last executing test programs:

4m38.058719575s ago: executing program 2 (id=21):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a8000100fe80ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%ps    \x00'}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x10, 0x7fffffffffffffff, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x89f0, &(0x7f0000000400)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0x1c, "dea1d8981aa3a9c188aaf2269615123ca0a2894d756ec481f02e8688"}})
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'dummy0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r10=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0xc3, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="400000001000030400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15020000000000002000128008000100687372001400028008000100", @ANYRES32=r9, @ANYBLOB="08000200", @ANYRES32=r10, @ANYBLOB="dcc75f68343157c11cae744f35ffb2ba10d51dc9c7d2e27d1977226ee698708fbfa6f4ece1e6c5faaa7d00ca01536a075d28efac490f746053bf098f7df1246029fcf0643ff5a3d216cc50d43d91d0cdf7df0b"], 0x40}, 0x1, 0xba01, 0x0, 0x4000044}, 0x10)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
ftruncate(r11, 0x7ff)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xf, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x2}, [@map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x88}, @generic={0x8, 0x5, 0xc, 0xfff, 0x3d}, @jmp={0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffffffffffffc, 0x15}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @map_val={0x18, 0x8, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x9}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @alu={0x7, 0x0, 0x2, 0x0, 0x7, 0xffffffffffffffc0, 0x4}]}, &(0x7f0000000200)='syzkaller\x00', 0x6, 0x98, &(0x7f0000000240)=""/152, 0x40f00, 0x7, '\x00', r10, @fallback=0x6, r11, 0x8, &(0x7f0000000400)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, 0x0, &(0x7f0000000440)=[{0x4, 0x3, 0xc, 0x1}, {0x0, 0x4, 0xe, 0x4}, {0x4, 0x5, 0x7, 0x9}, {0x5, 0x4, 0x9, 0x9}, {0x1, 0x3, 0x10}, {0x2, 0x5, 0xf}, {0x1, 0x1, 0xb, 0xa}], 0x10, 0xa}, 0x94)

4m31.620578442s ago: executing program 3 (id=29):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

4m31.413445644s ago: executing program 3 (id=30):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023b00000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x94)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x6, 0x36, &(0x7f00000002c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r2, 0x5509, &(0x7f0000000100)=0xb)
madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23)
futex(&(0x7f000000cffc)=0x3, 0x5, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x5000000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb01001800000000000000500000005000000002000000090000000000000e03000000010000000a0000000000000203000000000000000500000d00000000060000000100000000000000000000000000000000800000090000000000000001000000030010"], 0x0, 0x6a, 0x0, 0x0, 0x7fffffff}, 0x28)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file0/file1\x00', 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r3, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={&(0x7f0000002780)=ANY=[@ANYBLOB="2c000000000b0108000000000000000002000008080014400000000008000340000000000800024000000006"], 0x2c}, 0x1, 0x0, 0x0, 0xa880}, 0x4040010)
getegid()
socket$nl_generic(0x10, 0x3, 0x10)

4m31.1272732s ago: executing program 2 (id=31):
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0x8000, 0x40024f}, 0x0, 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, r0, 0x0, 0x0, 0x8000}])

4m30.486457654s ago: executing program 2 (id=35):
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r0 = syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
read$char_usb(r1, &(0x7f00000002c0)=""/151, 0x97)
syz_usb_disconnect(r0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

4m30.009880177s ago: executing program 3 (id=38):
r0 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0xb, @mcast2, 0x9}, 0x1c)
sendto$inet6(r0, &(0x7f0000000040)="800037bbfa9ba1ce", 0xffe9, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
readv(r0, &(0x7f0000000180)=[{0x0}], 0x1)

4m29.602417613s ago: executing program 3 (id=39):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_VLAN(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
sendto$inet(r2, 0x0, 0x0, 0xc008001, 0x0, 0x0)
listen(r2, 0xda91)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x10000000, 0x3, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
open(0x0, 0x4c37e, 0x0)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000000c0)='source', 0x0, r5)
landlock_restrict_self(0xffffffffffffffff, 0xa)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, 0x0, 0x0)
accept4(r2, &(0x7f0000000340)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x0, 0x80000)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0xffffff1f, 0x3, 0xfffefffd, {0x0, 0x0, 0x0, 0x0, 0x4000, 0x3cc40}, [@IFLA_MASTER={0x8, 0xa, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)

4m26.26203893s ago: executing program 2 (id=42):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c40)=@newtaction={0x48, 0x30, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_simple={0x30, 0xf, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000080)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000001fc0)=@delsa={0x260, 0x11, 0x57b43495a11ecb71, 0x70bd28, 0x25dfdbfb, {@in=@multicast1, 0x4d3, 0xa, 0x6c}, [@mark={0xc, 0x15, {0x35075a, 0x3}}, @user_kmaddress={0x2c, 0x13, {@in6=@empty, @in=@multicast2, 0x0, 0x2}}, @algo_crypt={0xc8, 0x2, {{'lrw-camellia-aesni-avx2\x00'}, 0x400, "358d5dcfb7ff693d18fe7c6cfb0854a9a9da117750bac5f5a9b94883ac3e168d67fbdf3e83c52848798d8d8215ccf7bc494daf3802c7a0884f34b3bbf3f7e54c3801be7a362523fca6002c185a722abdfb592b272234543362a5b69efff2dc7410c502054b693edb72041c0bae00b3a0e0d56bce879ac81df0eee412ec5981fd"}}, @encap={0x1c, 0x4, {0x0, 0x4e21, 0x4e22, @in=@dev={0xac, 0x14, 0x14, 0x19}}}, @algo_auth={0x119, 0x1, {{'mcryptd(hmac(sha1-neon))\x00'}, 0x688, "e86f757dd4038d889a03bb672d72381ff7207bce9dfe8bf20321c9626feb9797a0b88e2e64219db725e810ce95e4d61d39f20629e9588f2bbac3ae9eded338dca75f3bfbea9dc79ded788c3d01249139ef915914c02fad4f8228d662c95749fcdb07840143aa3d52bc6e19ebcc675ea1fafe6de5bfb7319e7f58a1a4f92556eb148273e8fcfd295445fb1fd0c46c13981c06850741583d0c73b5822ddbf129dbc7a2520a9afcbadb515dee4c9b42445ce6208b68e32b94f5a6aed4f7072c8029b7f1f36a8972ca0f909aa13d880fc2a8b2"}}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

4m22.315414417s ago: executing program 2 (id=46):
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0x8000, 0x40024f}, 0x0, 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, r0, 0x0, 0x0, 0x8000}])

4m21.43705945s ago: executing program 3 (id=47):
r0 = syz_open_dev$video(0x0, 0x7ff, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000042857006000fef28ef786b7070000003e1c9ddd35b4dda908266cd035b697c2616ce4fa2ba86f035f7c1a371606359c3a692ff312de254121b270c6a65fd37483f448fd78eb2ab66a4a10bb95d2e56c76892bd3b888c8145940ce64", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x40000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000008000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x401, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xe}, 0x0, 0x1}, 0xe)
setns(0xffffffffffffffff, 0x24020000)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="ff1400080003000000000010000000000000", @ANYRES32=0x0, @ANYBLOB="10001d80060000800500090009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100)
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp={0x44, 0x4, 0x7f, 0x0, 0x3}, @generic={0x1c, 0x2}]}}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x2, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @empty}}}}}}, 0x0)

4m20.577829192s ago: executing program 3 (id=49):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

4m18.844310348s ago: executing program 2 (id=51):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x1, 0x1, 0x4, 0x2, {0xa, 0x4e24, 0x8, @local, 0x7fff}}}, 0x3a)
creat(0x0, 0x0)
mount$nfs4(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000a40)={r3, 0x0, 0x0}, 0x10)
sendmmsg$inet(r2, 0x0, 0x0, 0x40)
socket$key(0xf, 0x3, 0x2)

