last executing test programs:

6m31.872722876s ago: executing program 3 (id=4):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000001, 0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x3)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000340)=ANY=[@ANYBLOB="aa80c2000000080045f6003c000000000006907864010101ac1414aa00004e22431ab4673c79779352214c7b143600b0ba2cdcb8bc9f2e138a2dbbff1f97d71dad8d9053000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac9400009078000013125fb6abbd3ee24c1a5ee2b19d9f6654130000"], 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x9, 0x8, 0x8, 0x90, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r5, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100b})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x47f, 0xffffffff, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x50, 0x9, [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x3, 0x1, 0x1, 0x4, {0x9, 0x21, 0x7, 0x3, 0x1, {0x22, 0xd}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xe, 0x5, 0xca}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x80, 0x9, 0x7, 0xff, 0x5}, 0x17, &(0x7f0000000080)={0x5, 0xf, 0x17, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0x5, 0x5, 0x7f}, @wireless={0xb, 0x10, 0x1, 0xc, 0xc0, 0x3, 0x1, 0x4, 0xb9}]}, 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x807}}, {0x91, &(0x7f0000000180)=@string={0x91, 0x3, "e5757d2fb1c3f8dfbec17b5868380ae77cb92b439e5280ab615315c63ec7548e3a5c5745bd6e59f0409b4a788f7df4632c1baa6365ae21eb57d2d03e1dfdd706fe84d5701ce5f452d26bd8a5f514c9cd1ccc2fcd7d5bf7f66dd231c0a5ea44632194374972c75017665c526c7ffa778be623dcb558a9c6405d19e5c6453d003a78364a9298a4b52d7d0d0f81fc9995"}}, {0x62, &(0x7f0000000240)=@string={0x62, 0x3, "1af3599c2d3d744ee1a5bb956a5de3476e2ba72702ea7d3b198247993d0b2cc05248f1f896967a38ee41768eb3f73303c30e17dfbd650f86ac2976dbffaff683be02df616f1477b3ba45a487556885b03c2d362b24c81f335e5f0a808daa5558"}}]})

6m29.840106482s ago: executing program 3 (id=12):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x6, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12010002a3314220751b70309cc301023ad3bc2827f30003010902240002048b800709048240001d0e32090904b2ef0068dbde030a93b88105ade14eb00bca957ac96bb0eca00b858b14f58fd0dcdf704b47bc534fabf99cae9f5d925279a1a4066fbd724b8aae8ae4471f30a7854a728d863db3fd245ab5f88026d34b0f5512ddcdfb47a18fac9b375b6d22ba94cf49343d01857157d821e22917f1e54ee4f5b456bc75784f0b48deff37ba7969373f238a72c25f702e0a94575b007196f2e0a4d3baca7ae591a54e1fcd4c40fd5b82e1e29a0c99258a4469899b54bb86c4ada0b81aedc12c46d92b8db97edfaf57ea8e11323c6e62ebd36eb3d37c1952cc7b12948db4fe3430d6fa00"/279], 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
r3 = socket(0x1000000000000010, 0x80802, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x5, 0x2}, {0x1}}}, 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000011000101000000000080000000000000", @ANYRES32=r7], 0x20}}, 0x0)

6m22.839557949s ago: executing program 3 (id=25):
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x107800, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000180)='syzkaller\x00', 0xb, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}]}, &(0x7f0000000440)=0x10)

6m7.556614545s ago: executing program 32 (id=25):
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x107800, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000180)='syzkaller\x00', 0xb, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}]}, &(0x7f0000000440)=0x10)

4m18.149829665s ago: executing program 0 (id=298):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f00000005c0)={0x5, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000]}})

4m16.648188864s ago: executing program 0 (id=300):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x800000000009, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0x980915, 0x8})
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000000)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
fcntl$setsig(r6, 0xa, 0x21)
fcntl$setlease(r6, 0x400, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x0)
fcntl$setlease(r6, 0x400, 0x2)

4m15.009655823s ago: executing program 0 (id=305):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0x1}], 0x1, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x208, 0x0, 0x1}}], 0x30, 0x4000000}], 0x1, 0x0)

4m14.785796725s ago: executing program 0 (id=308):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x11, &(0x7f00000002c0), 0x2)

4m14.564998199s ago: executing program 0 (id=312):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x800000000009, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0x980915, 0x8})
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000000)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
fcntl$setlease(r6, 0x400, 0x2)

4m12.26769078s ago: executing program 0 (id=315):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x3abe, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}}, 0x0)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000700)={@map=r4, 0x2b, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioprio_get$uid(0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000300fffe0900010073797a300000000028000000000a010800000000000000000a00fffd080002400000000109000004000000000a030000000000000000000a00000008000240000000000900010073797a30"], 0x2d8}}, 0x0)

3m56.662259379s ago: executing program 33 (id=315):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x3abe, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}}, 0x0)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000700)={@map=r4, 0x2b, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioprio_get$uid(0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000300fffe0900010073797a300000000028000000000a010800000000000000000a00fffd080002400000000109000004000000000a030000000000000000000a00000008000240000000000900010073797a30"], 0x2d8}}, 0x0)

1m56.009959188s ago: executing program 2 (id=626):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000000206030000000000000000040500010007000000090001e873797a30000000000c0007800800130000000000050005000200000005000b00000000000d000300686173683a6e65740000000066ea837e5985d29ee195bba63555dbb30a4e8372c71df578db7a83d9b91bc0f4a3e8b62e5269cc1bea8fe4311baa86811d39d138adf3e9d9a02a833443ea0320aa70be05f42890355ef635c876eba37292b40640d7a99c04d6285291a65f8474775d293e043e4d8a58483ff08f34b19942830420200f5b9d136a35faa5108778f4570adfc8e960bfe32611de2e87d10386461ce2b6d1bedea3b3c2bb27288543addd3ceeff270f8dff5df71996d6e304f0b831b7d665f3f588391d529eac772eccbb0eceda52bcb5900f270a9a7c4109000000000000553a21673bfdcb3b0ae1a989874f17b036324085e73075d56107"], 0x54}}, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000300018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300003908000085000000060000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000780)=ANY=[@ANYBLOB="ffffffffffff00019078ac1e0001ac1414bb0c00907800000000420000000000000000110000e0000002ac1414aa000dee0dd9de36ed4bcc5b4e23440c0003000000000000000089032e82004404000144140000000000000000000000000000000000001879e744e01dfee8535ad5c831b927fef5d2d3f75c162e17b817ef384845200f754e768a0c772de6590f1dd8831523544884294fc9f4c692a6f3486e469d5d4b79a39780e8c885b64109200e96dc1c5826ebb71e1ec363f1eb761fbbd35f9a3efff76a1cde59f93bd5ccba5e7f277fb64268072573e0acc79f3b3f69f22f6b94456420795821a3b7ba3a27090d51f61316a6044c2d996370f137d72b9a702b6a759d0a633f42a3dfade0024e28f8cc6976964be148ed38406e7b254b4075e92deedb20a898553b18eb77b7b53f85aee0b9dd5f3f7b7e7af866afbf8bd2c01bb7ff4e17878f9fc4bc7d37dd2426ef6064"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
socket$pppoe(0x18, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r5, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7ff, 0x200006, 0xc, 0xb, 0x59c, 0xffffffffffffffff})
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000180)={0xf0f03c, 0x4})
write$fb(r7, &(0x7f00000000c0)="aa", 0x1)

1m51.221775233s ago: executing program 6 (id=636):
r0 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

1m49.729900357s ago: executing program 2 (id=641):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f00000002c0)=ANY=[], 0x76)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000280)=@md5={0x1, "bf5110b0dbe094319d585e800e0e621c"}, 0x11, 0x0)

1m49.370975211s ago: executing program 6 (id=643):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000280)=@md5={0x1, "bf5110b0dbe094319d585e800e0e621c"}, 0x11, 0x0)
dup3(r6, r5, 0x0)
finit_module(r6, 0x0, 0x0)

1m45.084153728s ago: executing program 6 (id=646):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x1000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

1m45.029786593s ago: executing program 2 (id=647):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x15)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300fff5dd00000008000100090c100000000000224e0000", 0x58}], 0x1)

1m43.994217167s ago: executing program 6 (id=649):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, 0x0, 0x4004004)

1m42.846984562s ago: executing program 2 (id=652):
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0400000004000000040000000500010000000000", @ANYRES32, @ANYBLOB="0000000000000000004a192d0fe045002b00"/27, @ANYRES16=r3, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

1m41.620164378s ago: executing program 2 (id=656):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000280)=@md5={0x1, "bf5110b0dbe094319d585e800e0e621c"}, 0x11, 0x0)
dup3(r6, r5, 0x0)
finit_module(r6, 0x0, 0x0)

1m38.385710383s ago: executing program 6 (id=658):
mkdir(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000002380), 0x800, 0x2)
ioctl$vim2m_VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f00000023c0))
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x7fffffff, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
pread64(r4, &(0x7f0000000180)=""/81, 0x51, 0x0)
pread64(r3, 0x0, 0x0, 0x0)

1m37.478654592s ago: executing program 2 (id=659):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073"], 0x7c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
recvmmsg(r2, &(0x7f000000b080), 0x0, 0x40000001, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x101, 0xfff}})
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000000)=0x4)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x2, 0x2, 0xfffd})
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r3, 0x3309)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, 0x0, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(0x0, 0x1, 0x123800)
io_setup(0x7, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="190000001900010000000000000000001c140000fe00000100000000140012000a00a51b69ae9597407dc5518eada89d"], 0x30}}, 0x0)
add_key(0x0, &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000200)="919f9d310cce9f6648", 0x9, 0xfffffffffffffffb)

1m34.977385549s ago: executing program 6 (id=664):
r0 = socket$nl_route(0x10, 0x3, 0x0)
semop(0x0, &(0x7f00000002c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x5, 0xbc}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x6, <r1=>0xffffffffffffffff})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340))
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x21}], 0x1, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000300))
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x0, 0xc5, 0x0, 0xfff}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
dup(0xffffffffffffffff)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='cramfs\x00', 0x2008006, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x854)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000000), 0x86}, 0x38)

1m22.10716148s ago: executing program 34 (id=659):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073"], 0x7c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
recvmmsg(r2, &(0x7f000000b080), 0x0, 0x40000001, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x101, 0xfff}})
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000000)=0x4)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x2, 0x2, 0xfffd})
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r3, 0x3309)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, 0x0, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(0x0, 0x1, 0x123800)
io_setup(0x7, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="190000001900010000000000000000001c140000fe00000100000000140012000a00a51b69ae9597407dc5518eada89d"], 0x30}}, 0x0)
add_key(0x0, &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000200)="919f9d310cce9f6648", 0x9, 0xfffffffffffffffb)

1m19.708886704s ago: executing program 35 (id=664):
r0 = socket$nl_route(0x10, 0x3, 0x0)
semop(0x0, &(0x7f00000002c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x5, 0xbc}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x6, <r1=>0xffffffffffffffff})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340))
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x21}], 0x1, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000300))
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x0, 0xc5, 0x0, 0xfff}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
dup(0xffffffffffffffff)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='cramfs\x00', 0x2008006, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x854)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000000), 0x86}, 0x38)

11.393475376s ago: executing program 5 (id=923):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
io_setup(0x7, &(0x7f0000000000)=<r2=>0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r4, r4, 0x2f, 0x2000, 0x4, @value}, 0x20)
io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x50)
socket$unix(0x1, 0x5, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010700000000000000002000000008000300", @ANYRES32], 0x1c}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0b010510"], 0xe)

10.278517406s ago: executing program 8 (id=928):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001400000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
pipe(0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, 0x0, 0x0)

9.862748925s ago: executing program 5 (id=933):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file1\x00', 0x1000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

9.543739099s ago: executing program 5 (id=936):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r3=>0x0})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@ipv6_delroute={0x1c, 0x19, 0x1}, 0x1c}}, 0x0)

8.525716028s ago: executing program 1 (id=940):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, 0x0, 0x0)
ioctl$TIOCL_SETVESABLANK(r1, 0x541c, &(0x7f0000000080))

8.500682081s ago: executing program 1 (id=941):
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x1013a, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}, 0x300}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

8.045533453s ago: executing program 5 (id=943):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "77746a315690a576", "07f217bd2e511e465bbbd5de32b495b2f9044677d4d588360663af84db44be59", "9bba8c07", "f37f20e2ff799aae"}, 0x38)
shutdown(r0, 0x1)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000280)="c3", 0x1}], 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

