000000000000
[ 1151.135452][    C0] FS:  00007f34692146c0(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000
[ 1151.135467][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1151.135478][    C0] CR2: 00005640682b1168 CR3: 0000000051712000 CR4: 00000000003526f0
[ 1151.135493][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1151.135503][    C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1151.135514][    C0] Call Trace:
[ 1151.135520][    C0]  <TASK>
[ 1151.135530][    C0]  wait_for_lsr+0x19e/0x2f0
[ 1151.135555][    C0]  serial8250_console_write+0x134c/0x1ba0
[ 1151.135583][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1151.135607][    C0]  ? __pfx_serial8250_console_write+0x10/0x10
[ 1151.135628][    C0]  ? console_flush_all+0x13a/0xc40
[ 1151.135646][    C0]  ? console_flush_all+0x13a/0xc40
[ 1151.135667][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 1151.135685][    C0]  ? console_flush_all+0x13a/0xc40
[ 1151.135701][    C0]  ? console_flush_all+0x13a/0xc40
[ 1151.135719][    C0]  console_flush_all+0x728/0xc40
[ 1151.135739][    C0]  ? console_flush_all+0x13a/0xc40
[ 1151.135760][    C0]  ? __pfx_console_flush_all+0x10/0x10
[ 1151.135776][    C0]  ? console_unlock+0x21b/0x270
[ 1151.135817][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1151.135839][    C0]  console_unlock+0xc4/0x270
[ 1151.135867][    C0]  ? __pfx_console_unlock+0x10/0x10
[ 1151.135896][    C0]  ? vprintk_emit+0x444/0x7a0
[ 1151.135926][    C0]  ? vprintk_emit+0x444/0x7a0
[ 1151.135953][    C0]  vprintk_emit+0x5b7/0x7a0
[ 1151.135979][    C0]  ? vprintk_emit+0x444/0x7a0
[ 1151.136005][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 1151.136032][    C0]  ? _printk+0xcf/0x120
[ 1151.136053][    C0]  ? __pfx__printk+0x10/0x10
[ 1151.136073][    C0]  _printk+0xcf/0x120
[ 1151.136103][    C0]  ? __pfx__printk+0x10/0x10
[ 1151.136119][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1151.136146][    C0]  ? __netdev_printk+0x365/0x4d0
[ 1151.136174][    C0]  netdev_info+0x10a/0x160
[ 1151.136198][    C0]  ? __pfx_netdev_info+0x10/0x10
[ 1151.136218][    C0]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1151.136239][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1151.136263][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.136289][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1151.136317][    C0]  __dev_set_promiscuity+0x307/0x740
[ 1151.136342][    C0]  netif_set_promiscuity+0x50/0xe0
[ 1151.136365][    C0]  dev_set_promiscuity+0x126/0x260
[ 1151.136388][    C0]  macvlan_stop+0x231/0x3e0
[ 1151.136407][    C0]  ? __pfx_macvlan_stop+0x10/0x10
[ 1151.136426][    C0]  __dev_close_many+0x361/0x6f0
[ 1151.136447][    C0]  ? __pfx___dev_close_many+0x10/0x10
[ 1151.136465][    C0]  ? __pfx_macvlan_change_rx_flags+0x10/0x10
[ 1151.136489][    C0]  __dev_change_flags+0x2c7/0x6d0
[ 1151.136513][    C0]  ? __pfx___dev_change_flags+0x10/0x10
[ 1151.136537][    C0]  ? do_setlink+0x8ce/0x41c0
[ 1151.136559][    C0]  netif_change_flags+0x88/0x1a0
[ 1151.136583][    C0]  do_setlink+0xc55/0x41c0
[ 1151.136613][    C0]  ? __pfx_do_setlink+0x10/0x10
[ 1151.136633][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1151.136679][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1151.136707][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1151.136732][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1151.136761][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1151.136789][    C0]  ? __mutex_lock+0xa6d/0xe80
[ 1151.136811][    C0]  ? __mutex_lock+0x51b/0xe80
[ 1151.136830][    C0]  ? rtnl_newlink+0x8db/0x1c70
[ 1151.136850][    C0]  ? __pfx___mutex_lock+0x10/0x10
[ 1151.136871][    C0]  ? ns_capable+0x8a/0xf0
[ 1151.136897][    C0]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1151.136921][    C0]  rtnl_newlink+0x160b/0x1c70
[ 1151.136947][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1151.136970][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1151.137001][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1151.137037][    C0]  ? is_bpf_text_address+0x26/0x2b0
[ 1151.137067][    C0]  ? is_bpf_text_address+0x292/0x2b0
[ 1151.137091][    C0]  ? is_bpf_text_address+0x26/0x2b0
[ 1151.137118][    C0]  ? kernel_text_address+0xa5/0xe0
[ 1151.137140][    C0]  ? __kernel_text_address+0xd/0x40
[ 1151.137161][    C0]  ? unwind_get_return_address+0x4d/0x90