4m13.5514694s ago: executing program 0 (id=55):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a8000100fe80ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)='%ps    \x00'}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x10, 0x7fffffffffffffff, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x89f0, &(0x7f0000000400)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0x1c, "dea1d8981aa3a9c188aaf2269615123ca0a2894d756ec481f02e8688"}})
eventfd2(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'dummy0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r10=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0xc3, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="400000001000030400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15020000000000002000128008000100687372001400028008000100", @ANYRES32=r9, @ANYBLOB="08000200", @ANYRES32=r10, @ANYBLOB="dcc75f68343157c11cae744f35ffb2ba10d51dc9c7d2e27d1977226ee698708fbfa6f4ece1e6c5faaa7d00ca01536a075d28efac490f746053bf098f7df1246029fcf0643ff5a3d216cc50d43d91d0cdf7df0b"], 0x40}, 0x1, 0xba01, 0x0, 0x4000044}, 0x10)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
ftruncate(r11, 0x7ff)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xf, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x2}, [@map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x88}, @generic={0x8, 0x5, 0xc, 0xfff, 0x3d}, @jmp={0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffffffffffffc, 0x15}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @map_val={0x18, 0x8, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x9}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @alu={0x7, 0x0, 0x2, 0x0, 0x7, 0xffffffffffffffc0, 0x4}]}, &(0x7f0000000200)='syzkaller\x00', 0x6, 0x98, &(0x7f0000000240)=""/152, 0x40f00, 0x7, '\x00', r10, @fallback=0x6, r11, 0x8, &(0x7f0000000400)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, 0x0, &(0x7f0000000440)=[{0x4, 0x3, 0xc, 0x1}, {0x0, 0x4, 0xe, 0x4}, {0x4, 0x5, 0x7, 0x9}, {0x5, 0x4, 0x9, 0x9}, {0x1, 0x3, 0x10}, {0x2, 0x5, 0xf}, {0x1, 0x1, 0xb, 0xa}], 0x10, 0xa}, 0x94)

4m10.351554553s ago: executing program 0 (id=57):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
syz_open_dev$MSR(&(0x7f00000000c0), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, 0x0, &(0x7f0000000280))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x2, &(0x7f0000000040))
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x200000000000000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[], 0x10)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000180)={{0x4, 0x7, 0x97, 0x4}, 'syz1\x00', 0x2b})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000008f08000000000000000000008500000054000000950000002422bf26a2b98550cbfdd1371b408011f7fd0e8818dcad70bba52b89ecce8e12133869df958e7fda419a2cbf775a5c3c66a88471a7dd57692d5d914e2d8407dd50b0422c24"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x4}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$caif_seqpacket(0x25, 0x5, 0x0)

4m5.342881709s ago: executing program 32 (id=49):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

4m5.290338674s ago: executing program 0 (id=63):
ftruncate(0xffffffffffffffff, 0x7000000)
r0 = dup(0xffffffffffffffff)
preadv2(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/83, 0x200000}], 0x1000000000000146, 0x3700, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x218, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3d7}]}, @TIPC_NLA_NODE={0x20, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "f10f1c895d2428c4f7910ca502d62f9d0892d708"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xac}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0xc0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc01}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x8c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}]}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'gre0\x00'}}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'ib', 0x3a, 'dvmrp0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}}, {0x14, 0x2, @in={0x2, 0x4e24, @local}}}}]}]}, 0x218}}, 0x26008401)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000010000000400000008"], 0x48)
ioctl$BTRFS_IOC_SYNC(r2, 0x9408, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[], 0x178}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000140)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4100}}}}}}, 0x0)
sendmsg$nl_route(r4, 0x0, 0x4840)
memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
pipe(0x0)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=','])
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x100001, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x3)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)

4m2.45611357s ago: executing program 33 (id=51):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x1, 0x1, 0x4, 0x2, {0xa, 0x4e24, 0x8, @local, 0x7fff}}}, 0x3a)
creat(0x0, 0x0)
mount$nfs4(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000a40)={r3, 0x0, 0x0}, 0x10)
sendmmsg$inet(r2, 0x0, 0x0, 0x40)
socket$key(0xf, 0x3, 0x2)

4m2.3098497s ago: executing program 0 (id=67):
ioctl$USBDEVFS_GETDRIVER(0xffffffffffffffff, 0x41045508, &(0x7f0000000280)={0x0, "4a89e8bec6fd7ffd6110f6015a71b41ff9bbbd3682a0b5ce2fcc64c3f53ab8e3575faf27c8a773371e400818d4d6a4e2a902702a8e62f6244e95925d047ed9ee7a6b921e0ae711ea0c8c5f858d00bf48a7e722b3ca21ea51993b525a397a09b994219f92da52da2e12fc100a9d58b446a3f4ebebc5b6fbf5e9005d3a4a1a5ebb6c96211f208bea686d5d7f561213359e104d27c2ad1326d3904372629ce9b2b7555dcf75fbf095b004b7fcd7744f290b9c386f935052d49ed6fbd9da91a181c78f922b1247610af7e94bd16455c23c103103fa62b00817072d22e7078133762c3f71357221724116f200c97b6de38cc3c49ce016586dd5442674a09ad46c59ba"})
socket$nl_route(0x10, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x181001, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x34}, 0x28)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a74000000060a010400000000000000000200000048000480440001800a0001006d61746368000000340002800900010074696d65000000001c00030007682c020b7b37f27f5101007f51012049f4e34e860200eb08000240000000000900010073797a30000000000900020073797a32"], 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, 0x0, 0x0)
bind$inet6(r5, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r5, &(0x7f0000847fff), 0x0, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
socket$key(0xf, 0x3, 0x2)
syz_emit_ethernet(0x56, &(0x7f0000000500)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa88a800008100000086dd600000000218000120010000000000000000000000000000fe8000000000000000000000000000002f01000000000000070800000000000000d6000000004d847f54f339d49021ed22f24a7ba0"], 0x0)

3m56.036467368s ago: executing program 0 (id=71):
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff0000000071106e000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000e2ff00000000050002000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a30000000004c000000060a010400000000000000000500000008000b400000000024000480200001800d00010073796e70726f7879000000000c00028008000340000000050900010073797a30"], 0xc0}, 0x1, 0x0, 0x0, 0x20894}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/tty/ldiscs\x00', 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001c80)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='lp', 0x2)
write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000080)="7c00330700000000000800008100aa", 0x0, 0x466, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r0, 0x0, 0xa5, 0x43, &(0x7f00000006c0)="119df54bd8db07282d067c79c0da259020ac4408cb48aa6d8ce3c504ff13113a61dfbc0b0a3730aecdb3ce3b9bf3f3cea92a6a115ec731041f91666e8c551661571289196c056bdf47494d4c2715edb03d531b3dbd17602803257df0ffca6f8d7caac711559be82a1fc18b60a371c7260c51b995373dd6cf219467345fcd78704c581ffb24bd07b3fd3487c34fde181d5d728e8e97a4679a856b26d9fce75b53545dbea9dc", &(0x7f0000000780)=""/67, 0x7fff, 0x0, 0x36, 0x31, &(0x7f00000002c0)="3148c70456ba5a40790165ac0f024b3fbe1c386adb5625e1ae74e5a2adad97859198ed9011ae880af1a9a11fc424cc13cd32683e9525", &(0x7f0000000800)="9dfa58fc98778f33b4d810262ab491277965a926c624b757899f32224b7d0b08c6d4f857915805ce4c601edfe54113b149", 0x2, 0x0, 0x6}, 0x50)
r6 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="21032bbd7000fedbdf25010000000400018038000280340001800800010006000000080001000703f98f0a0001"], 0x50}, 0x1, 0x0, 0x0, 0x4044094}, 0x4)
lseek(r2, 0x4000000007, 0x1)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x42000020}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)={0xb8, r7, 0x800, 0x70bd29, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x80000001}}, {0x8, 0xb, 0xfff}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x0, 0x11, 0x1000}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x6}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x88c0}, 0x20040001)
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x18, 0x3f9, 0x4, 0x70bd2a, 0x25dfdbfb, {0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x20000080}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000060000000000000000b0ca2e69691360157458152fb00000073113600e3c7f17d85"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m50.659214865s ago: executing program 0 (id=77):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="11000000140025000307f4f9002304000a", 0x11)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x400)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000300)={0xf, 0x1f, 0x2, 0x9}, 0xf)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r7], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

3m35.539261455s ago: executing program 34 (id=77):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="11000000140025000307f4f9002304000a", 0x11)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x400)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000300)={0xf, 0x1f, 0x2, 0x9}, 0xf)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r7], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

7.163205008s ago: executing program 1 (id=336):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0)
setresgid(0xee00, 0xee01, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r2, 0x60}], 0x1, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)

5.314906014s ago: executing program 4 (id=340):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000700202142"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001f000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000014010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)

5.261633317s ago: executing program 4 (id=341):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
r0 = socket$inet(0xa, 0x801, 0x84)
accept4(r0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
socket$inet(0x2, 0xa, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x2, 0xd, 0x8, 0x2, 0xfffffffffffffff7, 0x1, 0x7}, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00', 0x8000000, 0x2, 0x3, 0x9, 0x5b9}, 0x20)