7.864221289s ago: executing program 5 (id=945):
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
chmod(&(0x7f0000000040)='./file0\x00', 0x2)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4)
userfaultfd(0x801)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
socket(0x9, 0x2, 0x5)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
semget$private(0x0, 0x3, 0x0)
semtimedop(0x0, &(0x7f0000000040)=[{0x2, 0x76bb, 0x1000}], 0x1, 0x0)
unshare(0x8040080)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r1)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
close(r2)
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000240))
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)

7.531510867s ago: executing program 1 (id=948):
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00'})
waitid(0x1, r0, &(0x7f00000010c0), 0x8, &(0x7f0000001140))
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r1, &(0x7f00000007c0), 0x10, 0x0, 0x0)

7.504935239s ago: executing program 8 (id=949):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x700, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
accept$inet6(r0, 0x0, 0x0)

7.412877187s ago: executing program 7 (id=950):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xa622, 0x0, 0x0, 0x3e}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

7.141737227s ago: executing program 1 (id=951):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x1)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x9, 0x4, 0x4, 0x8, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
recvfrom$inet_nvme(r5, &(0x7f0000000000)=""/6, 0x6, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='load default trusted:'], 0x34, 0xfffffffffffffffa)

7.059554429s ago: executing program 5 (id=952):
syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_mr_vif\x00')
getpid()
syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_procfs$pagemap(0x0, 0x0)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000022c0)={0x60, 0x3, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x9, 0x0, 0x0, 0x9, 0x0, 0x23, 0x4, 0x30})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0x4)

7.019786849s ago: executing program 7 (id=953):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0xa201, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000000c0), 0x4000000000001a7, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
preadv2(r2, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000000100)=""/27, 0x1b}, {&(0x7f0000000240)=""/217, 0xd9}, {&(0x7f0000000500)=""/195, 0xc3}], 0x4, 0x1, 0xc, 0x1)
ioctl(r3, 0x8b1a, &(0x7f0000000040))
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
wait4(r0, &(0x7f0000000000), 0x4, &(0x7f0000000400))
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000040)=@default_ibss_ssid, 0xb, 0x0)

6.706205772s ago: executing program 8 (id=954):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

5.689650958s ago: executing program 4 (id=956):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x15)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300", 0x42}], 0x1)

5.594129307s ago: executing program 4 (id=957):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit={0x95, 0x0, 0x700}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

4.545725125s ago: executing program 4 (id=958):
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, 0xfffffffffffffffe, 0x29)
openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x90000, 0x0)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000008c0)=ANY=[], 0x50}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@newae={0x48, 0x1e, 0x468bbc8229e18b43, 0x0, 0x0, {{}, @in6=@empty}, [@replay_thresh={0x8}]}, 0x48}}, 0x0)

3.403732334s ago: executing program 4 (id=959):
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x1013a, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}, 0x300}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

2.75245084s ago: executing program 8 (id=960):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file1\x00', 0x1000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

2.703107365s ago: executing program 7 (id=961):
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00'})
waitid(0x1, r0, &(0x7f00000010c0), 0x8, &(0x7f0000001140))
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r1, &(0x7f00000007c0), 0x10, 0x0, 0x0)

2.629566252s ago: executing program 1 (id=962):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040))

2.37281679s ago: executing program 4 (id=963):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xa622, 0x0, 0x0, 0x3e}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

2.341203531s ago: executing program 7 (id=964):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x700, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
accept$inet6(r0, 0x0, 0x0)

2.100255641s ago: executing program 8 (id=965):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f00000002c0)=ANY=[], 0x76)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000280)=@md5={0x1, "bf5110b0dbe094319d585e800e0e621c"}, 0x11, 0x0)
dup3(r6, r5, 0x0)

2.099310992s ago: executing program 7 (id=966):
setxattr$security_ima(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180)=ANY=[], 0x700, 0x3)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
openat$sysfs(0xffffffffffffff9c, 0x0, 0x101b80, 0x4bd20473f038ba5)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x2, 0x2, 0x0)
setsockopt(r3, 0x0, 0x16, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00', @ANYRES16, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r6, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100080026006c09070008000c006400000008000d001d00000004010501"], 0x60}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x44, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xb}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001c40)={0x54, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0xfffe}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @rand_addr=' \x01\x00'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x54}}, 0x2000e844)

226.524786ms ago: executing program 1 (id=967):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000001e0000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x10}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

225.038329ms ago: executing program 7 (id=968):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000500)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

220.376263ms ago: executing program 4 (id=969):
prlimit64(0x0, 0xe, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x9, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="850000002e000000270000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x9c}, {0x8, 0xc9, 0x1a}}}}, 0xa)

0s ago: executing program 8 (id=970):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0x24044884)

kernel console output (not intermixed with test programs):