[ 1151.137187][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1151.137206][    C0]  ? arch_stack_walk+0xfc/0x150
[ 1151.137236][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1151.137274][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1151.137292][    C0]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1151.137313][    C0]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1151.137330][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1151.137359][    C0]  netlink_rcv_skb+0x208/0x470
[ 1151.137381][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1151.137400][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1151.137428][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1151.137448][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1151.137472][    C0]  netlink_unicast+0x75b/0x8d0
[ 1151.137497][    C0]  netlink_sendmsg+0x805/0xb30
[ 1151.137523][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1151.137550][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1151.137571][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1151.137593][    C0]  __sock_sendmsg+0x219/0x270
[ 1151.137622][    C0]  ____sys_sendmsg+0x505/0x830
[ 1151.137648][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1151.137676][    C0]  ? import_iovec+0x74/0xa0
[ 1151.137696][    C0]  ___sys_sendmsg+0x21f/0x2a0
[ 1151.137720][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1151.137766][    C0]  ? __fget_files+0x2a/0x420
[ 1151.137789][    C0]  ? __fget_files+0x3a0/0x420
[ 1151.137826][    C0]  __x64_sys_sendmsg+0x19b/0x260
[ 1151.137850][    C0]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1151.137880][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[ 1151.137905][    C0]  ? do_syscall_64+0xbe/0x3b0
[ 1151.137922][    C0]  do_syscall_64+0xfa/0x3b0
[ 1151.137937][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.137963][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.137981][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1151.138001][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.138018][    C0] RIP: 0033:0x7f346838e929
[ 1151.138034][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1151.138061][    C0] RSP: 002b:00007f3469214038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1151.138078][    C0] RAX: ffffffffffffffda RBX: 00007f34685b6080 RCX: 00007f346838e929
[ 1151.138091][    C0] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000e
[ 1151.138102][    C0] RBP: 00007f3468410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1151.138112][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1151.138122][    C0] R13: 0000000000000001 R14: 00007f34685b6080 R15: 00007ffed106fea8
[ 1151.138143][    C0]  </TASK>
[ 1151.150032][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1151.150069][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) 
[ 1151.150101][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1151.150116][   T31] Call Trace:
[ 1151.150128][   T31]  <TASK>
[ 1151.150140][   T31]  dump_stack_lvl+0x99/0x250
[ 1151.150182][   T31]  ? __asan_memcpy+0x40/0x70
[ 1151.150209][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1151.150246][   T31]  ? __pfx__printk+0x10/0x10
[ 1151.150288][   T31]  panic+0x2db/0x790
[ 1151.150332][   T31]  ? __pfx_panic+0x10/0x10
[ 1151.150366][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1151.150410][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1151.150441][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1151.150485][   T31]  watchdog+0x102d/0x1030
[ 1151.150520][   T31]  ? watchdog+0x1de/0x1030
[ 1151.150562][   T31]  kthread+0x70e/0x8a0
[ 1151.150592][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1151.150622][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.150652][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1151.150687][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.150722][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.150748][   T31]  ret_from_fork+0x3fc/0x770
[ 1151.150786][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1151.150828][   T31]  ? __switch_to_asm+0x39/0x70
[ 1151.150849][   T31]  ? __switch_to_asm+0x33/0x70
[ 1151.150872][   T31]  ? __pfx_kthread+0x10/0x10
[ 1151.150899][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1151.150944][   T31]  </TASK>
[ 1151.151941][   T31] Kernel Offset: disabled