4.232792182s ago: executing program 4 (id=342):
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
getpriority(0x2, 0x0)

4.059267044s ago: executing program 1 (id=343):
r0 = fsopen(&(0x7f0000000340)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x86)
fchdir(r1)
r2 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fstat(r2, &(0x7f0000000700))
openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x511001, 0x488)

3.945089621s ago: executing program 1 (id=344):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1814, 0x2, 0x4}, 0xffffffffffffff35, 0x3)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x874, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x84c, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}, {0x20, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xc}]}}}, {0x818, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x80c, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x204, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb6, 0x1, "5111cbdf78f64b8009d0b322243bacef52e84edbc8ac5ddc4dc13ce8c4f8239b59bc867039dfe19875b5ddbb85ae6f861fed05539c3615aafdf0c27e577bfa061d21d5d65b9d136a91f53f3008760c7887fc975b06937839607ec66862b7d8631e00f7dbe963ae6e6c399e6b1d2abe094f486047a49341e797cd6176bc868d076e5cf2f1809881315c07d1d00502e3ce74e5ce53183d84d17ad61b9158f6413b253a3fb3c3f39cbbec5351fb45970083dbe1"}, @NFTA_DATA_VALUE={0x7e, 0x1, "3976147fbdce212565d0c486597139714ea95d9ce043e02190849bb8085be36cf874e732fcfe9c21d33b00f9ec358565a1249bbea3fa363e4f7a95feb8c82267a0fbcebbad5706195aaecb64160ec013dcf26c8410915d3157b5a41a76cda5819305176a1b8470ab87e7723325d9360b65d3c5516e9fb61e0b32"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0x1a, 0x1, "d3edcb80328df09108622659ba566eca27bf4d1fa21d"}, @NFTA_DATA_VALUE={0x26, 0x1, "6d4b72aa0a8767629930a46aef2bf9e9f9dc1db4bc17ac6b059501fc78a157a21083"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}, @NFTA_CMP_DATA={0x2f0, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xc1, 0x1, "48bf827d1971a2b69d86f6fcd7ad980a2084be3db0519375b420595523ccd6b53e169895db9cd12dd53f7dc5630f30aea736a82e5ac5b102a9403a5cd806c3e506fa58c5a6cd785a52a5e4a5ecd5515ac4e6d0b6c21efadc3dcc66c961c0305159bc5862ac6b6c860cef8c50f0ec815a797093ee28653c50c39c4bfca5f0e9f4b66962d7a20198de2ea80795ba301ca00e6302a3159d20693ed69ad01e4b440f7ec3905fddeb05f705dcb800d5eb9d6d6060801d66fd2c41d6df51108e"}, @NFTA_DATA_VALUE={0xa7, 0x1, "af1b4a4b4d3c0956497c0459f3ef377c0b7c623d6d20bfb6199ba69149fcc856afaeb9f2a8314bc0c59243a8aea464924f9654ae3512fb47b6f86035fe97958ae5491089ae8885031586dabdfa6fd8c939c2134753249167381a5c32177cab5b77c337b6b6d6349c2d12b1e62b529d3599f4cb2239b4112835d1ad1965aae54fdb4e04f4ee2838b2dd028c742085dadc25d9d2b3fefc995c62905a769999c03b1bd7d4"}, @NFTA_DATA_VALUE={0x5b, 0x1, "70891ec5795e8b793c1a9fd65e5e89c531ece3bba49d8b92ddcb81f0055984abb096c86cb0ffa33c72d2af8047ba33ddb6b532a573d7f898a570fbca3be2b84018cc24beeab2ae1e33bc4219633ecb0c940ae924485a73"}, @NFTA_DATA_VALUE={0xcc, 0x1, "6ae851f79f7c26f0caf94f3a5d82377bd2295e1841fee316085ef92ecb85caeeff1b09e3ae1d84e820ed82f0df57f4763045b1fdab55cbd7a4d4976adbb4a5eb36a3b763a8f22f2817ed3b90edd1fee434fd4213b16f7939cd6863bc543785fcbfecf695bc8e23b5e49cdd30b17a203c78f35c0f4906d58d63e539237fa1170813ae0f9b6299ca11214f82541bde3c96c0f5fb898fe0362f99f8316ef131f0b07204521a438b70518abb9518b7edbf7457cbc9867b8e5bab5240d3403431bb93951af97019042b3b"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}, @NFTA_CMP_DATA={0x314, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x64, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xfe, 0x1, "7f6c55f41d2d1793ebda2590613b0209007c3c471059a55d7a6c13baa1e9373e109ac8f221f06b13c338f88d536dbc8e64c5d7b57d350e07ac534e4ba0fa078bc1411a3aa6de167324dd75a93ca46e363b55036888a1b08912a6294aceb8c6e59afda555a8f26f5720799ee2b85e08caa693f3a3e075eb999db564f94e73cefb26b5c7956d5e1c1ac62592bd9a76c71c49ac0c965c85e4c4c06c02461268db3f0f9c0a973bce353de0c721592dc9cea46eee55134ca8eef0f09353ac96b83c2e9c6423cb11947f5f96fc90f2018c8c247af49fffa444941930c99608a57ccbc56e6bc88f266c6b43ec509d808cdbe77d17817b107eb82341a6ad"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0xef, 0x1, "a970a69ad3caed363378ed3726957aa64ff57a90b81229de8364a369c929bf064f0d1c4ec0405e83a4e1bfb28f4ddf9a5f9ee5358a73727df8d7cdb6d608d77d93cfb95ba9b4dbc08b97b21b092637351c4f5fe236137414f32449a9a292e9f232b4f9280e2aac31e1cfe807dbdd052115ea1763176d03e36e1e4798740886254ec1d9089c0d219a6522beb72e3fd33f09c9eb4ce8a2d5e7ed649c35b5395307288e3153a7d7b65b8543abdf5c2e970f0a6f8e36fd478090f05562566e674ccd631f2440d9d12ac5a8515fb42994c083c16fe69a20d1ffd981e629728366b3172f77bafc4594d5e3ab7972"}, @NFTA_DATA_VALUE={0x55, 0x1, "0a563d15171abafed42db3b9b02329bba3bfa62a5db20d72a6d15f9300da069f23d660ecdca7e7657a7cc26b988480e6232e9761c62b6d4bfb65674a57abe740e704e949b7470de9aa357140fb7d01f94c"}]}]}}}]}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}]}]}, @NFT_MSG_NEWFLOWTABLE={0x7c, 0x16, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x92c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4040)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r4, 0x9)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)

2.860247942s ago: executing program 4 (id=345):
ftruncate(0xffffffffffffffff, 0x7000000)
r0 = dup(0xffffffffffffffff)
preadv2(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/83, 0x200000}], 0x1000000000000146, 0x3700, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x218, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3d7}]}, @TIPC_NLA_NODE={0x20, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "f10f1c895d2428c4f7910ca502d62f9d0892d708"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xac}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0xc0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc01}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x8c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}]}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'gre0\x00'}}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'ib', 0x3a, 'dvmrp0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}}, {0x14, 0x2, @in={0x2, 0x4e24, @local}}}}]}]}, 0x218}}, 0x26008401)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000010000000400000008"], 0x48)
ioctl$BTRFS_IOC_SYNC(r2, 0x9408, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[], 0x178}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4840)
pipe(0x0)
r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r6, &(0x7f0000000280)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=','])
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x100001, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x3)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)

1.38493784s ago: executing program 4 (id=346):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

1.269255802s ago: executing program 1 (id=347):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000a80)={<r1=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1, 0x0, 0x3}}, 0x20)

942.937407ms ago: executing program 1 (id=348):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

606.307µs ago: executing program 1 (id=349):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = socket$inet(0xa, 0x801, 0x84)
accept4(r0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
socket$inet(0x2, 0xa, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x2, 0xd, 0x8, 0x2, 0xfffffffffffffff7, 0x1, 0x7}, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00', 0x8000000, 0x2, 0x3, 0x9, 0x5b9}, 0x20)

0s ago: executing program 4 (id=350):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0)
setresgid(0xee00, 0xee01, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r2, 0x60}], 0x1, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)

kernel console output (not intermixed with test programs):