eate hsr debugfs directory
[   61.682051][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.719725][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.730532][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.764117][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.842272][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.852603][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.863894][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.883387][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.983887][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   61.993146][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   62.013276][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   62.025260][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   62.077320][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.120048][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   62.131638][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   62.153875][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   62.163883][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   62.173892][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   62.231545][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.238729][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.253811][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.260911][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.274409][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.285636][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.297205][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.312835][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.325791][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.372056][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   62.403958][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.411087][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.445868][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.453000][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.493889][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.554110][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   62.583003][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.590177][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.613389][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.670743][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.677892][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.729203][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   62.784579][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.791820][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.842933][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.851303][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.858399][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.891854][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   62.933971][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.941183][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.951056][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.958169][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.974418][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.995418][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.151172][ T5836] veth0_vlan: entered promiscuous mode
[   63.163600][ T5158] Bluetooth: hci1: command tx timeout
[   63.169604][ T5158] Bluetooth: hci0: command tx timeout
[   63.214105][ T5841] veth0_vlan: entered promiscuous mode
[   63.238317][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.250664][ T5158] Bluetooth: hci2: command tx timeout
[   63.257635][ T5836] veth1_vlan: entered promiscuous mode
[   63.276295][ T5841] veth1_vlan: entered promiscuous mode
[   63.320367][ T5158] Bluetooth: hci4: command tx timeout
[   63.391042][ T5836] veth0_macvtap: entered promiscuous mode
[   63.400704][ T5158] Bluetooth: hci3: command tx timeout
[   63.415423][ T5836] veth1_macvtap: entered promiscuous mode
[   63.457579][ T5841] veth0_macvtap: entered promiscuous mode
[   63.467025][ T5841] veth1_macvtap: entered promiscuous mode
[   63.506139][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.526711][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.553971][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.576348][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.587744][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.599680][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.621397][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.631931][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.643302][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.657234][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.670766][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.679713][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.688655][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.699363][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.714385][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.725568][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.734693][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.744268][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.845650][ T5853] veth0_vlan: entered promiscuous mode
[   63.886625][ T5853] veth1_vlan: entered promiscuous mode
[   63.894932][ T5840] veth0_vlan: entered promiscuous mode
[   63.927778][ T5847] veth0_vlan: entered promiscuous mode
[   63.949475][ T1169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.958909][ T5853] veth0_macvtap: entered promiscuous mode
[   63.967841][ T1169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.982828][ T5840] veth1_vlan: entered promiscuous mode
[   64.006946][ T5853] veth1_macvtap: entered promiscuous mode
[   64.026360][ T5847] veth1_vlan: entered promiscuous mode
[   64.039455][ T1169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.053842][ T1169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.069391][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.085441][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.125362][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.149175][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.160303][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.170809][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.182703][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.196573][ T5840] veth0_macvtap: entered promiscuous mode
[   64.196646][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.217232][ T5847] veth0_macvtap: entered promiscuous mode
[   64.220710][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.246280][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   64.264224][ T5840] veth1_macvtap: entered promiscuous mode
[   64.283670][ T5847] veth1_macvtap: entered promiscuous mode
[   64.293109][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.305705][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.320742][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.332200][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.343381][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.378533][ T5853] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.387532][ T5853] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.397009][ T5853] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.406196][ T5853] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.439403][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.452226][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.467059][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.487181][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.498488][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.514712][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.533293][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.689022][ T5921] netlink: 'syz.1.2': attribute type 3 has an invalid length.
[   64.697773][ T5921] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'.
[   64.707802][ T5921] netlink: 'syz.1.2': attribute type 3 has an invalid length.
[   64.715510][ T5921] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'.
[   64.762093][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.820883][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.924658][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.977173][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.029972][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   65.033728][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.080024][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   65.102351][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.132819][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   65.148801][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.178215][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.189432][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.205826][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.216651][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.234871][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.247538][ T5158] Bluetooth: hci0: command tx timeout
[   65.253203][ T5158] Bluetooth: hci1: command tx timeout
[   65.277273][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.300107][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.320686][ T5838] Bluetooth: hci2: command tx timeout
[   65.327937][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.339865][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.393409][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.409984][ T5838] Bluetooth: hci4: command tx timeout
[   65.416315][ T5926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6'.
[   65.426429][ T5926] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6'.
[   65.429588][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.437929][ T5926] Zero length message leads to an empty skb
[   65.458892][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.471638][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.488156][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.489992][ T5838] Bluetooth: hci3: command tx timeout
[   65.506386][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.517390][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.534185][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.559053][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.581033][ T5840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.592097][ T5840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.600946][ T5840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.609676][ T5840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.627307][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.642469][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.652707][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.661914][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.866879][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.887886][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.955901][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.976454][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.993197][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.007492][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.104724][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.143749][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.174751][ T5935] capability: warning: `syz.1.9' uses 32-bit capabilities (legacy support in use)
[   66.206531][ T2910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.220948][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.228823][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.237304][ T2910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.637769][ T5941] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   66.829549][ T5942] 8021q: adding VLAN 0 to HW filter on device bond1
[   67.161097][   T58] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   67.222343][ T5939] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'.
[   67.320469][ T5158] Bluetooth: hci0: command tx timeout
[   67.324085][   T58] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[   67.326667][ T5838] Bluetooth: hci1: command tx timeout
[   67.359207][   T58] usb 5-1: config 0 has no interface number 0
[   67.369978][   T58] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   67.380867][   T58] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   67.392742][   T58] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[   67.404134][   T58] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[   67.413126][ T5838] Bluetooth: hci2: command tx timeout
[   67.415588][   T58] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   67.433643][   T58] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[   67.442817][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.560689][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   67.560717][ T5838] Bluetooth: hci4: command tx timeout
[   67.580440][ T5838] Bluetooth: hci3: command tx timeout
[   67.602615][   T58] usb 5-1: config 0 descriptor??
[   68.233708][ T5947] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   68.321614][   T58] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[   68.640257][    T0] NOHZ tick-stop error: local softirq work is pending, handler #241!!!
[   68.661537][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   68.670121][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   68.682011][   T58] usb 5-1: USB disconnect, device number 2
[   68.717846][   T58] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[   68.848184][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.068096][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.640313][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[   69.720202][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   69.990849][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.573380][   T35] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[   71.406806][ T5985] netlink: 256 bytes leftover after parsing attributes in process `syz.4.17'.
[   71.411328][ T5982] netlink: 68 bytes leftover after parsing attributes in process `syz.1.16'.
[   71.417529][ T5985] netlink: 56 bytes leftover after parsing attributes in process `syz.4.17'.
[   71.564522][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[   71.571780][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[   71.853494][ T5993] FAULT_INJECTION: forcing a failure.
[   71.853494][ T5993] name failslab, interval 1, probability 0, space 0, times 1
[   71.866485][ T5993] CPU: 0 UID: 0 PID: 5993 Comm: syz.4.19 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   71.876682][ T5993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.886772][ T5993] Call Trace:
[   71.890051][ T5993]  <TASK>
[   71.892998][ T5993]  dump_stack_lvl+0x241/0x360
[   71.897691][ T5993]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.902904][ T5993]  ? __pfx__printk+0x10/0x10
[   71.907503][ T5993]  should_fail_ex+0x3b0/0x4e0
[   71.912181][ T5993]  should_failslab+0xac/0x100
[   71.917025][ T5993]  ? skb_clone+0x20c/0x390
[   71.921435][ T5993]  kmem_cache_alloc_noprof+0x70/0x380
[   71.926805][ T5993]  skb_clone+0x20c/0x390
[   71.931046][ T5993]  ? dev_queue_xmit_nit+0x3fe/0xca0
[   71.936424][ T5993]  dev_queue_xmit_nit+0x249/0xca0
[   71.941880][ T5993]  ? dev_queue_xmit_nit+0x2b/0xca0
[   71.946991][ T5993]  ? validate_xmit_skb+0x9b8/0xff0
[   71.952187][ T5993]  dev_hard_start_xmit+0x15f/0x7e0
[   71.957297][ T5993]  ? __pfx_validate_xmit_skb+0x10/0x10
[   71.962760][ T5993]  __dev_queue_xmit+0x1b73/0x3f50
[   71.967777][ T5993]  ? kasan_save_track+0x51/0x80
[   71.972635][ T5993]  ? ____sys_sendmsg+0x52a/0x7e0
[   71.977571][ T5993]  ? __dev_queue_xmit+0x2f4/0x3f50
[   71.982680][ T5993]  ? __pfx___dev_queue_xmit+0x10/0x10
[   71.988058][ T5993]  ? __copy_skb_header+0x437/0x5b0
[   71.993173][ T5993]  ? __asan_memcpy+0x40/0x70
[   71.997764][ T5993]  ? __copy_skb_header+0x437/0x5b0
[   72.002961][ T5993]  ? __skb_clone+0x454/0x6c0
[   72.007563][ T5993]  ? skb_clone+0x240/0x390
[   72.011981][ T5993]  __netlink_deliver_tap+0x56b/0x7f0
[   72.017287][ T5993]  ? netlink_deliver_tap+0x2e/0x1b0
[   72.022498][ T5993]  netlink_deliver_tap+0x19d/0x1b0
[   72.027699][ T5993]  netlink_unicast+0x7c4/0x990
[   72.032565][ T5993]  ? __pfx_netlink_unicast+0x10/0x10
[   72.037843][ T5993]  ? __virt_addr_valid+0x183/0x530
[   72.042949][ T5993]  ? __check_object_size+0x48e/0x900
[   72.048228][ T5993]  netlink_sendmsg+0x8e4/0xcb0
[   72.053006][ T5993]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.058301][ T5993]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.063586][ T5993]  __sock_sendmsg+0x221/0x270
[   72.068262][ T5993]  ____sys_sendmsg+0x52a/0x7e0
[   72.073026][ T5993]  ? __pfx_____sys_sendmsg+0x10/0x10
[   72.078312][ T5993]  ? __fget_files+0x2a/0x410
[   72.082904][ T5993]  ? __fget_files+0x2a/0x410
[   72.087496][ T5993]  __sys_sendmsg+0x269/0x350
[   72.092083][ T5993]  ? __pfx_lock_release+0x10/0x10
[   72.097127][ T5993]  ? __pfx___sys_sendmsg+0x10/0x10
[   72.102248][ T5993]  ? __pfx_vfs_write+0x10/0x10
[   72.107030][ T5993]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.113385][ T5993]  ? do_syscall_64+0x100/0x230
[   72.118189][ T5993]  ? do_syscall_64+0xb6/0x230
[   72.122919][ T5993]  do_syscall_64+0xf3/0x230
[   72.127430][ T5993]  ? clear_bhb_loop+0x35/0x90
[   72.132109][ T5993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.138004][ T5993] RIP: 0033:0x7f396057e819
[   72.142428][ T5993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.162029][ T5993] RSP: 002b:00007f39613a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.170462][ T5993] RAX: ffffffffffffffda RBX: 00007f3960735fa0 RCX: 00007f396057e819
[   72.178430][ T5993] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   72.186403][ T5993] RBP: 00007f39613a3090 R08: 0000000000000000 R09: 0000000000000000
[   72.194368][ T5993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.202341][ T5993] R13: 0000000000000000 R14: 00007f3960735fa0 R15: 00007ffd6ad93c28
[   72.210324][ T5993]  </TASK>
[   72.905011][ T5998] block device autoloading is deprecated and will be removed.
[   72.921405][ T5998] syz.2.21: attempt to access beyond end of device
[   72.921405][ T5998] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   73.492281][ T5996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20'.
[   76.225013][ T6012] tunl0: entered promiscuous mode
[   76.403852][ T6022] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   76.465507][ T6012] netlink: 'syz.1.24': attribute type 1 has an invalid length.
[   76.483135][ T6012] netlink: 9 bytes leftover after parsing attributes in process `syz.1.24'.
[   77.175446][  T974] cfg80211: failed to load regulatory.db
[   77.319407][ T6012] capability: warning: `syz.1.24' uses deprecated v2 capabilities in a way that may be insecure
[   80.011588][ T6034] No such timeout policy "syz0"
[   84.736807][ T6055] can0: slcan on ttyS3.
[   87.180415][ T6045] can0 (unregistered): slcan off ttyS3.
[   88.093903][ T6085] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   89.495319][ T2910] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[   89.704004][ T6097] syz.2.44: attempt to access beyond end of device
[   89.704004][ T6097] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   90.909323][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   90.925050][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   90.932882][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   90.941146][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   90.949479][ T5838] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   90.956778][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   91.461742][ T6124] syz.1.51(6124): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[   92.907895][ T6130] No such timeout policy "syz0"
[   93.081051][ T5158] Bluetooth: hci5: command tx timeout
[   93.631208][ T6117] netlink: 'syz.0.52': attribute type 3 has an invalid length.
[   93.638801][ T6117] netlink: 60 bytes leftover after parsing attributes in process `syz.0.52'.
[   93.647673][ T6117] netlink: 'syz.0.52': attribute type 3 has an invalid length.
[   93.655253][ T6117] netlink: 60 bytes leftover after parsing attributes in process `syz.0.52'.
[   93.748496][ T6108] chnl_net:caif_netlink_parms(): no params data found
[   94.002196][ T6108] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.214744][ T6108] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.233602][ T6108] bridge_slave_0: entered allmulticast mode
[   94.374410][ T6108] bridge_slave_0: entered promiscuous mode
[   94.384202][ T6108] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.391393][ T6108] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.398688][ T6108] bridge_slave_1: entered allmulticast mode
[   94.407669][ T6108] bridge_slave_1: entered promiscuous mode
[   94.461318][ T6147] syz.0.58: attempt to access beyond end of device
[   94.461318][ T6147] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   95.128257][ T6145] binder: BINDER_SET_CONTEXT_MGR already set
[   95.134791][ T6145] binder: 6144:6145 ioctl 4018620d 20000280 returned -16
[   95.149392][ T6145] netlink: 20 bytes leftover after parsing attributes in process `syz.4.59'.
[   95.162942][ T5158] Bluetooth: hci5: command tx timeout
[   95.282467][ T6108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.310882][ T6145] bridge1: entered promiscuous mode
[   95.319876][ T6145] bridge1: entered allmulticast mode
[   95.329599][ T6108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.479220][ T6149] tipc: Failed to remove unknown binding: 66,1,1/0:1690061706/1690061708
[   95.808978][ T6108] team0: Port device team_slave_0 added
[   95.933358][ T6161] No such timeout policy "syz0"
[   96.944443][ T6165] Bluetooth: MGMT ver 1.23
[   97.449073][ T6108] team0: Port device team_slave_1 added
[   97.845766][ T5158] Bluetooth: hci5: command tx timeout
[   99.107367][ T6108] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.136365][ T6108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.229946][  T974] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   99.240529][ T6108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.519962][  T974] usb 3-1: Using ep0 maxpacket: 32
[   99.585746][  T974] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   99.613876][ T6108] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.666905][  T974] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13
[   99.713300][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.719228][ T6108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.732055][  T974] usb 3-1: Product: syz
[   99.748348][    C0] vkms_vblank_simulate: vblank timer overrun
[   99.749573][ T6108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.754539][  T974] usb 3-1: Manufacturer: syz
[   99.754617][  T974] usb 3-1: SerialNumber: syz
[  100.015008][ T5158] Bluetooth: hci5: command tx timeout
[  100.166944][  T974] usb 3-1: config 0 descriptor??
[  100.207217][ T6194] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.281828][  T974] pvrusb2: Hardware description: Terratec Grabster AV400
[  100.288940][  T974] pvrusb2: **********
[  100.293085][  T974] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  100.303402][  T974] pvrusb2: Important functionality might not be entirely working.
[  100.311409][  T974] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  100.323220][  T974] pvrusb2: **********
[  100.357578][ T2910] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.465760][ T2336] pvrusb2: Invalid write control endpoint
[  100.622074][ T2336] pvrusb2: Invalid write control endpoint
[  100.624721][ T2910] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.644963][ T2336] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  100.751744][ T2336] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  100.834615][ T2336] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  100.939167][ T2336] pvrusb2: Device being rendered inoperable
[  101.029504][ T2336] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  101.038935][ T2336] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  101.040574][ T6108] hsr_slave_0: entered promiscuous mode
[  101.067261][    T8] usb 3-1: USB disconnect, device number 2
[  101.144154][ T2336] pvrusb2: Attached sub-driver cx25840
[  101.176260][ T2336] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  101.193989][ T6108] hsr_slave_1: entered promiscuous mode
[  101.259878][ T6108] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.267510][ T6108] Cannot create hsr debugfs directory
[  101.279243][ T2336] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  101.315134][ T2910] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.503150][ T2910] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.612822][ T2910] bridge_slave_1: left allmulticast mode
[  102.638019][ T2910] bridge_slave_1: left promiscuous mode
[  102.657777][ T2910] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.715513][ T2910] bridge_slave_0: left allmulticast mode
[  102.748335][ T2910] bridge_slave_0: left promiscuous mode
[  102.766152][ T2910] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.975683][ T2910] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.991892][ T2910] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.007107][ T2910] bond0 (unregistering): Released all slaves
[  104.036771][ T6227] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.056468][ T6228] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.064564][ T6228] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.146597][ T6260] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.270016][ T6267] No such timeout policy "syz0"
[  107.119993][ T6108] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  107.306573][ T5886] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  108.352681][ T6108] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  111.283430][ T6108] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  111.399801][ T6288] netlink: 'syz.4.94': attribute type 3 has an invalid length.
[  111.407722][ T6288] netlink: 60 bytes leftover after parsing attributes in process `syz.4.94'.
[  111.419302][ T6288] netlink: 'syz.4.94': attribute type 3 has an invalid length.
[  111.428134][ T6288] netlink: 60 bytes leftover after parsing attributes in process `syz.4.94'.
[  111.721178][ T5886] usb 5-1: device not accepting address 3, error -71
[  111.835874][ T6291] syz.0.95 uses obsolete (PF_INET,SOCK_PACKET)
[  112.163934][ T6108] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  112.390357][ T2910] hsr_slave_0: left promiscuous mode
[  112.401561][   T58] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  112.700741][ T2910] hsr_slave_1: left promiscuous mode
[  112.901740][   T58] usb 1-1: config 0 has no interfaces?
[  112.918097][ T2910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.983548][   T58] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  113.352916][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.368491][   T58] usb 1-1: Product: syz
[  113.372912][   T58] usb 1-1: Manufacturer: syz
[  113.379931][   T58] usb 1-1: SerialNumber: syz
[  113.380004][ T2910] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.403092][   T58] usb 1-1: config 0 descriptor??
[  113.467537][ T2910] veth1_macvtap: left promiscuous mode
[  113.474201][ T6308] FAULT_INJECTION: forcing a failure.
[  113.474201][ T6308] name failslab, interval 1, probability 0, space 0, times 0
[  113.487485][ T2910] veth0_macvtap: left promiscuous mode
[  113.493215][ T2910] veth1_vlan: left promiscuous mode
[  113.497256][ T6308] CPU: 1 UID: 0 PID: 6308 Comm: syz.1.98 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  113.500201][ T2910] veth0_vlan: left promiscuous mode
[  113.508708][ T6308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  113.508725][ T6308] Call Trace:
[  113.508732][ T6308]  <TASK>
[  113.508742][ T6308]  dump_stack_lvl+0x241/0x360
[  113.535236][ T6308]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.540478][ T6308]  ? __pfx__printk+0x10/0x10
[  113.545126][ T6308]  ? kmem_cache_alloc_noprof+0x48/0x380
[  113.550730][ T6308]  ? __pfx___might_resched+0x10/0x10
[  113.556064][ T6308]  should_fail_ex+0x3b0/0x4e0
[  113.560790][ T6308]  should_failslab+0xac/0x100
[  113.565512][ T6308]  ? mas_alloc_nodes+0x25b/0x7e0
[  113.570569][ T6308]  kmem_cache_alloc_noprof+0x70/0x380
[  113.575989][ T6308]  mas_alloc_nodes+0x25b/0x7e0
[  113.580804][ T6308]  mas_preallocate+0x575/0x8d0
[  113.585701][ T6308]  ? __pfx_mas_preallocate+0x10/0x10
[  113.591652][ T6308]  ? __mas_set_range+0x133/0x3c0
[  113.596639][ T6308]  ? vm_area_dup+0x1de/0x290
[  113.601299][ T6308]  __split_vma+0x302/0xc50
[  113.605814][ T6308]  ? __pfx___split_vma+0x10/0x10
[  113.610789][ T6308]  vma_modify+0x244/0x330
[  113.615154][ T6308]  vma_modify_flags_name+0x3a6/0x430
[  113.620453][ T6308]  ? __pfx___might_resched+0x10/0x10
[  113.625783][ T6308]  ? __pfx_vma_modify_flags_name+0x10/0x10
[  113.631638][ T6308]  ? break_ksm+0x5e7/0x720
[  113.636108][ T6308]  madvise_update_vma+0x2fe/0xc10
[  113.641183][ T6308]  ? __pfx_madvise_update_vma+0x10/0x10
[  113.646789][ T6308]  do_madvise+0x1e64/0x4d10
[  113.651337][ T6308]  ? mark_lock+0x9a/0x360
[  113.655712][ T6308]  ? __lock_acquire+0x1397/0x2100
[  113.660802][ T6308]  ? __pfx_do_madvise+0x10/0x10
[  113.665691][ T6308]  ? __pfx_lock_acquire+0x10/0x10
[  113.670937][ T6308]  ? get_pid_task+0x23/0x1f0
[  113.675566][ T6308]  ? __pfx_lock_release+0x10/0x10
[  113.680626][ T6308]  ? kstrtouint_from_user+0x128/0x190
[  113.686074][ T6308]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  113.692032][ T6308]  ? ksys_write+0x22a/0x2b0
[  113.696602][ T6308]  ? __pfx_lock_release+0x10/0x10
[  113.701674][ T6308]  ? vfs_write+0x730/0xd30
[  113.706154][ T6308]  ? __mutex_unlock_slowpath+0x21e/0x790
[  113.711835][ T6308]  ? __pfx_vfs_write+0x10/0x10
[  113.716647][ T6308]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  113.722842][ T6308]  ? __fget_files+0x2a/0x410
[  113.727484][ T6308]  ? __fget_files+0x2a/0x410
[  113.732296][ T6308]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  113.738660][ T6308]  ? do_syscall_64+0x100/0x230
[  113.743449][ T6308]  __x64_sys_madvise+0xa6/0xc0
[  113.748486][ T6308]  do_syscall_64+0xf3/0x230
[  113.753034][ T6308]  ? clear_bhb_loop+0x35/0x90
[  113.757939][ T6308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.764009][ T6308] RIP: 0033:0x7f268157e819
[  113.768459][ T6308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.788109][ T6308] RSP: 002b:00007f268235f038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  113.796570][ T6308] RAX: ffffffffffffffda RBX: 00007f2681736080 RCX: 00007f268157e819
[  113.804604][ T6308] RDX: 000000000000000d RSI: 0000000000600003 RDI: 0000000020000000
[  113.812618][ T6308] RBP: 00007f268235f090 R08: 0000000000000000 R09: 0000000000000000
[  113.820765][ T6308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.828780][ T6308] R13: 0000000000000000 R14: 00007f2681736080 R15: 00007ffc8006aa38
[  113.836811][ T6308]  </TASK>
[  115.112820][ T2910] team0 (unregistering): Port device team_slave_1 removed
[  115.167868][ T2910] team0 (unregistering): Port device team_slave_0 removed
[  115.736381][ T5999] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.743687][ T5999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.888006][   T25] usb 1-1: USB disconnect, device number 2
[  116.180309][ T6108] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.255417][ T6108] 8021q: adding VLAN 0 to HW filter on device team0
[  116.562658][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.569872][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.644446][ T6334] No such timeout policy "syz0"
[  116.706763][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.754468][ T6336] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.761793][ T6336] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.967493][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.974673][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.154406][ T6108] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  117.187819][ T6108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  120.033235][ T6365] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.119392][ T6366] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.127060][ T6366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.187341][ T6108] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.395704][ T6378] smk_cipso_doi:706 cipso add rc = -17
[  121.070339][ T6374] vlan2: entered promiscuous mode
[  121.075486][ T6374] macvlan0: entered promiscuous mode
[  121.153712][ T6374] macvlan0: left promiscuous mode
[  121.841361][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.855465][ T6386] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.862745][ T6386] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.469517][ T6108] veth0_vlan: entered promiscuous mode
[  123.385723][ T6108] veth1_vlan: entered promiscuous mode
[  123.647334][ T6108] veth0_macvtap: entered promiscuous mode
[  123.710180][ T6420] netlink: 12 bytes leftover after parsing attributes in process `syz.0.117'.
[  124.413614][ T6417] 8021q: adding VLAN 0 to HW filter on device bond1
[  124.513540][ T6433] kernel read not supported for file / 
 (pid: 6433 comm: syz.4.120)
[  124.639593][   T29] audit: type=1800 audit(1732604892.048:2): pid=6433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.120" name=2001 dev="mqueue" ino=10122 res=0 errno=0
[  125.820965][ T6437] smk_cipso_doi:693 remove rc = -2
[  125.826286][ T6437] smk_cipso_doi:706 cipso add rc = -17
[  126.311214][ T6108] veth1_macvtap: entered promiscuous mode
[  126.358084][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.475549][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.485594][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.496226][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.506184][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.516862][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.526989][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.537519][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.548674][ T6108] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.724503][ T6443] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.745745][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.757550][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.768558][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.797747][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.808083][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.748850][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.779992][ T6108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.790599][ T6108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.802508][ T6108] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.093892][ T6108] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.111657][ T6108] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.129639][ T6108] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.152698][ T6108] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.176785][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.183981][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.241938][   T29] audit: type=1800 audit(1732604895.758:3): pid=6443 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.122" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  128.890364][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.900605][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.944393][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.984296][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.175262][ T6463] netlink: 'syz.2.127': attribute type 3 has an invalid length.
[  129.183674][ T6463] netlink: 60 bytes leftover after parsing attributes in process `syz.2.127'.
[  129.193364][ T6463] netlink: 'syz.2.127': attribute type 3 has an invalid length.
[  129.201688][ T6463] netlink: 60 bytes leftover after parsing attributes in process `syz.2.127'.
[  132.683220][ T6509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.131'.
[  132.936575][ T6508] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  133.346266][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  134.037499][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  135.460619][ T6526] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.546421][   T29] audit: type=1800 audit(1732604903.068:4): pid=6526 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.138" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  135.691243][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.700685][ T5956] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.807147][ T6551] smk_cipso_doi:693 remove rc = -2