 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  123.242389][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  123.333354][ T5876] usb 3-1: Using ep0 maxpacket: 8
[  123.336116][ T5876] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  123.336141][ T5876] usb 3-1: config 0 has no interface number 0
[  123.336184][ T5876] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  123.336209][ T5876] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  123.336236][ T5876] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  123.336263][ T5876] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  123.336307][ T5876] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  123.336332][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.608316][ T5876] usb 3-1: config 0 descriptor??
[  123.667215][ T5876] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  125.113559][ T5881] usb 3-1: USB disconnect, device number 3
[  125.887431][    T0] NOHZ tick-stop error: local softirq work is pending, handler #88!!!
[  125.904375][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  125.904930][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  125.919938][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  126.260169][ T6056] netlink: 'syz.3.39': attribute type 1 has an invalid length.
[  126.963277][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  127.791774][ T5881] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  127.903473][ T6061] netlink: 'syz.0.41': attribute type 21 has an invalid length.
[  127.927618][ T5933] libceph: connect (1)[c::]:6789 error -101
[  127.928245][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  128.214843][ T5933] libceph: connect (1)[c::]:6789 error -101
[  128.215039][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  128.246347][    C0] net_ratelimit: 5054 callbacks suppressed
[  128.246370][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  128.249379][ T6047] ceph: No mds server is up or the cluster is laggy
[  128.253088][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  128.755959][ T5933] libceph: connect (1)[c::]:6789 error -101
[  128.756354][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  128.776966][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  128.777305][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  128.983534][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  128.984672][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  128.985118][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  128.986222][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  128.986622][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  128.986954][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  129.113640][ T6066] dummy0: entered promiscuous mode
[  129.118495][ T6066] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  129.120512][ T6066] debugfs: 'hsr1' already exists in 'hsr'
[  129.120535][ T6066] Cannot create hsr debugfs directory
[  129.120700][ T6066] hsr1: entered allmulticast mode
[  129.120717][ T6066] dummy0: entered allmulticast mode
[  129.120740][ T6066] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  129.672483][ T5859] libceph: connect (1)[c::]:6789 error -101
[  129.673099][ T5859] libceph: mon0 (1)[c::]:6789 connect error
[  130.681121][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  130.754116][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  132.223360][ T5876] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[  133.514749][    C0] net_ratelimit: 5268 callbacks suppressed
[  133.514777][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  133.515531][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  133.516007][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  133.516916][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  133.517300][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  133.517783][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  133.519003][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  133.519750][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  133.529101][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  133.530077][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  133.715609][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  133.715705][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  133.754675][ T5876] usb 1-1: unable to get BOS descriptor or descriptor too short
[  133.768864][ T5876] usb 1-1: config 250 has an invalid interface number: 59 but max is 0
[  133.768895][ T5876] usb 1-1: config 250 has no interface number 0
[  133.768942][ T5876] usb 1-1: config 250 interface 59 altsetting 255 endpoint 0xF has invalid maxpacket 512, setting to 8
[  133.768970][ T5876] usb 1-1: config 250 interface 59 altsetting 255 has an endpoint descriptor with address 0xC2, changing to 0x82
[  133.768997][ T5876] usb 1-1: config 250 interface 59 altsetting 255 endpoint 0x82 is Bulk; changing to Interrupt
[  133.769022][ T5876] usb 1-1: config 250 interface 59 altsetting 255 endpoint 0x8 has invalid maxpacket 512, setting to 8
[  133.769058][ T5876] usb 1-1: config 250 interface 59 altsetting 255 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  133.769087][ T5876] usb 1-1: config 250 interface 59 has no altsetting 0
[  134.265959][ T5876] usb 1-1: string descriptor 0 read error: -71
[  134.266125][ T5876] usb 1-1: New USB device found, idVendor=1b80, idProduct=e302, bcdDevice=8c.2b
[  134.266150][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.367596][ T5876] usb 1-1: can't set config #250, error -71
[  136.212068][ T5876] usb 1-1: USB disconnect, device number 2
[  137.613538][ T5876] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  137.783317][ T5876] usb 1-1: Using ep0 maxpacket: 8
[  137.786929][ T5876] usb 1-1: unable to get BOS descriptor or descriptor too short
[  137.789483][ T5876] usb 1-1: config 255 has an invalid interface number: 105 but max is 0
[  137.789511][ T5876] usb 1-1: config 255 has no interface number 0
[  137.789559][ T5876] usb 1-1: config 255 interface 105 altsetting 5 bulk endpoint 0xA has invalid maxpacket 64
[  137.789585][ T5876] usb 1-1: config 255 interface 105 altsetting 5 has a duplicate endpoint with address 0xA, skipping
[  137.789611][ T5876] usb 1-1: config 255 interface 105 altsetting 5 has an endpoint descriptor with address 0xB5, changing to 0x85
[  137.789637][ T5876] usb 1-1: config 255 interface 105 altsetting 5 endpoint 0x85 has invalid maxpacket 53098, setting to 1024
[  137.789665][ T5876] usb 1-1: config 255 interface 105 altsetting 5 bulk endpoint 0x85 has invalid maxpacket 1024
[  137.789691][ T5876] usb 1-1: config 255 interface 105 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  137.789718][ T5876] usb 1-1: config 255 interface 105 has no altsetting 0
[  137.884841][ T5876] usb 1-1: New USB device found, idVendor=2013, idProduct=8461, bcdDevice=b3.82
[  137.884873][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.884894][ T5876] usb 1-1: Product: syz
[  137.884908][ T5876] usb 1-1: Manufacturer: syz
[  137.884923][ T5876] usb 1-1: SerialNumber: syz
[  137.991530][ T6102] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  137.991916][ T6102] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  138.528851][    C0] net_ratelimit: 4031 callbacks suppressed
[  138.528873][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  138.529328][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  138.529680][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  138.593716][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  138.594053][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  138.594439][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  138.648309][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  138.648808][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  138.649794][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  138.650221][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  139.628003][ T5876] usb 1-1: USB disconnect, device number 3
[  140.514078][ T6114] netlink: 'syz.0.55': attribute type 21 has an invalid length.
[  143.165576][ T6121] program syz.4.56 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  144.115745][    C0] net_ratelimit: 6649 callbacks suppressed
[  144.115767][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  144.116136][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  144.116571][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  144.117251][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  144.117700][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  144.118576][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  144.118940][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  144.119258][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  144.120528][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  144.120904][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  147.373393][ T6133] Zero length message leads to an empty skb
[  149.123523][    C0] net_ratelimit: 4480 callbacks suppressed
[  149.123540][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  149.123865][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  149.124664][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  149.124979][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  149.125569][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  149.125837][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  149.126056][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  149.126908][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  149.127184][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  149.127498][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  150.820390][ T5113] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  150.833604][ T5113] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  150.850797][ T5113] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  150.863951][ T5113] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  151.014361][ T5113] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  153.113329][ T5113] Bluetooth: hci5: command tx timeout
[  154.134139][    C0] net_ratelimit: 7432 callbacks suppressed
[  154.134156][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  154.134449][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  154.134926][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  154.135180][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  154.135383][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  154.136181][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  154.143728][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  154.144184][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  154.144886][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  154.145327][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  155.323263][ T5113] Bluetooth: hci5: command tx timeout
[  155.375331][ T6161] program syz.4.69 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.950900][ T5807] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  156.958682][ T5807] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  156.959863][ T5807] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  156.961045][ T5807] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  156.961947][ T5807] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  158.283324][ T5807] Bluetooth: hci5: command tx timeout
[  158.357544][ T6170] netlink: 'syz.1.70': attribute type 21 has an invalid length.
[  159.191415][    C0] net_ratelimit: 3530 callbacks suppressed
[  159.191465][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  159.241439][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  159.242318][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  159.242757][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  159.243111][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  159.245251][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  159.245695][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  159.246336][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  159.247086][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  159.249659][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  159.694644][ T5807] Bluetooth: hci6: command tx timeout
[  160.791926][ T5807] Bluetooth: hci5: command tx timeout