[  135.814403][ T6551] smk_cipso_doi:706 cipso add rc = -17
[  138.178393][ T6565] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  138.198851][ T6565] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  138.873290][ T6575] No such timeout policy "syz0"
[  139.744066][ T5886] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  139.753101][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  140.273229][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.148'.
[  140.579159][ T6580] 8021q: adding VLAN 0 to HW filter on device bond1
[  140.738718][ T6600] atomic_op ffff88807dcb6198 conn xmit_atomic 0000000000000000
[  141.505752][ T6610] smk_cipso_doi:693 remove rc = -2
[  141.511197][ T6610] smk_cipso_doi:706 cipso add rc = -17
[  142.271420][ T6592] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  142.404873][ T5888] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  142.718044][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.732729][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  142.742830][ T5888] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  142.756440][ T5888] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  142.766035][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.806013][ T5888] usb 1-1: config 0 descriptor??
[  142.845338][ T6626] No such timeout policy "syz0"
[  142.972156][  T974] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  143.549977][  T974] usb 5-1: Using ep0 maxpacket: 8
[  143.561343][  T974] usb 5-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  143.582829][  T974] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 71, using maximum allowed: 30
[  143.792931][ T5888] acrux 0003:1A34:0802.0001: unknown main item tag 0x0
[  143.801227][ T5888] acrux 0003:1A34:0802.0001: unknown main item tag 0x0
[  143.808154][ T5888] acrux 0003:1A34:0802.0001: unknown main item tag 0x0
[  143.819817][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 12592, setting to 64
[  143.839950][ T5888] acrux 0003:1A34:0802.0001: unknown main item tag 0x0
[  144.805903][  T974] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 71
[  144.820363][ T5888] acrux 0003:1A34:0802.0001: unknown main item tag 0x0
[  144.830315][  T974] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  144.839474][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.457608][ T5888] acrux 0003:1A34:0802.0001: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0
[  145.469868][ T5888] acrux 0003:1A34:0802.0001: no inputs found
[  145.476093][ T5888] acrux 0003:1A34:0802.0001: Failed to enable force feedback support, error: -19
[  145.514561][  T974] usb 5-1: config 0 descriptor??
[  145.549609][  T974] usb 5-1: can't set config #0, error -71
[  145.572981][ T5888] usb 1-1: USB disconnect, device number 3
[  145.623268][  T974] usb 5-1: USB disconnect, device number 5
[  145.630100][ T5885] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[  146.092070][ T6649] No such timeout policy "syz0"
[  148.574244][ T6645] netlink: 'syz.0.163': attribute type 3 has an invalid length.
[  148.581946][ T6645] netlink: 60 bytes leftover after parsing attributes in process `syz.0.163'.
[  148.591296][ T6645] netlink: 'syz.0.163': attribute type 3 has an invalid length.
[  148.598940][ T6645] netlink: 60 bytes leftover after parsing attributes in process `syz.0.163'.
[  154.405829][ T5888] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  155.414963][ T6729] syz.1.177: attempt to access beyond end of device
[  155.414963][ T6729] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  155.547507][ T6732] No such timeout policy "syz0"
[  159.080396][ T6737] netlink: 'syz.5.180': attribute type 3 has an invalid length.
[  159.088095][ T6737] netlink: 60 bytes leftover after parsing attributes in process `syz.5.180'.
[  159.097331][ T6737] netlink: 'syz.5.180': attribute type 3 has an invalid length.
[  159.105011][ T6737] netlink: 60 bytes leftover after parsing attributes in process `syz.5.180'.
[  160.053637][ T6765] smk_cipso_doi:693 remove rc = -2
[  160.059309][ T6765] smk_cipso_doi:706 cipso add rc = -17
[  160.729071][ T2910] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  161.043383][ T6773] fuse: Unknown parameter 'Q'
[  161.117287][ T6775] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  162.215867][ T6786] block device autoloading is deprecated and will be removed.
[  163.195900][   T29] audit: type=1800 audit(1732604930.688:5): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.192" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  163.230600][ T6798] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.350378][ T5885] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  163.510461][ T5885] usb 6-1: device descriptor read/64, error -71
[  163.667006][ T6806] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.849880][ T6808] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.857247][ T6808] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.619982][ T5885] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  164.800078][ T5885] usb 6-1: device descriptor read/64, error -71
[  164.979871][ T5885] usb usb6-port1: attempt power cycle
[  165.128991][ T6820] netlink: 'syz.0.196': attribute type 3 has an invalid length.
[  165.137132][ T6820] netlink: 60 bytes leftover after parsing attributes in process `syz.0.196'.
[  165.146534][ T6820] netlink: 'syz.0.196': attribute type 3 has an invalid length.
[  165.156273][ T6820] netlink: 60 bytes leftover after parsing attributes in process `syz.0.196'.
[  165.479983][   T29] audit: type=1800 audit(1732604932.998:6): pid=6804 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.193" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  165.844610][ T6830] smk_cipso_doi:693 remove rc = -2
[  165.849883][ T6830] smk_cipso_doi:706 cipso add rc = -17
[  166.798701][ T6833] atomic_op ffff8880634ee198 conn xmit_atomic 0000000000000000
[  166.960773][ T6833] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  167.375807][   T29] audit: type=1800 audit(1732604934.898:7): pid=6847 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.201" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  167.395211][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.426509][ T6842] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.652548][ T6848] kvm: emulating exchange as write
[  168.475959][   T29] audit: type=1800 audit(1732604935.988:8): pid=6868 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.207" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  168.537459][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.149957][ T6877] No such timeout policy "syz0"
[  172.361802][ T6898] smk_cipso_doi:693 remove rc = -2
[  172.366988][ T6898] smk_cipso_doi:706 cipso add rc = -17
[  172.461398][   T68] Bluetooth: hci3: Frame reassembly failed (-84)
[  173.417248][ T6914] netlink: 'syz.4.218': attribute type 10 has an invalid length.
[  173.640238][ T6912] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'.
[  173.767176][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.782909][ T6914] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.790148][ T6914] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.802480][ T6914] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  173.811747][ T6912] bridge_slave_1: left allmulticast mode
[  173.822920][ T6912] bridge_slave_1: left promiscuous mode
[  173.828845][ T6912] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.921521][ T6912] bridge_slave_0: left promiscuous mode
[  174.130099][ T6912] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.349454][ T6922] netlink: 12 bytes leftover after parsing attributes in process `syz.5.219'.
[  174.363864][ T6912] bond0: (slave bridge0): Releasing backup interface
[  174.429671][ T6923] 8021q: adding VLAN 0 to HW filter on device bond1
[  174.443029][ T5158] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  174.450821][ T5838] Bluetooth: hci3: command 0xfc11 tx timeout
[  175.042930][ T6941] No such timeout policy "syz0"
[  176.088615][ T6946] netlink: 28 bytes leftover after parsing attributes in process `syz.5.223'.
[  176.630834][ T6977] bridge_slave_0: entered promiscuous mode
[  176.713862][   T29] audit: type=1800 audit(1732604944.228:9): pid=6977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.228" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  178.120281][ T6998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.135986][ T6998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.619568][ T7006] No such timeout policy "syz0"
[  178.880013][ T1203] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  179.236141][ T1203] usb 5-1: Invalid ep0 maxpacket: 16
[  179.429841][ T1203] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  179.471159][ T6997] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.504920][   T29] audit: type=1800 audit(1732604947.028:10): pid=6997 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.233" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  179.677186][ T1203] usb 5-1: Invalid ep0 maxpacket: 16
[  179.781339][ T1203] usb usb5-port1: attempt power cycle
[  180.211675][ T5916] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  181.247539][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  181.255064][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  181.290144][ T1203] usb 5-1: new low-speed USB device number 9 using dummy_hcd
[  181.319865][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  181.326758][ T1203] usb 5-1: Invalid ep0 maxpacket: 16
[  181.333951][ T5916] usb 3-1: unable to get BOS descriptor or descriptor too short
[  181.347462][ T5916] usb 3-1: config 2 has an invalid interface number: 155 but max is 1
[  181.355967][ T5916] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  181.368155][ T5916] usb 3-1: config 2 has 1 interface, different from the descriptor's value: 2
[  181.377118][ T5916] usb 3-1: config 2 has no interface number 0
[  181.475990][ T1203] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  181.515521][ T5916] usb 3-1: too many endpoints for config 2 interface 155 altsetting 15: 96, using maximum allowed: 30
[  181.602660][ T7044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.249480][ T5916] usb 3-1: config 2 interface 155 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 96
[  182.265559][ T5916] usb 3-1: config 2 interface 155 has no altsetting 0
[  182.283002][ T7044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.371020][   T29] audit: type=1800 audit(1732604949.868:11): pid=7045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.242" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  182.522496][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.529832][ T5956] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.590888][ T1203] usb 5-1: device descriptor read/8, error -71
[  182.639257][ T5916] usb 3-1: string descriptor 0 read error: -71
[  182.647175][ T5916] usb 3-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00
[  182.661408][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.700127][ T1203] usb usb5-port1: unable to enumerate USB device
[  182.758072][ T5916] usb 3-1: can't set config #2, error -71
[  183.108816][ T5916] usb 3-1: USB disconnect, device number 4
[  183.811960][ T7060] netlink: 12 bytes leftover after parsing attributes in process `syz.5.245'.
[  184.262581][ T7064] atomic_op ffff88805a2bc198 conn xmit_atomic 0000000000000000
[  185.345716][ T7057] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  186.830765][ T5158] Bluetooth: hci2: command 0x0406 tx timeout
[  186.836941][ T5158] Bluetooth: hci4: command 0x0406 tx timeout
[  188.791920][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.799155][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.806697][   T29] audit: type=1800 audit(1732604956.308:12): pid=7115 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.255" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[  189.498540][ T7129] No such timeout policy "syz0"
[  190.501011][ T7133] delete_channel: no stack
[  190.721454][ T7132] delete_channel: no stack
[  190.730668][ T7130] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  190.779552][ T7130] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  190.832339][ T7130] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  190.870200][ T7154] FAULT_INJECTION: forcing a failure.
[  190.870200][ T7154] name failslab, interval 1, probability 0, space 0, times 0
[  190.875676][ T7156] sctp: [Deprecated]: syz.5.261 (pid 7156) Use of struct sctp_assoc_value in delayed_ack socket option.
[  190.875676][ T7156] Use struct sctp_sack_info instead
[  190.883547][ T7154] CPU: 1 UID: 0 PID: 7154 Comm: syz.0.264 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  190.910596][ T7154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  190.920774][ T7154] Call Trace:
[  190.924099][ T7154]  <TASK>
[  190.927070][ T7154]  dump_stack_lvl+0x241/0x360
[  190.931789][ T7154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.937033][ T7154]  ? __pfx__printk+0x10/0x10
[  190.941698][ T7154]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  190.947714][ T7154]  ? __pfx___might_resched+0x10/0x10
[  190.953051][ T7154]  should_fail_ex+0x3b0/0x4e0
[  190.957878][ T7154]  should_failslab+0xac/0x100
[  190.960052][ T7130] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  190.962682][ T7154]  kmem_cache_alloc_node_noprof+0x77/0x380
[  190.977746][ T7154]  ? __alloc_skb+0x1c3/0x440
[  190.980638][ T5842] Bluetooth: hci1: unexpected event for opcode 0x0c14
[  190.982360][ T7154]  __alloc_skb+0x1c3/0x440
[  190.982399][ T7154]  ? __pfx___alloc_skb+0x10/0x10
[  190.982424][ T7154]  ? netlink_autobind+0xd6/0x2f0
[  190.982440][ T7154]  ? netlink_autobind+0x2b0/0x2f0
[  190.982460][ T7154]  netlink_sendmsg+0x638/0xcb0
[  190.982495][ T7154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.982530][ T7154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.982553][ T7154]  __sock_sendmsg+0x221/0x270
[  190.982578][ T7154]  ____sys_sendmsg+0x52a/0x7e0
[  190.982603][ T7154]  ? __pfx_____sys_sendmsg+0x10/0x10
[  190.982617][ T7154]  ? __fget_files+0x2a/0x410
[  190.982636][ T7154]  ? __fget_files+0x2a/0x410
[  190.982663][ T7154]  __sys_sendmsg+0x269/0x350
[  190.982681][ T7154]  ? __pfx_lock_release+0x10/0x10
[  190.982704][ T7154]  ? __pfx___sys_sendmsg+0x10/0x10
[  190.982733][ T7154]  ? __pfx_vfs_write+0x10/0x10
[  190.982780][ T7154]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  190.982802][ T7154]  ? do_syscall_64+0x100/0x230
[  190.982828][ T7154]  ? do_syscall_64+0xb6/0x230
[  190.982862][ T7154]  do_syscall_64+0xf3/0x230
[  190.982885][ T7154]  ? clear_bhb_loop+0x35/0x90
[  190.982905][ T7154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.982926][ T7154] RIP: 0033:0x7fde3217e819
[  190.982944][ T7154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.982957][ T7154] RSP: 002b:00007fde32f6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.982992][ T7154] RAX: ffffffffffffffda RBX: 00007fde32335fa0 RCX: 00007fde3217e819
[  190.983005][ T7154] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  190.983016][ T7154] RBP: 00007fde32f6f090 R08: 0000000000000000 R09: 0000000000000000
[  190.983026][ T7154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.983036][ T7154] R13: 0000000000000000 R14: 00007fde32335fa0 R15: 00007ffd92b466f8
[  190.983062][ T7154]  </TASK>
[  191.052879][ T7130] geneve2: entered promiscuous mode
[  191.199660][ T7130] geneve2: entered allmulticast mode
[  192.493234][ T7191] syz.5.269: attempt to access beyond end of device
[  192.493234][ T7191] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  192.508819][ T7191] FAT-fs (loop11): unable to read boot sector
[  192.512905][ T5888] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  192.750453][ T5888] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  192.856186][ T5888] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x52, changing to 0x2
[  192.982661][ T5888] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 203
[  193.166825][ T5888] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  193.180546][ T5888] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  193.189844][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.202726][ T7182] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  193.853566][ T7205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.272'.
[  194.109170][ T5888] ath6kl: Failed to submit usb control message: -71
[  194.116921][ T5888] ath6kl: unable to send the bmi data to the device: -71
[  194.124553][ T5888] ath6kl: Unable to send get target info: -71
[  194.133915][ T5888] ath6kl: Failed to init ath6kl core: -71
[  194.145353][ T5888] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  194.180707][ T5888] usb 3-1: USB disconnect, device number 5
[  194.443124][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  194.487108][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  195.925416][ T7229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.278'.
[  196.462335][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  196.471834][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  196.490714][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  197.617271][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  197.626849][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  197.644254][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.0.280'.
[  197.713520][ T7265] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  197.720452][ T7265] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  197.788633][ T7265] vhci_hcd vhci_hcd.0: Device attached
[  197.960084][ T1203] vhci_hcd: vhci_device speed not set
[  197.981491][ T5886] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  198.221722][ T1203] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  199.043208][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  199.054383][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  199.064413][ T5886] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  199.074835][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.086666][ T5886] usb 3-1: config 0 descriptor??
[  201.228712][ T7269] vhci_hcd: connection reset by peer
[  201.267745][ T2988] vhci_hcd: stop threads
[  201.273880][ T2988] vhci_hcd: release socket
[  201.400772][ T2988] vhci_hcd: disconnect device
[  202.183632][ T5886] hid (null): bogus close delimiter
[  202.195514][ T5886] usb 3-1: string descriptor 0 read error: -71
[  202.203356][ T5886] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #200: -71
[  202.212323][ T5886] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71
[  202.223649][ T5886] uclogic 0003:256C:006D.0002: failed probing pen v2 parameters: -71
[  202.231969][ T5886] uclogic 0003:256C:006D.0002: failed probing parameters: -71
[  202.240541][ T5886] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71
[  202.254683][ T5886] usb 3-1: USB disconnect, device number 6
[  202.260685][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  203.946376][ T7360] ebt_limit: overflow, try lower: 0/0
[  204.721269][ T1203] vhci_hcd: vhci_device speed not set
[  208.586624][ T7399] netlink: 56 bytes leftover after parsing attributes in process `syz.2.323'.
[  212.108755][ T7423] i2c i2c-0: Invalid block write size 252
[  212.137302][ T7413] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.216094][ T7413] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  212.469487][ T7413] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.694563][ T7413] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  213.599807][ T7434] warning: `syz.4.333' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  214.191563][ T7413] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.221978][ T7413] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  214.340126][    T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  214.694166][ T7413] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.706315][ T7413] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  214.810372][ T7451] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (14)
[  215.477914][    T9] usb 5-1: Using ep0 maxpacket: 8
[  215.486840][    T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=613b, bcdDevice=c4.6d
[  215.499117][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.507536][    T9] usb 5-1: Product: syz
[  215.519881][    T9] usb 5-1: Manufacturer: syz
[  215.589884][    T9] usb 5-1: SerialNumber: syz
[  215.618035][ T7413] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  215.629972][ T7413] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  215.672161][    T9] usb 5-1: config 0 descriptor??
[  215.694835][ T7413] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  215.719277][    T9] gspca_main: sonixj-2.14.0 probing 0c45:613b
[  215.735949][ T7413] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  215.766714][ T7413] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  215.776252][ T7413] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  215.872913][ T7413] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  215.903305][ T7413] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  217.279972][    T9] gspca_sonixj: reg_w1 err -110
[  217.285022][    T9] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  217.471630][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  217.506864][ T5838] Bluetooth: hci5: command 0x0406 tx timeout
[  218.219070][   T58] usb 5-1: USB disconnect, device number 12
[  218.906785][ T7488] xt_addrtype: ipv6 does not support BROADCAST matching
[  224.440464][ T7513] Process accounting resumed
[  228.010849][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  228.028545][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  228.043704][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  228.053865][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  228.064221][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  228.072921][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  228.240182][ T5916] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  228.878715][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  228.899035][ T5916] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  228.919025][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.966302][ T5916] usb 3-1: config 0 descriptor??
[  229.676347][ T7548] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.365'.
[  229.685776][ T7548] netlink: zone id is out of range
[  229.691430][ T7548] netlink: zone id is out of range
[  229.696578][ T7548] netlink: zone id is out of range
[  229.701825][ T7548] netlink: get zone limit has 8 unknown bytes
[  229.760627][ T7539] netlink: 8 bytes leftover after parsing attributes in process `syz.4.360'.
[  229.829222][ T5916] steelseries 0003:1038:1410.0003: not enough fields in HID_OUTPUT_REPORT 0
[  230.192374][ T5838] Bluetooth: hci3: command tx timeout
[  230.229200][   T58] usb 3-1: USB disconnect, device number 7
[  231.445418][ T7558] =======================================================
[  231.445418][ T7558] WARNING: The mand mount option has been deprecated and
[  231.445418][ T7558]          and is ignored by this kernel. Remove the mand
[  231.445418][ T7558]          option from the mount to silence this warning.
[  231.445418][ T7558] =======================================================
[  231.484023][ T7558] overlayfs: missing 'lowerdir'
[  231.721799][ T7528] chnl_net:caif_netlink_parms(): no params data found
[  232.743092][ T5838] Bluetooth: hci3: command tx timeout
[  233.688494][ T7584] netlink: 8 bytes leftover after parsing attributes in process `syz.4.375'.
[  233.698063][ T7586] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.376'.
[  233.698145][ T7586] netlink: zone id is out of range
[  233.713288][ T7586] netlink: zone id is out of range
[  233.718504][ T7586] netlink: get zone limit has 8 unknown bytes
[  233.736141][ T7528] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.747490][ T7528] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.774894][ T7528] bridge_slave_0: entered allmulticast mode
[  233.783558][ T7528] bridge_slave_0: entered promiscuous mode
[  233.932040][ T7528] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.948066][ T7528] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.957593][ T7528] bridge_slave_1: entered allmulticast mode
[  233.974849][ T7528] bridge_slave_1: entered promiscuous mode
[  234.284038][   T68] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.397514][   T68] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.163766][ T5838] Bluetooth: hci3: command tx timeout
[  236.128604][ T7621] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  236.534916][   T68] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.443670][ T5842] Bluetooth: hci3: command tx timeout
[  237.512274][ T7528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.644423][ T7528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.029549][ T7641] overlay: ./file0 is not a directory
[  239.110739][   T68] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.545177][ T7656] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.398'.
[  239.571864][ T7656] netlink: zone id is out of range
[  239.589515][ T7528] team0: Port device team_slave_0 added
[  239.609641][ T7656] netlink: zone id is out of range
[  239.653865][ T7656] netlink: get zone limit has 8 unknown bytes
[  239.861554][ T7528] team0: Port device team_slave_1 added
[  241.063085][ T7672] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 0, id = 0
[  241.182187][ T7528] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.203178][ T7528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.634212][ T7528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.965450][ T7528] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.976347][ T7528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  243.003352][ T7528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  243.057242][   T68] bridge_slave_1: left allmulticast mode
[  243.065960][   T68] bridge_slave_1: left promiscuous mode
[  243.077150][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.105684][   T68] bridge_slave_0: left promiscuous mode
[  243.112338][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.290154][ T5916] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  248.260729][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  248.267871][ T5916] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  248.276468][ T5916] usb 5-1: config 179 has no interface number 0
[  248.286102][ T5916] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  248.556071][ T5916] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  248.567856][ T5916] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  248.579233][ T5916] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  248.591072][ T5916] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  248.604783][ T5916] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  248.614038][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.721648][ T7714] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  249.328932][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  249.337270][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  249.346147][ T5916] usb 5-1: USB disconnect, device number 13
[  249.557566][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.585334][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.597935][   T68] bond0 (unregistering): Released all slaves
[  249.608509][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  249.881510][   T68] bond1 (unregistering): Released all slaves
[  250.007695][ T7735] evm: overlay not supported
[  250.020045][ T7735] Invalid ELF header magic: != ELF
[  250.520206][   T29] audit: type=1804 audit(1732605019.522:13): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.421" name="/newroot/93/bus/bus" dev="overlay" ino=511 res=1 errno=0
[  250.734324][ T7528] hsr_slave_0: entered promiscuous mode
[  250.768494][ T7528] hsr_slave_1: entered promiscuous mode
[  250.806676][ T7528] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  250.829814][ T7528] Cannot create hsr debugfs directory
[  256.071598][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  256.077946][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  256.123884][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  258.575424][ T7789] tty tty22: ldisc open failed (-12), clearing slot 21
[  259.210371][ T7796] netlink: 72 bytes leftover after parsing attributes in process `syz.2.438'.
[  260.352017][ T7809] netlink: 12 bytes leftover after parsing attributes in process `syz.2.439'.
[  265.516506][   T29] audit: type=1326 audit(1732605034.922:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7819 comm="syz.5.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635797e819 code=0x7fc00000
[  266.076959][   T68] hsr_slave_0: left promiscuous mode
[  266.106600][   T68] hsr_slave_1: left promiscuous mode
[  266.199316][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.219861][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.268933][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.280418][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.305281][   T68] veth1_macvtap: left promiscuous mode
[  266.311323][   T68] veth0_macvtap: left promiscuous mode
[  266.317423][   T68] veth1_vlan: left promiscuous mode
[  267.291292][   T68] team0 (unregistering): Port device team_slave_1 removed
[  267.345236][   T68] team0 (unregistering): Port device team_slave_0 removed
[  267.883659][ T7850] netlink: 'syz.1.448': attribute type 25 has an invalid length.
[  267.903709][ T7850] netlink: 'syz.1.448': attribute type 1 has an invalid length.
[  267.920172][ T7850] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.473021][ T7873] ebt_limit: overflow, try lower: 0/0
[  269.399899][ T7528] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  269.655846][ T7528] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  270.708644][ T7528] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  270.773240][ T7528] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  270.800179][ T5842] Bluetooth: hci5: unexpected event for opcode 0x1005
[  272.239419][ T7902] xt_l2tp: v2 doesn't support IP mode
[  272.924915][ T7528] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.067992][ T7910] netlink: 40 bytes leftover after parsing attributes in process `syz.2.461'.
[  273.166430][ T7528] 8021q: adding VLAN 0 to HW filter on device team0
[  273.922263][ T6586] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.929909][ T6586] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.051592][ T6586] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.058756][ T6586] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.118210][ T7528] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  274.137177][ T7528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  277.061830][ T1203] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  277.172927][ T7528] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.771013][ T1203] usb 3-1: Using ep0 maxpacket: 16
[  277.779147][ T1203] usb 3-1: config 5 has an invalid interface number: 168 but max is 0
[  277.796540][ T1203] usb 3-1: config 5 has no interface number 0
[  277.803103][ T1203] usb 3-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  277.975088][ T1203] usb 3-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  277.986246][ T1203] usb 3-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023
[  277.996573][ T1203] usb 3-1: config 5 interface 168 has no altsetting 0
[  278.008228][ T1203] usb 3-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  278.051818][ T1203] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.083941][ T1203] usb 3-1: Product: syz
[  278.088315][ T1203] usb 3-1: Manufacturer: syz
[  278.137969][ T7973] input: syz0 as /devices/virtual/input/input5
[  278.150985][ T1203] usb 3-1: SerialNumber: syz
[  278.686072][ T7946] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  278.693531][ T7946] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  278.931052][    C0] usb 3-1: NFC: Urb failure (status -71)
[  278.938428][    C0] usb 3-1: NFC: Urb failure (status -71)
[  278.946115][ T1203] usb 3-1: NFC: Unable to get FW version
[  278.961375][ T1203] pn533_usb 3-1:5.168: probe with driver pn533_usb failed with error -71
[  279.004368][ T1203] usb 3-1: USB disconnect, device number 8
[  279.942137][ T7528] veth0_vlan: entered promiscuous mode
[  279.985170][ T7528] veth1_vlan: entered promiscuous mode
[  280.322307][ T1203] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  280.420393][ T7528] veth0_macvtap: entered promiscuous mode
[  280.442291][ T7528] veth1_macvtap: entered promiscuous mode
[  281.318514][ T1203] usb 3-1: Using ep0 maxpacket: 32
[  281.449071][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.507059][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.517155][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.527916][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.537964][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.548753][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.558655][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.569872][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.580889][ T7528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  281.870804][ T1203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.882053][ T1203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  281.892024][ T1203] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  281.904919][ T1203] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  281.914354][ T1203] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.925827][ T1203] usb 3-1: config 0 descriptor??
[  282.243757][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  282.408960][ T1203] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0004/input/input6
[  282.465985][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  282.477994][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  282.487293][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  282.497112][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  282.513932][ T5838] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  282.523042][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  282.674927][ T1203] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0004/input/input7
[  283.514951][ T1203] kye 0003:0458:5011.0004: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0
[  284.766889][ T5838] Bluetooth: hci0: command tx timeout
[  286.008665][   T25] usb 3-1: USB disconnect, device number 9
[  287.160429][ T5838] Bluetooth: hci0: command tx timeout
[  288.315557][ T8028] chnl_net:caif_netlink_parms(): no params data found
[  289.260772][ T5838] Bluetooth: hci0: command tx timeout
[  290.651521][ T8104] dvmrp0: entered allmulticast mode
[  291.720283][ T5842] Bluetooth: hci0: command tx timeout
[  292.676119][ T8028] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.683767][   T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  292.696882][ T8028] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.740216][ T8028] bridge_slave_0: entered allmulticast mode
[  292.850988][   T25] usb 6-1: device descriptor read/64, error -71
[  292.970580][ T8028] bridge_slave_0: entered promiscuous mode
[  293.099826][   T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  293.329879][ T8028] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.337032][ T8028] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.378225][ T8028] bridge_slave_1: entered allmulticast mode
[  293.384868][   T25] usb 6-1: device descriptor read/64, error -71
[  293.393808][ T8028] bridge_slave_1: entered promiscuous mode
[  293.510112][   T25] usb usb6-port1: attempt power cycle
[  293.601976][   T29] audit: type=1804 audit(1732605063.132:15): pid=8140 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.510" name="/newroot/108/bus/bus" dev="overlay" ino=608 res=1 errno=0
[  293.620574][ T8140] Invalid ELF header magic: != ELF
[  293.634657][ T8028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.655213][ T8028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.812309][   T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  295.822053][ T8155] ebt_limit: overflow, try lower: 0/0
[  296.127560][ T8028] team0: Port device team_slave_0 added
[  296.282917][ T8028] team0: Port device team_slave_1 added
[  296.412781][   T25] usb 6-1: device descriptor read/8, error -71
[  296.665856][ T1169] bridge_slave_1: left allmulticast mode