[  160.863347][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  161.053192][ T6176] syz.1.70 (6176) used greatest stack depth: 17344 bytes left
[  161.164138][    T9] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  161.415996][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.416053][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.416082][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.419268][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.419323][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.419349][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.422324][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.422378][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.422406][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.424007][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.424059][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.424087][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.434375][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.434430][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.434458][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.453381][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.453439][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.453468][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.493471][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.493531][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.493559][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.533388][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  161.533446][    T9] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  161.533473][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  161.598893][ T6183] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  161.635037][    T9] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  161.635071][    T9] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  161.635093][    T9] usb 1-1: Product: syz
[  161.635108][    T9] usb 1-1: Manufacturer: syz
[  161.635123][    T9] usb 1-1: SerialNumber: syz
[  161.687133][    T9] usb 1-1: config 0 descriptor??
[  161.733702][ T5807] Bluetooth: hci6: command tx timeout
[  162.111699][   T31] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  162.563926][   T31] usb 5-1: Using ep0 maxpacket: 8
[  162.566466][   T31] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  162.566494][   T31] usb 5-1: config 0 has no interface number 0
[  162.566539][   T31] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  162.566564][   T31] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  162.566589][   T31] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  162.566616][   T31] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  162.566659][   T31] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  162.566682][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.766768][   T31] usb 5-1: config 0 descriptor??
[  163.304468][    T9] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  163.325625][    T9] usb 1-1: USB disconnect, device number 4
[  163.346809][    T9] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  163.813397][ T5807] Bluetooth: hci6: command tx timeout
[  164.193502][    C0] net_ratelimit: 6023 callbacks suppressed
[  164.193521][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  164.194019][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  164.194279][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  164.195244][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  164.195580][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  164.195933][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  164.196461][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  164.196826][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  164.199547][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  164.199959][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  164.363637][   T31] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  164.388070][   T31] usb 5-1: USB disconnect, device number 3
[  164.547080][   T31] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  165.853362][ T5876] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  165.893316][ T5807] Bluetooth: hci6: command tx timeout
[  166.043522][   T31] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  166.066112][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  166.066146][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  166.066172][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  166.066194][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  166.066236][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  166.066259][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.295391][ T5876] usb 2-1: config 0 descriptor??
[  166.403365][   T31] usb 5-1: Using ep0 maxpacket: 16
[  166.421460][   T31] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  166.421491][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.421510][   T31] usb 5-1: Product: syz
[  166.421579][   T31] usb 5-1: Manufacturer: syz
[  166.421594][   T31] usb 5-1: SerialNumber: syz
[  166.942244][   T31] r8152-cfgselector 5-1: Unknown version 0x0000
[  166.942272][   T31] r8152-cfgselector 5-1: config 0 descriptor??
[  167.467242][   T31] r8152-cfgselector 5-1: Needed 1 retries to read version
[  167.467297][   T31] r8152-cfgselector 5-1: Unknown version 0x0000
[  167.510681][ T5876] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  167.539857][   T31] r8152-cfgselector 5-1: bad CDC descriptors
[  167.565365][ T5876] usb 2-1: USB disconnect, device number 3
[  167.828898][ T6205] fido_id[6205]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  168.047446][ T6198] team0 (unregistering): Port device team_slave_0 removed
[  168.121199][ T6198] team0 (unregistering): Port device team_slave_1 removed
[  168.156149][   T31] r8152-cfgselector 5-1: USB disconnect, device number 4
[  169.207556][    C0] net_ratelimit: 6683 callbacks suppressed
[  169.207579][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  169.207982][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  169.208431][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  169.209122][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  169.209570][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  169.210778][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  169.211174][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  169.211886][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  169.212308][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  169.212583][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.704121][ T4218] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.557575][ T6150] chnl_net:caif_netlink_parms(): no params data found
[  172.986979][ T4218] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.894971][ T5807] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  173.895020][ T5807] CPU: 1 UID: 0 PID: 5807 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  173.895045][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  173.895058][ T5807] Workqueue: hci0 hci_rx_work
[  173.895118][ T5807] Call Trace:
[  173.895130][ T5807]  <TASK>
[  173.895140][ T5807]  dump_stack_lvl+0xe8/0x150
[  173.895175][ T5807]  sysfs_create_dir_ns+0x271/0x2a0
[  173.895201][ T5807]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  173.895227][ T5807]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  173.895257][ T5807]  ? rt_spin_unlock+0x160/0x200
[  173.895284][ T5807]  kobject_add_internal+0x631/0xd10
[  173.895328][ T5807]  kobject_add+0x163/0x240
[  173.895366][ T5807]  ? __pfx_kobject_add+0x10/0x10
[  173.895407][ T5807]  ? get_device_parent+0x370/0x3a0
[  173.895446][ T5807]  device_add+0x408/0xb80
[  173.895483][ T5807]  hci_conn_add_sysfs+0xd5/0x210
[  173.895512][ T5807]  le_conn_complete_evt+0xf1d/0x1430
[  173.895556][ T5807]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  173.895592][ T5807]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  173.895621][ T5807]  ? lockdep_hardirqs_on+0x7a/0x110
[  173.895653][ T5807]  ? skb_pull_data+0xfb/0x200
[  173.895679][ T5807]  hci_le_conn_complete_evt+0x187/0x470
[  173.895720][ T5807]  hci_event_packet+0x7af/0x12c0
[  173.895754][ T5807]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  173.895788][ T5807]  ? __pfx_hci_event_packet+0x10/0x10
[  173.895814][ T5807]  ? rt_spin_unlock+0x14f/0x200
[  173.895847][ T5807]  ? hci_send_to_monitor+0xe2/0x590
[  173.895873][ T5807]  hci_rx_work+0x3ee/0x1030
[  173.895914][ T5807]  ? process_scheduled_works+0xa25/0x1830
[  173.895947][ T5807]  process_scheduled_works+0xb02/0x1830
[  173.896008][ T5807]  ? __pfx_process_scheduled_works+0x10/0x10
[  173.896047][ T5807]  ? assign_work+0x3d5/0x5e0
[  173.896084][ T5807]  worker_thread+0xa50/0xfc0
[  173.896144][ T5807]  kthread+0x388/0x470
[  173.896186][ T5807]  ? __pfx_worker_thread+0x10/0x10
[  173.896217][ T5807]  ? __pfx_kthread+0x10/0x10
[  173.896242][ T5807]  ret_from_fork+0x51e/0xb90
[  173.896277][ T5807]  ? __pfx_ret_from_fork+0x10/0x10
[  173.896307][ T5807]  ? __switch_to+0xc7d/0x1450
[  173.896340][ T5807]  ? __pfx_kthread+0x10/0x10
[  173.896365][ T5807]  ret_from_fork_asm+0x1a/0x30
[  173.896406][ T5807]  </TASK>
[  173.896442][ T5807] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  173.896484][ T5807] Bluetooth: hci0: failed to register connection device
[  174.213919][    C0] net_ratelimit: 5547 callbacks suppressed
[  174.213942][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  174.214306][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  174.214763][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  174.215432][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  174.215878][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  174.216772][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  174.217132][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  174.217836][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  174.218223][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  174.218545][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  174.572303][ T4218] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.209063][    T9] libceph: connect (1)[c::]:6789 error -101
[  175.209767][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  175.574303][ T5933] libceph: connect (1)[c::]:6789 error -101
[  175.574480][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  175.598632][ T6243] ceph: No mds server is up or the cluster is laggy
[  176.030082][ T6240] netlink: 28 bytes leftover after parsing attributes in process `syz.4.89'.
[  176.492648][ T4218] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.542347][ T6150] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.542553][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.542924][ T6150] bridge_slave_0: entered allmulticast mode
[  176.571951][ T6150] bridge_slave_0: entered promiscuous mode
[  176.983639][ T6150] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.983765][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.984031][ T6150] bridge_slave_1: entered allmulticast mode
[  176.986924][ T6150] bridge_slave_1: entered promiscuous mode
[  176.993650][ T6162] chnl_net:caif_netlink_parms(): no params data found
[  177.443667][ T6150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.543095][ T6150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  178.643935][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  178.651786][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  178.655207][ T5810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  178.656533][ T5810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  178.657320][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  179.453711][    C0] net_ratelimit: 5425 callbacks suppressed
[  179.453739][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  179.454083][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  179.454593][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  179.457082][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  179.457880][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  179.458214][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  179.458756][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  179.459021][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  179.459225][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  179.459712][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  180.053407][ T5810] Bluetooth: hci0: command 0x0406 tx timeout