[  296.678904][ T1169] bridge_slave_1: left promiscuous mode
[  296.700425][ T1169] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.951457][ T1169] bridge_slave_0: left allmulticast mode
[  296.957273][ T1169] bridge_slave_0: left promiscuous mode
[  296.963466][ T1169] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.069788][ T8181] Invalid ELF header magic: != ELF
[  299.078348][   T29] audit: type=1804 audit(1732605068.592:16): pid=8181 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.522" name="/newroot/90/bus/bus" dev="overlay" ino=497 res=1 errno=0
[  302.786089][ T8197] ebt_limit: overflow, try lower: 0/0
[  303.185387][ T5842] Bluetooth: hci4: command 0x0406 tx timeout
[  303.388687][ T1169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.403399][ T1169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.414514][ T1169] bond0 (unregistering): Released all slaves
[  303.427349][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.434938][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.461182][ T8028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.482270][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_1
[  303.491749][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.531804][ T8028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.847361][ T1169] hsr_slave_0: left promiscuous mode
[  303.874666][ T1169] hsr_slave_1: left promiscuous mode
[  303.891325][ T1169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.590526][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.631468][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.713966][ T1169] veth1_macvtap: left promiscuous mode
[  304.719551][ T1169] veth0_macvtap: left promiscuous mode
[  304.751423][ T1169] veth1_vlan: left promiscuous mode
[  304.756771][ T1169] veth0_vlan: left promiscuous mode
[  305.777434][ T5842] Bluetooth: hci2: unexpected event for opcode 0x1005
[  306.393598][ T8238] netlink: 72 bytes leftover after parsing attributes in process `syz.4.538'.
[  306.809242][ T8244] ebt_limit: overflow, try lower: 0/0
[  308.478140][ T1169] team0 (unregistering): Port device team_slave_1 removed
[  308.533013][ T1169] team0 (unregistering): Port device team_slave_0 removed
[  310.119736][   T29] audit: type=1804 audit(1732605078.992:17): pid=8257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.543" name="/newroot/96/bus/bus" dev="overlay" ino=538 res=1 errno=0
[  310.504205][ T8028] hsr_slave_0: entered promiscuous mode
[  310.670427][ T8028] hsr_slave_1: entered promiscuous mode
[  314.711259][ T8300] netlink: 72 bytes leftover after parsing attributes in process `syz.4.548'.
[  314.928566][ T5842] Bluetooth: hci2: unexpected event for opcode 0x1005
[  315.738221][   T29] audit: type=1804 audit(1732605084.822:18): pid=8312 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.555" name="/newroot/134/bus/bus" dev="overlay" ino=746 res=1 errno=0
[  317.399279][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  317.405946][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  319.939883][ T5838] Bluetooth: hci0: command 0x0405 tx timeout
[  320.286853][ T8348] netlink: 72 bytes leftover after parsing attributes in process `syz.4.565'.
[  321.489254][ T8356] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.566'.
[  321.729454][ T8356] netlink: zone id is out of range
[  321.929548][   T29] audit: type=1804 audit(1732605091.392:19): pid=8363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.569" name="/newroot/121/bus/bus" dev="overlay" ino=685 res=1 errno=0
[  322.939758][ T8356] netlink: zone id is out of range
[  323.185772][ T8356] netlink: zone id is out of range
[  323.202194][ T8356] netlink: get zone limit has 8 unknown bytes
[  323.494845][ T8028] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  323.783860][ T8028] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  324.790067][ T8383] input: syz0 as /devices/virtual/input/input9
[  324.852434][ T8028] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  324.898695][ T8028] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  325.793641][ T8028] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.810340][ T8028] 8021q: adding VLAN 0 to HW filter on device team0
[  325.840646][ T8028] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  325.869496][ T8028] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  325.889724][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.896927][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.905871][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.913067][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  327.735312][ T8028] 8021q: adding VLAN 0 to HW filter on device batadv0
[  328.503582][ T8028] veth0_vlan: entered promiscuous mode
[  329.703143][ T8028] veth1_vlan: entered promiscuous mode
[  329.772968][ T8028] veth0_macvtap: entered promiscuous mode
[  329.790580][ T8028] veth1_macvtap: entered promiscuous mode
[  329.895355][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.906070][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.916414][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.927230][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.937316][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.948135][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.958252][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.968863][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.982124][ T8028] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.992783][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.003354][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.013228][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.023902][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.033913][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.044786][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.055969][ T8028] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.065900][ T8028] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.074830][ T8028] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.083699][ T8028] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.092604][ T8028] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.211734][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.219742][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.265642][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.282968][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.745474][ T8513] process 'syz.6.350' launched './file0' with NULL argv: empty string added
[  333.558298][ T8520] Process accounting resumed
[  337.286545][ T8557] Bluetooth: MGMT ver 1.23
[  337.690470][ T8568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.612'.
[  341.804202][ T5916] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  342.175574][ T5916] usb 6-1: Using ep0 maxpacket: 16
[  342.355801][ T8633] overlayfs: failed to resolve './file0': -2
[  342.902477][ T5916] usb 6-1: config 5 has an invalid interface number: 168 but max is 0
[  342.925693][ T5916] usb 6-1: config 5 has no interface number 0
[  342.947702][ T5916] usb 6-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  343.129951][ T5916] usb 6-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  343.148800][ T5916] usb 6-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023
[  343.163816][ T5916] usb 6-1: config 5 interface 168 has no altsetting 0
[  343.204323][ T5916] usb 6-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  343.213768][ T5916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.259716][ T5916] usb 6-1: Product: syz
[  343.263943][ T5916] usb 6-1: Manufacturer: syz
[  343.268594][ T5916] usb 6-1: SerialNumber: syz
[  343.306012][ T8605] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  343.385714][ T8605] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  343.531541][ T8647] syz.4.627: attempt to access beyond end of device
[  343.531541][ T8647] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  343.546111][ T8647] FAT-fs (loop9): unable to read boot sector
[  344.601983][    C0] usb 6-1: NFC: Urb failure (status -71)
[  344.610342][    C0] usb 6-1: NFC: Urb failure (status -71)
[  344.624064][ T5916] usb 6-1: NFC: Unable to get FW version
[  344.630701][ T5916] pn533_usb 6-1:5.168: probe with driver pn533_usb failed with error -71
[  344.691102][ T5916] usb 6-1: USB disconnect, device number 10
[  345.241757][   T29] audit: type=1804 audit(1732605114.752:20): pid=8664 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.631" name="/newroot/117/bus/bus" dev="overlay" ino=654 res=1 errno=0
[  345.732094][ T8652] netlink: 56 bytes leftover after parsing attributes in process `syz.2.626'.
[  346.008101][   T29] audit: type=1804 audit(1732605115.532:21): pid=8677 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.633" name="/newroot/118/bus/file0" dev="overlay" ino=668 res=1 errno=0
[  346.014019][ T8679] netlink: 72 bytes leftover after parsing attributes in process `syz.1.632'.
[  346.991467][ T8652] blktrace: Concurrent blktraces are not allowed on sg0
[  348.390880][ T8693] netlink: 16 bytes leftover after parsing attributes in process `syz.5.638'.
[  351.848839][   T29] audit: type=1804 audit(1732605121.362:22): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.641" name="/newroot/133/bus/bus" dev="overlay" ino=759 res=1 errno=0
[  352.219854][   T29] audit: type=1804 audit(1732605121.542:23): pid=8721 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.643" name="/newroot/11/bus/bus" dev="overlay" ino=95 res=1 errno=0
[  354.150699][   T29] audit: type=1804 audit(1732605123.642:24): pid=8733 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.646" name="/newroot/12/bus/file0" dev="overlay" ino=109 res=1 errno=0
[  354.190537][ T8741] netlink: 72 bytes leftover after parsing attributes in process `syz.2.647'.
[  355.447374][ T8755] netlink: 56 bytes leftover after parsing attributes in process `syz.4.651'.
[  355.955286][ T8770] blktrace: Concurrent blktraces are not allowed on sg0
[  357.804533][   T29] audit: type=1804 audit(1732605127.312:25): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.656" name="/newroot/136/bus/bus" dev="overlay" ino=783 res=1 errno=0
[  360.691011][   T29] audit: type=1804 audit(1732605129.792:26): pid=8791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.657" name="/newroot/159/bus/bus" dev="overlay" ino=896 res=1 errno=0
[  366.189792][ T8856] netlink: 72 bytes leftover after parsing attributes in process `syz.5.671'.
[  366.652938][ T8863] netlink: 56 bytes leftover after parsing attributes in process `syz.1.673'.
[  367.845824][ T8877] blktrace: Concurrent blktraces are not allowed on sg0
[  370.462605][ T8895] netlink: 20 bytes leftover after parsing attributes in process `syz.5.679'.
[  372.124651][ T8915] netlink: 72 bytes leftover after parsing attributes in process `syz.5.683'.
[  373.174685][ T8923] netlink: 16 bytes leftover after parsing attributes in process `syz.1.685'.
[  373.639259][ T8923] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  374.097961][ T8929] netlink: 56 bytes leftover after parsing attributes in process `syz.5.686'.
[  374.373519][ T8931] blktrace: Concurrent blktraces are not allowed on sg0
[  378.762702][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.769105][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  379.341205][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  379.364909][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  379.397207][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  379.425034][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  379.448433][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  379.464109][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  380.002980][ T8987] netlink: 56 bytes leftover after parsing attributes in process `syz.5.701'.
[  380.342760][ T8990] blktrace: Concurrent blktraces are not allowed on sg0
[  381.625424][   T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  381.645207][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  381.670546][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  381.683163][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  381.694194][   T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  381.702421][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  381.800513][   T54] Bluetooth: hci3: command tx timeout
[  382.587354][ T8974] chnl_net:caif_netlink_parms(): no params data found
[  384.226081][ T5838] Bluetooth: hci6: command tx timeout
[  384.232525][ T5838] Bluetooth: hci3: command tx timeout
[  385.140934][ T8983] chnl_net:caif_netlink_parms(): no params data found
[  385.587552][ T8974] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.600708][ T8974] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.637309][ T8974] bridge_slave_0: entered allmulticast mode
[  385.742392][ T8974] bridge_slave_0: entered promiscuous mode
[  385.775064][ T9053] netlink: 56 bytes leftover after parsing attributes in process `syz.1.713'.
[  386.023304][ T9059] blktrace: Concurrent blktraces are not allowed on sg0
[  386.332382][   T54] Bluetooth: hci3: command tx timeout
[  386.338277][   T54] Bluetooth: hci6: command tx timeout
[  386.571602][ T8974] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.625023][ T8974] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.684020][ T8974] bridge_slave_1: entered allmulticast mode
[  386.721283][ T8974] bridge_slave_1: entered promiscuous mode
[  387.074784][ T8983] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.125514][ T8983] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.163827][ T8983] bridge_slave_0: entered allmulticast mode
[  387.189311][ T8983] bridge_slave_0: entered promiscuous mode
[  387.243392][ T8983] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.290687][ T8983] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.329913][ T8983] bridge_slave_1: entered allmulticast mode
[  387.336647][ T8983] bridge_slave_1: entered promiscuous mode
[  387.380718][ T8974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.436960][ T8974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.613188][ T8983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.676172][ T8983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.735553][ T8974] team0: Port device team_slave_0 added
[  387.784035][ T8974] team0: Port device team_slave_1 added
[  387.956021][ T8983] team0: Port device team_slave_0 added
[  388.023677][ T8974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.045703][ T8974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.136416][ T8974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.175718][ T8983] team0: Port device team_slave_1 added
[  388.200700][ T8974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.219870][ T8974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.282162][ T8974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.357707][ T8983] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.365042][ T5838] Bluetooth: hci3: command tx timeout
[  388.385285][ T8983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.444003][ T5838] Bluetooth: hci6: command tx timeout
[  388.454061][ T8983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.486255][ T8983] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.505303][ T8983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.571594][ T8983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.610457][ T8974] hsr_slave_0: entered promiscuous mode
[  388.627888][ T8974] hsr_slave_1: entered promiscuous mode
[  388.636390][ T8974] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  388.647418][ T8974] Cannot create hsr debugfs directory
[  388.704076][ T8983] hsr_slave_0: entered promiscuous mode
[  388.713161][ T8983] hsr_slave_1: entered promiscuous mode
[  388.719267][ T8983] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  388.729313][ T8983] Cannot create hsr debugfs directory
[  388.910537][ T8974] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  388.928810][ T8974] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  388.954899][ T8974] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  388.976233][ T8974] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  389.022327][ T8983] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  389.042683][ T8983] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  389.057358][ T8983] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  389.085881][ T8983] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  389.135406][ T8974] 8021q: adding VLAN 0 to HW filter on device bond0
[  389.177343][ T8974] 8021q: adding VLAN 0 to HW filter on device team0
[  389.195522][ T1169] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.202645][ T1169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.253174][ T1169] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.260327][ T1169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.286238][ T8983] 8021q: adding VLAN 0 to HW filter on device bond0
[  389.301941][ T8974] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  389.334173][ T8983] 8021q: adding VLAN 0 to HW filter on device team0
[  389.362813][ T1169] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.369975][ T1169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.415199][ T1169] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.422425][ T1169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.480049][ T8983] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  389.512662][ T8983] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  389.574293][ T8974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.766826][ T8983] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.926858][ T8974] veth0_vlan: entered promiscuous mode
[  389.959174][ T8974] veth1_vlan: entered promiscuous mode
[  390.017648][ T8974] veth0_macvtap: entered promiscuous mode
[  390.044413][ T8974] veth1_macvtap: entered promiscuous mode