[  180.710837][ T5113] Bluetooth: hci3: command tx timeout
[  180.756432][ T6150] team0: Port device team_slave_0 added
[  181.748027][ T6150] team0: Port device team_slave_1 added
[  181.850626][ T6162] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.850778][ T6162] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.851015][ T6162] bridge_slave_0: entered allmulticast mode
[  181.895183][ T6162] bridge_slave_0: entered promiscuous mode
[  181.994160][ T6162] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.994287][ T6162] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.994490][ T6162] bridge_slave_1: entered allmulticast mode
[  182.025843][ T6162] bridge_slave_1: entered promiscuous mode
[  182.318116][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.318147][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  182.318183][ T6150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.489628][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.489647][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  182.489675][ T6150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.505912][ T6162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.513865][ T4218] bridge_slave_1: left allmulticast mode
[  182.514095][ T4218] bridge_slave_1: left promiscuous mode
[  182.518564][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.783666][ T5113] Bluetooth: hci3: command tx timeout
[  182.785635][ T4218] bridge_slave_0: left allmulticast mode
[  182.785660][ T4218] bridge_slave_0: left promiscuous mode
[  182.785891][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.310550][ T6280] xt_time: invalid argument - start or stop time greater than 23:59:59
[  183.539687][ T6282] netlink: 'syz.1.98': attribute type 21 has an invalid length.
[  184.474748][    C0] net_ratelimit: 4269 callbacks suppressed
[  184.474772][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  184.475220][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  184.475968][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  184.476319][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  184.476684][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  184.477120][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  184.477527][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  184.478204][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  184.478679][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  184.479721][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  184.864505][ T5113] Bluetooth: hci3: command tx timeout
[  185.063762][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.140510][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.188583][ T4218] bond0 (unregistering): Released all slaves
[  185.382381][ T6162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.933785][ T5113] Bluetooth: hci3: command tx timeout
[  188.471706][ T6162] team0: Port device team_slave_0 added
[  189.055223][ T6162] team0: Port device team_slave_1 added
[  189.091520][ T5113] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  189.162720][ T6150] hsr_slave_0: entered promiscuous mode
[  189.169866][ T6150] hsr_slave_1: entered promiscuous mode
[  189.170884][ T6150] debugfs: 'hsr0' already exists in 'hsr'
[  189.170911][ T6150] Cannot create hsr debugfs directory
[  189.487980][    C0] net_ratelimit: 6614 callbacks suppressed
[  189.488001][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  189.515389][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  189.515669][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  189.515977][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  189.516204][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  189.516645][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  189.516956][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  189.521760][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  189.522644][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  189.523158][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  190.496974][ T6305] fuse: Unknown parameter 'rootmodg'
[  190.994575][ T6305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.106'.
[  191.608243][ T6162] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.608261][ T6162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.608290][ T6162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.750436][ T6162] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.750455][ T6162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.750484][ T6162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.039909][ T4218] hsr_slave_0: left promiscuous mode
[  192.093437][ T4218] hsr_slave_1: left promiscuous mode
[  192.094683][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.094756][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.180632][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.180661][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.951518][ T4218] veth1_macvtap: left promiscuous mode
[  192.951788][ T4218] veth0_macvtap: left promiscuous mode
[  192.956529][ T4218] veth1_vlan: left promiscuous mode
[  192.956909][ T4218] veth0_vlan: left promiscuous mode
[  194.467739][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  194.467814][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  194.493616][    C0] net_ratelimit: 6827 callbacks suppressed
[  194.493637][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  194.494209][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  194.495437][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  194.496422][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  194.496908][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  194.497182][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  194.497419][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  194.497901][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  194.498210][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  194.498782][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  198.955126][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  199.019242][ T6330] fuse: Bad value for 'fd'
[  199.105305][ T6332] netlink: 12 bytes leftover after parsing attributes in process `syz.4.114'.
[  199.507369][    C0] net_ratelimit: 7121 callbacks suppressed
[  199.507391][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  199.573567][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  199.574404][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  199.574843][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  199.575594][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  199.575960][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  199.576339][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  199.576793][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  199.577255][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  199.577950][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  199.708503][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  200.040208][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  200.589872][ T6162] hsr_slave_0: entered promiscuous mode
[  200.591601][ T6162] hsr_slave_1: entered promiscuous mode
[  200.592593][ T6162] debugfs: 'hsr0' already exists in 'hsr'
[  200.592618][ T6162] Cannot create hsr debugfs directory
[  201.532705][ T6261] chnl_net:caif_netlink_parms(): no params data found
[  203.161643][ T6353] 9p: Bad value for 'rfdno'
[  204.514113][    C0] net_ratelimit: 7282 callbacks suppressed
[  204.514131][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  204.514772][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  204.515060][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  204.515292][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  204.515883][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  204.516225][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  204.516778][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  204.517075][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  204.517357][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  204.517730][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  206.666028][ T6362] fuse: Bad value for 'fd'
[  206.894008][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.122'.
[  209.374313][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  209.382450][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  209.403519][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  209.410235][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  209.411118][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  209.523324][    C0] net_ratelimit: 6455 callbacks suppressed
[  209.523346][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  209.523663][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  209.525835][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  209.526693][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  209.527190][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  209.527437][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  209.527647][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  209.528199][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  209.528517][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  209.528972][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  209.654797][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  210.345520][ T6398] ieee802154 phy0 wpan0: encryption failed: -22
[  210.715814][ T6261] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.715933][ T6261] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.716174][ T6261] bridge_slave_0: entered allmulticast mode
[  210.746906][ T6261] bridge_slave_0: entered promiscuous mode
[  210.783569][ T6261] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.783696][ T6261] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.783869][ T6261] bridge_slave_1: entered allmulticast mode
[  210.816326][ T6261] bridge_slave_1: entered promiscuous mode
[  211.240556][ T4218] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.317536][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  211.331740][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  211.343443][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  211.390306][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  211.391933][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  211.493703][ T5810] Bluetooth: hci1: command tx timeout
[  212.396150][ T6407] fuse: Bad value for 'fd'
[  212.459983][ T6408] netlink: 12 bytes leftover after parsing attributes in process `syz.4.130'.
[  213.228991][ T4218] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.415019][ T5810] Bluetooth: hci4: command tx timeout
[  213.467334][ T6261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  213.573608][ T5810] Bluetooth: hci1: command tx timeout
[  213.879029][ T4218] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.280084][ T6261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.232950][    C0] net_ratelimit: 5803 callbacks suppressed
[  215.232982][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  215.233879][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  215.234258][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  215.234556][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  215.235276][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  215.235724][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  215.236494][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  215.236837][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  215.237177][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  215.237547][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  215.495243][ T5810] Bluetooth: hci4: command tx timeout
[  215.653640][ T5810] Bluetooth: hci1: command tx timeout
[  217.922112][ T5810] Bluetooth: hci4: command tx timeout
[  217.922147][ T5810] Bluetooth: hci1: command tx timeout
[  218.340558][ T5807] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  218.529159][ T4218] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode
[  218.534617][ T4218] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.831044][ T6261] team0: Port device team_slave_0 added
[  219.152236][ T6261] team0: Port device team_slave_1 added
[  219.723104][ T6261] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.723122][ T6261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  219.723148][ T6261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.843546][ T6261] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.843559][ T6261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  219.843577][ T6261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.973440][ T5810] Bluetooth: hci4: command tx timeout
[  220.233604][    C0] net_ratelimit: 3447 callbacks suppressed
[  220.233624][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  220.234829][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  220.235495][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  220.235903][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  220.236212][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  220.236928][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  220.237393][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  220.238152][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  220.238544][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  220.238885][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  220.596173][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  220.833378][    T9] usb 2-1: Using ep0 maxpacket: 16
[  220.837977][    T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  220.838005][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.838026][    T9] usb 2-1: Product: syz
[  220.838041][    T9] usb 2-1: Manufacturer: syz
[  220.838054][    T9] usb 2-1: SerialNumber: syz
[  220.850617][    T9] r8152-cfgselector 2-1: Unknown version 0x0000
[  220.850682][    T9] r8152-cfgselector 2-1: config 0 descriptor??
[  221.741959][    T9] r8152-cfgselector 2-1: Needed 1 retries to read version
[  221.742006][    T9] r8152-cfgselector 2-1: Unknown version 0x0000
[  221.742470][    T9] r8152-cfgselector 2-1: bad CDC descriptors
[  221.909926][ T6445] ieee802154 phy0 wpan0: encryption failed: -22
[  222.163330][ T5113] Bluetooth: hci0: command 0x0406 tx timeout
[  222.163562][ T5113] Bluetooth: hci2: command 0x0406 tx timeout
[  223.246992][ T5881] r8152-cfgselector 2-1: USB disconnect, device number 4
[  224.653729][ T6261] hsr_slave_0: entered promiscuous mode
[  224.663725][ T6261] hsr_slave_1: entered promiscuous mode
[  224.664565][ T6261] debugfs: 'hsr0' already exists in 'hsr'
[  224.664587][ T6261] Cannot create hsr debugfs directory
[  225.243569][    C0] net_ratelimit: 6881 callbacks suppressed
[  225.243592][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  225.243959][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  225.244726][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  225.245137][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  225.245888][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  225.246350][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  225.246729][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  225.247243][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  225.247621][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  225.248407][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  227.152411][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  227.304050][ T6485] ieee802154 phy0 wpan0: encryption failed: -22
[  227.307237][ T4218] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.777747][ T4218] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.190664][ T4218] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.441534][ T6393] chnl_net:caif_netlink_parms(): no params data found
[  230.803351][    C0] net_ratelimit: 4969 callbacks suppressed
[  230.803369][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  230.803831][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  230.806668][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  230.808033][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  230.808693][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  230.809006][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  230.809266][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  230.809891][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  230.810263][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  230.810963][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  231.003153][ T4218] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode
[  231.003920][ T4218] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.060009][ T6505] netlink: 48 bytes leftover after parsing attributes in process `syz.1.154'.
[  231.552979][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.152'.
[  232.677138][ T6400] chnl_net:caif_netlink_parms(): no params data found
[  233.164387][ T6393] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.164670][ T6393] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.165241][ T6393] bridge_slave_0: entered allmulticast mode
[  233.171465][ T6393] bridge_slave_0: entered promiscuous mode
[  233.270865][ T6393] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.271000][ T6393] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.271193][ T6393] bridge_slave_1: entered allmulticast mode
[  233.320799][ T6393] bridge_slave_1: entered promiscuous mode
[  233.560995][ T6400] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.561113][ T6400] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.561569][ T6400] bridge_slave_0: entered allmulticast mode
[  233.597690][ T6400] bridge_slave_0: entered promiscuous mode
[  233.675518][ T6400] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.675636][ T6400] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.675845][ T6400] bridge_slave_1: entered allmulticast mode
[  233.713859][ T6400] bridge_slave_1: entered promiscuous mode
[  233.747729][ T6393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.847022][ T6393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  234.131148][ T6400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  234.153403][ T6261] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  234.304583][ T6400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  234.362028][ T6261] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  234.459340][ T6393] team0: Port device team_slave_0 added
[  234.512861][ T6261] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  234.645778][ T6393] team0: Port device team_slave_1 added
[  234.722494][ T5807] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  234.722521][ T5807] CPU: 1 UID: 0 PID: 5807 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  234.722545][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  234.722559][ T5807] Workqueue: hci2 hci_rx_work
[  234.722591][ T5807] Call Trace:
[  234.722599][ T5807]  <TASK>
[  234.722609][ T5807]  dump_stack_lvl+0xe8/0x150
[  234.722641][ T5807]  sysfs_create_dir_ns+0x271/0x2a0
[  234.722666][ T5807]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  234.722691][ T5807]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  234.722718][ T5807]  ? rt_spin_unlock+0x160/0x200
[  234.722744][ T5807]  kobject_add_internal+0x631/0xd10
[  234.722783][ T5807]  kobject_add+0x163/0x240
[  234.722819][ T5807]  ? __pfx_kobject_add+0x10/0x10
[  234.722857][ T5807]  ? get_device_parent+0x370/0x3a0
[  234.722893][ T5807]  device_add+0x408/0xb80
[  234.722930][ T5807]  hci_conn_add_sysfs+0xd5/0x210
[  234.722958][ T5807]  le_conn_complete_evt+0xf1d/0x1430
[  234.723000][ T5807]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  234.723032][ T5807]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  234.723061][ T5807]  ? lockdep_hardirqs_on+0x7a/0x110
[  234.723090][ T5807]  ? skb_pull_data+0xfb/0x200
[  234.723116][ T5807]  hci_le_conn_complete_evt+0x187/0x470
[  234.723153][ T5807]  hci_event_packet+0x7af/0x12c0
[  234.723188][ T5807]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  234.723219][ T5807]  ? __pfx_hci_event_packet+0x10/0x10
[  234.723243][ T5807]  ? rt_spin_unlock+0x14f/0x200
[  234.723274][ T5807]  ? hci_send_to_monitor+0xe2/0x590
[  234.723298][ T5807]  hci_rx_work+0x3ee/0x1030
[  234.723331][ T5807]  ? process_scheduled_works+0xa25/0x1830
[  234.723362][ T5807]  process_scheduled_works+0xb02/0x1830
[  234.723419][ T5807]  ? __pfx_process_scheduled_works+0x10/0x10
[  234.723456][ T5807]  ? assign_work+0x3d5/0x5e0
[  234.723499][ T5807]  worker_thread+0xa50/0xfc0
[  234.723559][ T5807]  kthread+0x388/0x470
[  234.723581][ T5807]  ? __pfx_worker_thread+0x10/0x10
[  234.723608][ T5807]  ? __pfx_kthread+0x10/0x10
[  234.723631][ T5807]  ret_from_fork+0x51e/0xb90
[  234.723663][ T5807]  ? __pfx_ret_from_fork+0x10/0x10
[  234.723690][ T5807]  ? __switch_to+0xc7d/0x1450
[  234.723730][ T5807]  ? __pfx_kthread+0x10/0x10
[  234.723751][ T5807]  ret_from_fork_asm+0x1a/0x30
[  234.723806][ T5807]  </TASK>
[  234.734944][ T5807] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  234.734991][ T5807] Bluetooth: hci2: failed to register connection device
[  235.813570][    C0] net_ratelimit: 6956 callbacks suppressed
[  235.813585][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  235.813891][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  235.814380][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  235.814699][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  235.815453][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  235.816201][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  235.816615][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  235.816785][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  235.817083][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  235.817326][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  236.505691][ T6261] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  238.740318][ T6400] team0: Port device team_slave_0 added
[  239.312924][ T6261] kthread_run failed with err -4
[  239.573912][ T6400] team0: Port device team_slave_1 added
[  239.639037][ T6393] batman_adv: batadv0: Adding interface: batadv_slave_0
[  239.639053][ T6393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  239.639078][ T6393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  239.662793][ T6393] batman_adv: batadv0: Adding interface: batadv_slave_1
[  239.662830][ T6393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  239.662891][ T6393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.972975][ T4218] bridge_slave_1: left allmulticast mode
[  239.973001][ T4218] bridge_slave_1: left promiscuous mode
[  239.974641][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.113236][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.162'.
[  240.257267][ T6568] ieee802154 phy0 wpan0: encryption failed: -22
[  240.644787][ T4218] bridge_slave_0: left allmulticast mode
[  240.646762][ T4218] bridge_slave_0: left promiscuous mode
[  240.680015][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.833063][    C0] net_ratelimit: 7621 callbacks suppressed
[  240.833107][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  240.836196][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  240.838208][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  240.840761][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  240.843076][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  240.847551][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  240.850286][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  240.859663][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  240.868114][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:66:21:37:9e:b4:66, vlan:0)
[  240.872542][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  241.573568][ T5807] Bluetooth: hci2: command 0x0406 tx timeout
[  241.737872][ T5807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  241.762097][ T5807] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  241.771344][ T5807] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  241.780920][ T5807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  241.781741][ T5807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  242.211085][ T4218] veth0_to_bridge: left allmulticast mode
[  242.230087][ T4218] veth0_to_bridge: left promiscuous mode
[  242.295202][ T4218] bridge0: port 3(veth0_to_bridge) entered disabled state
[  242.355034][ T4218] bridge_slave_1: left allmulticast mode
[  242.355065][ T4218] bridge_slave_1: left promiscuous mode
[  242.355314][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.424812][ T4218] bridge_slave_0: left allmulticast mode