[  390.077668][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.099148][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.116626][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.127613][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.142434][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.155488][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.168522][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.184213][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.194871][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.212208][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.227905][ T8974] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.263399][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.277480][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.296800][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.308105][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.322595][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.338033][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.352576][ T8974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.365934][ T8974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.381616][ T8974] batman_adv: batadv0: Interface activated: batadv_slave_1
[  390.406410][ T8974] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  390.418771][ T8974] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  390.433171][ T8974] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.447184][ T8974] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  390.474434][ T8983] veth0_vlan: entered promiscuous mode
[  390.513189][ T8983] veth1_vlan: entered promiscuous mode
[  390.521070][ T5838] Bluetooth: hci6: command tx timeout
[  390.586153][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.608569][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.628968][ T8983] veth0_macvtap: entered promiscuous mode
[  390.657003][ T8983] veth1_macvtap: entered promiscuous mode
[  390.673067][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.697148][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.708429][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.722966][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.735668][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.748231][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.765318][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.783123][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.793980][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.808872][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.825933][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.836706][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.852487][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.864565][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.878432][ T8983] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.915588][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.927411][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.943696][ T8819] sched: DL replenish lagged too much
[  390.943758][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.964439][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.974995][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.993062][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  391.007455][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  391.023835][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  391.034704][ T8983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  391.049372][ T8983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  391.070415][ T8983] batman_adv: batadv0: Interface activated: batadv_slave_1
[  391.096162][ T8983] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.141055][ T8983] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.161511][ T8983] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.175671][ T8983] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.287198][ T6586] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.316884][ T6586] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.389543][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.411513][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.982326][ T9129] input: syz1 as /devices/virtual/input/input10
[  392.557384][ T9142] netlink: 56 bytes leftover after parsing attributes in process `syz.4.723'.
[  392.662916][ T9143] syz.5.725: attempt to access beyond end of device
[  392.662916][ T9143] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  392.676682][ T9143] FAT-fs (loop11): unable to read boot sector
[  393.172825][ T9147] blktrace: Concurrent blktraces are not allowed on sg0
[  394.918141][ T9163] smc: net device wg0 applied user defined pnetid SYZ0
[  394.941793][ T9163] netlink: 'syz.5.731': attribute type 39 has an invalid length.
[  395.123222][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.1.732'.
[  396.051230][ T9163] smc: removing net device wg0 with user defined pnetid SYZ0
[  397.461220][ T9184] netlink: 56 bytes leftover after parsing attributes in process `syz.7.739'.
[  398.773494][ T9184] blktrace: Concurrent blktraces are not allowed on sg0
[  399.362470][ T9203] ebt_limit: overflow, try lower: 0/0
[  400.415775][ T9208] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 0, id = 0
[  402.507400][   T29] audit: type=1326 audit(1732605171.992:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  402.538612][   T29] audit: type=1326 audit(1732605171.992:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  402.888329][ T9239] netlink: 56 bytes leftover after parsing attributes in process `syz.5.757'.
[  402.912864][   T29] audit: type=1326 audit(1732605171.992:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  402.974744][ T9240] ebt_limit: overflow, try lower: 0/0
[  403.905492][   T29] audit: type=1326 audit(1732605172.002:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  403.979530][ T9245] blktrace: Concurrent blktraces are not allowed on sg0
[  404.681958][   T29] audit: type=1326 audit(1732605172.002:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.682156][   T29] audit: type=1326 audit(1732605172.002:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.682368][   T29] audit: type=1326 audit(1732605172.002:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.682553][   T29] audit: type=1326 audit(1732605172.002:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.682736][   T29] audit: type=1326 audit(1732605172.002:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.682920][   T29] audit: type=1326 audit(1732605172.002:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9230 comm="syz.4.754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f396057e819 code=0x7ffc0000
[  404.846320][ T9250] tty tty34: ldisc open failed (-12), clearing slot 33
[  405.435983][ T9252] syz.4.759: attempt to access beyond end of device
[  405.435983][ T9252] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  405.449257][ T9252] FAT-fs (loop9): unable to read boot sector
[  406.681370][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  408.131972][ T9278] overlayfs: failed to resolve './file0': -2
[  412.811457][ T9323] overlayfs: failed to resolve './file0': -2
[  414.608137][ T9333] netlink: 'syz.4.786': attribute type 1 has an invalid length.
[  415.150065][ T9333] 8021q: adding VLAN 0 to HW filter on device bond1
[  415.214648][ T9339] bond1: (slave gretap1): making interface the new active one
[  415.223137][ T9339] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  415.234945][ T9342] vlan2: entered promiscuous mode
[  415.243070][ T9342] bond1: entered promiscuous mode
[  415.248102][ T9342] gretap1: entered promiscuous mode
[  416.594625][ T9355] overlayfs: failed to resolve './file0': -2
[  417.502828][ T9375] trusted_key: syz.4.790 sent an empty control message without MSG_MORE.
[  417.598801][ T2988] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.674333][ T9364] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  420.377027][ T2988] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.539320][ T9410] Process accounting resumed
[  421.219587][ T9415] overlayfs: failed to resolve './file0': -2
[  421.882954][ T2988] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.478283][ T2988] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.608073][ T9426] ax25_connect(): syz.7.804 uses autobind, please contact jreuter@yaina.de
[  424.634565][   T25] IPVS: starting estimator thread 0...
[  424.740069][ T9453] IPVS: using max 27 ests per chain, 64800 per kthread
[  425.505397][ T9459] Process accounting resumed
[  426.241142][ T2988] bridge_slave_1: left allmulticast mode
[  426.295624][ T2988] bridge_slave_1: left promiscuous mode
[  426.320464][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.351135][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.499306][ T9526] overlayfs: failed to resolve './file0': -2
[  428.577955][ T9528] Process accounting resumed
[  430.024820][ T9545] netlink: 32 bytes leftover after parsing attributes in process `syz.5.842'.
[  431.301012][ T9564] Process accounting resumed
[  432.729372][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  432.765171][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  432.785924][ T2988] bond0 (unregistering): Released all slaves
[  433.748942][ T2988] bond1 (unregistering): Released all slaves
[  435.229341][ T9634] ebt_limit: overflow, try lower: 0/0
[  435.792865][ T2988] hsr_slave_0: left promiscuous mode
[  435.934776][ T2988] hsr_slave_1: left promiscuous mode
[  435.959381][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.978940][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.081140][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  436.088975][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.214546][ T2988] veth1_macvtap: left promiscuous mode
[  436.223593][ T2988] veth0_macvtap: left promiscuous mode
[  436.224010][ T2988] veth1_vlan: left promiscuous mode
[  436.224118][ T2988] veth0_vlan: left promiscuous mode
[  437.043113][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  437.134182][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  437.748767][ T9671] overlayfs: failed to resolve './file0': -2
[  440.232996][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  440.272843][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  440.420701][ T9712] overlayfs: failed to resolve './file1': -2
[  443.279915][ T9755] overlayfs: failed to resolve './file1': -2
[  444.112114][ T2988] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.484006][ T2988] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.667725][ T2988] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.132729][ T2988] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.178617][ T8134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  445.282623][ T9809] overlayfs: failed to resolve './file1': -2
[  445.296916][ T8134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.909359][ T5838] Bluetooth: hci5: unexpected event for opcode 0x1005
[  448.120051][ T2988] bridge_slave_1: left allmulticast mode
[  448.160990][ T2988] bridge_slave_1: left promiscuous mode
[  448.166768][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.206842][ T2988] bridge_slave_0: left allmulticast mode
[  448.231941][ T2988] bridge_slave_0: left promiscuous mode
[  448.237685][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.289067][ T5915] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  448.662586][ T5915] usb 9-1: Using ep0 maxpacket: 32
[  449.197906][ T5915] usb 9-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  449.207326][ T5915] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.215604][ T5915] usb 9-1: Product: syz
[  449.305360][ T5915] usb 9-1: Manufacturer: syz
[  449.307126][ T9858] ax25_connect(): syz.4.934 uses autobind, please contact jreuter@yaina.de
[  449.330951][ T5888] IPVS: starting estimator thread 0...
[  449.353908][ T5915] usb 9-1: SerialNumber: syz
[  449.386124][ T5915] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  449.411953][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  449.444744][ T9863] IPVS: using max 23 ests per chain, 55200 per kthread
[  449.890716][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  449.904134][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  449.914943][ T2988] bond0 (unregistering): Released all slaves
[  450.013291][ T5915] gspca_stk1135: reg_w 0x3 err -71
[  450.020254][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.038195][ T5915] gspca_stk1135: Sensor write failed
[  450.116029][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.124550][ T5915] gspca_stk1135: Sensor write failed
[  450.130033][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.136458][ T5915] gspca_stk1135: Sensor read failed
[  450.142061][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.148806][ T5915] gspca_stk1135: Sensor read failed
[  450.154869][ T5915] gspca_stk1135: Detected sensor type unknown (0x0)
[  450.162089][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.168674][ T5915] gspca_stk1135: Sensor read failed
[  450.174087][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.180616][ T5915] gspca_stk1135: Sensor read failed
[  450.183089][ T5838] Bluetooth: hci1: unexpected event for opcode 0x1005
[  450.185906][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.199071][ T5915] gspca_stk1135: Sensor write failed
[  450.204938][ T5915] gspca_stk1135: serial bus timeout: status=0x00
[  450.212029][ T5915] gspca_stk1135: Sensor write failed
[  450.217510][ T5915] stk1135 9-1:64.0: probe with driver stk1135 failed with error -71
[  450.243786][ T5915] usb 9-1: USB disconnect, device number 2
[  451.191569][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  452.139879][ T2988] hsr_slave_0: left promiscuous mode
[  452.239416][ T2988] hsr_slave_1: left promiscuous mode
[  452.248630][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  452.263436][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  452.274251][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  452.283396][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  452.315993][ T2988] veth1_macvtap: left promiscuous mode
[  452.321733][ T2988] veth0_macvtap: left promiscuous mode
[  452.327735][ T2988] veth1_vlan: left promiscuous mode
[  452.333822][ T2988] veth0_vlan: left promiscuous mode
[  452.380136][ T9914] trusted_key: encrypted_key: insufficient parameters specified
[  454.209220][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  454.809564][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  455.888964][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  458.186524][ T5838] Bluetooth: hci1: failed to read key size for handle 201
[  458.197517][ T5838] Bluetooth: hci1: unexpected event for opcode 0x1408
[  458.285651][ T9967] 
[  458.288033][ T9967] =============================
[  458.292862][ T9967] [ BUG: Invalid wait context ]
[  458.297694][ T9967] 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0 Not tainted
[  458.304431][ T9967] -----------------------------
[  458.309254][ T9967] iou-wrk-9958/9967 is trying to lock:
[  458.314685][ T9967] ffff88802744ae58 (&sighand->siglock){-.-.}-{3:3}, at: __lock_task_sighand+0x149/0x2d0
[  458.324426][ T9967] other info that might help us debug this:
[  458.330317][ T9967] context-{5:5}
[  458.333757][ T9967] 3 locks held by iou-wrk-9958/9967:
[  458.339017][ T9967]  #0: ffff88814d2870c0 (&acct->lock){+.+.}-{2:2}, at: io_wq_worker+0x44b/0xed0
[  458.348052][ T9967]  #1: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540
[  458.357484][ T9967]  #2: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: __lock_task_sighand+0x29/0x2d0
[  458.367224][ T9967] stack backtrace:
[  458.370922][ T9967] CPU: 1 UID: 0 PID: 9967 Comm: iou-wrk-9958 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  458.381396][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  458.391452][ T9967] Call Trace:
[  458.394719][ T9967]  <TASK>
[  458.397656][ T9967]  dump_stack_lvl+0x241/0x360
[  458.402340][ T9967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.407535][ T9967]  ? __pfx__printk+0x10/0x10
[  458.412123][ T9967]  ? validate_chain+0x11e/0x5920
[  458.417053][ T9967]  __lock_acquire+0x15a8/0x2100
[  458.421893][ T9967]  lock_acquire+0x1ed/0x550
[  458.426381][ T9967]  ? __lock_task_sighand+0x149/0x2d0
[  458.431652][ T9967]  ? __pfx_lock_acquire+0x10/0x10
[  458.436665][ T9967]  ? __pfx_lock_acquire+0x10/0x10
[  458.441677][ T9967]  _raw_spin_lock_irqsave+0xd5/0x120
[  458.446952][ T9967]  ? __lock_task_sighand+0x149/0x2d0
[  458.452225][ T9967]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  458.458107][ T9967]  __lock_task_sighand+0x149/0x2d0
[  458.463219][ T9967]  ? __lock_task_sighand+0x29/0x2d0
[  458.468414][ T9967]  group_send_sig_info+0x274/0x310
[  458.473509][ T9967]  ? __pfx_group_send_sig_info+0x10/0x10
[  458.479125][ T9967]  bpf_send_signal_common+0x3c4/0x630
[  458.484483][ T9967]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  458.490363][ T9967]  ? __pfx___cant_migrate+0x10/0x10
[  458.495561][ T9967]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  458.501528][ T9967]  ? bpf_trace_run2+0x1fc/0x540
[  458.506379][ T9967]  bpf_send_signal+0x1d/0x30
[  458.510951][ T9967]  bpf_prog_631417f49dd64198+0x25/0x48
[  458.516387][ T9967]  ? bpf_trace_run2+0x1fc/0x540
[  458.521219][ T9967]  bpf_trace_run2+0x2ec/0x540
[  458.525896][ T9967]  ? __free_object+0x548/0x760
[  458.530732][ T9967]  ? __pfx_bpf_trace_run2+0x10/0x10
[  458.535918][ T9967]  trace_contention_end+0x114/0x140
[  458.541122][ T9967]  __pv_queued_spin_lock_slowpath+0xb7e/0xdb0
[  458.547179][ T9967]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  458.553759][ T9967]  ? __pfx_process_timeout+0x10/0x10
[  458.559037][ T9967]  queued_spin_lock_slowpath+0x42/0x50
[  458.564481][ T9967]  do_raw_spin_lock+0x272/0x370
[  458.569313][ T9967]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  458.574666][ T9967]  ? do_raw_spin_unlock+0x13c/0x8b0
[  458.579854][ T9967]  io_wq_worker+0x44b/0xed0
[  458.584361][ T9967]  ? io_wq_worker+0x3e5/0xed0
[  458.589028][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.594035][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.599040][ T9967]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  458.605006][ T9967]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  458.611421][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.616430][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.621437][ T9967]  ? _raw_spin_unlock_irq+0x23/0x50
[  458.626621][ T9967]  ? lockdep_hardirqs_on+0x99/0x150
[  458.631803][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.636820][ T9967]  ret_from_fork+0x4b/0x80
[  458.641220][ T9967]  ? __pfx_io_wq_worker+0x10/0x10
[  458.646224][ T9967]  ret_from_fork_asm+0x1a/0x30
[  458.650995][ T9967]  </TASK>