[  242.424877][ T4218] bridge_slave_0: left promiscuous mode
[  242.425113][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.789050][ T5807] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  243.474033][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.563770][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.588422][ T4218] bond0 (unregistering): Released all slaves
[  243.893433][ T5807] Bluetooth: hci5: command tx timeout
[  244.013934][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.098653][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.116305][ T4218] bond0 (unregistering): Released all slaves
[  244.147572][ T6400] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.147588][ T6400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  244.147615][ T6400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.331031][ T6585] binder_alloc: 6584: binder_alloc_buf, no vma
[  244.438377][ T6400] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.438389][ T6400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  244.438406][ T6400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.548997][ T6393] hsr_slave_0: entered promiscuous mode
[  244.550261][ T6393] hsr_slave_1: entered promiscuous mode
[  244.551187][ T6393] debugfs: 'hsr0' already exists in 'hsr'
[  244.551223][ T6393] Cannot create hsr debugfs directory
[  244.670648][ T6400] hsr_slave_0: entered promiscuous mode
[  244.671840][ T6400] hsr_slave_1: entered promiscuous mode
[  244.672652][ T6400] debugfs: 'hsr0' already exists in 'hsr'
[  244.672668][ T6400] Cannot create hsr debugfs directory
[  245.987340][ T5807] Bluetooth: hci5: command tx timeout
[  247.475519][ T6613] netlink: 4 bytes leftover after parsing attributes in process `syz.4.174'.
[  248.131563][ T5807] Bluetooth: hci5: command tx timeout
[  248.239602][ T5807] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  248.994198][ T4218] dummy0: left promiscuous mode
[  249.153432][ T4218] hsr_slave_0: left promiscuous mode
[  249.181551][ T4218] hsr_slave_1: left promiscuous mode
[  249.182563][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.182587][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.235063][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.235095][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.303502][ T4218] dummy0: left promiscuous mode
[  249.323581][ T5881] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  249.423581][ T4218] hsr_slave_0: left promiscuous mode
[  249.443853][ T4218] hsr_slave_1: left promiscuous mode
[  249.446694][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.446713][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.494647][ T4218] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.494675][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.505007][ T5881] usb 2-1: unable to get BOS descriptor or descriptor too short
[  249.513057][ T5881] usb 2-1: config 250 has an invalid interface number: 59 but max is 0
[  249.513081][ T5881] usb 2-1: config 250 has no interface number 0
[  249.513132][ T5881] usb 2-1: config 250 interface 59 altsetting 255 endpoint 0xF has invalid maxpacket 512, setting to 8
[  249.513158][ T5881] usb 2-1: config 250 interface 59 altsetting 255 has an endpoint descriptor with address 0xC2, changing to 0x82
[  249.566885][ T5881] usb 2-1: config 250 interface 59 altsetting 255 endpoint 0x82 is Bulk; changing to Interrupt
[  249.566926][ T5881] usb 2-1: config 250 interface 59 altsetting 255 endpoint 0x8 has invalid maxpacket 512, setting to 8
[  249.566954][ T5881] usb 2-1: config 250 interface 59 altsetting 255 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  249.567003][ T5881] usb 2-1: config 250 interface 59 has no altsetting 0
[  249.627792][ T5881] usb 2-1: string descriptor 0 read error: -22
[  249.627967][ T5881] usb 2-1: New USB device found, idVendor=1b80, idProduct=e302, bcdDevice=8c.2b
[  249.627995][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.660260][ T6638] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  249.685386][ T5881] em28xx 2-1:250.59: New device   @ 1.5 Mbps (1b80:e302, interface 59, class 59)
[  249.685420][ T5881] em28xx 2-1:250.59: Device initialization failed.
[  249.685432][ T5881] em28xx 2-1:250.59: Device must be connected to a high-speed USB 2.0 port.
[  249.705044][ T4218] veth1_macvtap: left promiscuous mode
[  249.705310][ T4218] veth0_macvtap: left promiscuous mode
[  249.705933][ T4218] veth1_vlan: left promiscuous mode
[  249.709109][ T4218] veth0_vlan: left promiscuous mode
[  249.843572][ T4218] veth1_macvtap: left promiscuous mode
[  249.845339][ T4218] veth0_macvtap: left promiscuous mode
[  249.845520][ T4218] veth1_vlan: left promiscuous mode
[  249.845629][ T4218] veth0_vlan: left promiscuous mode
[  249.884277][ T5881] usb 2-1: USB disconnect, device number 5
[  250.145238][ T5810] Bluetooth: hci5: command tx timeout
[  250.474631][ T6640] netlink: 'syz.1.181': attribute type 21 has an invalid length.
[  251.416333][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  251.467594][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  252.057214][ T6653] net_ratelimit: 1943 callbacks suppressed
[  252.057231][ T6653] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  252.801243][ T6572] chnl_net:caif_netlink_parms(): no params data found
[  256.468869][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  256.468941][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  256.793294][ T6572] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.793395][ T6572] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.793590][ T6572] bridge_slave_0: entered allmulticast mode
[  256.797196][ T6572] bridge_slave_0: entered promiscuous mode
[  256.829504][ T6572] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.846361][ T6572] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.846588][ T6572] bridge_slave_1: entered allmulticast mode
[  256.852926][ T6572] bridge_slave_1: entered promiscuous mode
[  256.955447][ T6678] process 'syz.1.188' launched './file0' with NULL argv: empty string added
[  257.169364][ T5810] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  257.395548][ T6686] xt_time: invalid argument - start or stop time greater than 23:59:59
[  257.459298][ T6572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  257.472827][ T6572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  257.868025][ T6572] team0: Port device team_slave_0 added
[  257.891187][ T6572] team0: Port device team_slave_1 added
[  258.056286][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_0
[  258.056299][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  258.056317][ T6572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.057814][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.057824][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  258.057842][ T6572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.193740][ T5859] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  258.341173][ T6572] hsr_slave_0: entered promiscuous mode
[  258.352650][ T6572] hsr_slave_1: entered promiscuous mode
[  258.357302][ T6572] debugfs: 'hsr0' already exists in 'hsr'
[  258.357372][ T6572] Cannot create hsr debugfs directory
[  258.395511][ T5859] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  258.395550][ T5859] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.475969][ T5859] usb 5-1: config 0 descriptor??
[  258.729636][ T5859] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  258.940430][ T5859] [drm:udl_init] *ERROR* Selecting channel failed
[  259.051847][ T5859] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[  259.051875][ T5859] [drm] Initialized udl on minor 2
[  259.077430][ T5859] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  259.079906][ T5859] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  259.115084][ T5859] usb 5-1: USB disconnect, device number 5
[  259.115825][    T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  259.154670][    T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  259.553452][ T6713] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  260.036325][ T6393] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  260.270219][ T6393] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  264.763449][ T6393] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  265.017358][ T6393] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  265.192410][ T6731] xt_time: invalid argument - start or stop time greater than 23:59:59
[  265.603880][ T6742] netlink: 4 bytes leftover after parsing attributes in process `syz.1.197'.
[  266.176241][ T6751] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  266.364413][ T6400] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  266.398567][ T6757] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  266.401736][ T6400] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  266.762515][ T6400] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  266.854874][ T6400] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  266.927840][ T5807] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  267.718348][ T4218] bridge_slave_1: left allmulticast mode
[  267.718368][ T4218] bridge_slave_1: left promiscuous mode
[  267.718600][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.775127][ T4218] bridge_slave_0: left allmulticast mode
[  267.775149][ T4218] bridge_slave_0: left promiscuous mode
[  267.775356][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.891225][ T4218] bridge_slave_1: left allmulticast mode
[  267.891251][ T4218] bridge_slave_1: left promiscuous mode
[  267.891487][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.955264][ T4218] bridge_slave_0: left allmulticast mode
[  267.955292][ T4218] bridge_slave_0: left promiscuous mode
[  267.955529][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.030575][ T4218] bridge_slave_1: left allmulticast mode
[  268.030605][ T4218] bridge_slave_1: left promiscuous mode
[  268.031591][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.096942][ T4218] bridge_slave_0: left allmulticast mode
[  268.096987][ T4218] bridge_slave_0: left promiscuous mode
[  268.097216][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.583867][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  272.140422][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  272.283787][ T4218] bond0 (unregistering): Released all slaves
[  272.534230][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  272.569431][ T5807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  272.572030][ T5807] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  272.577008][ T5807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  272.586652][ T5807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  272.588278][ T5807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  272.634786][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  272.720307][ T5810] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  272.730740][ T5810] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  272.740241][ T5810] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  272.758981][ T5810] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  272.759822][ T5810] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  272.794938][ T4218] bond0 (unregistering): Released all slaves
[  272.964737][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.064019][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.130394][ T4218] bond0 (unregistering): Released all slaves
[  274.339310][ T6806] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  274.339371][ T6806] CIFS mount error: No usable UNC path provided in device string!
[  274.339371][ T6806] 
[  274.339666][ T6806] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  274.967049][ T5807] Bluetooth: hci3: command tx timeout
[  274.967058][ T5810] Bluetooth: hci6: command tx timeout
[  275.713388][ T6814] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  276.262761][ T4218] hsr_slave_0: left promiscuous mode
[  276.303474][ T4218] hsr_slave_1: left promiscuous mode
[  276.304987][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  276.354840][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  276.573340][ T4218] hsr_slave_0: left promiscuous mode
[  276.623370][ T4218] hsr_slave_1: left promiscuous mode
[  276.624259][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  276.664124][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  276.715610][ T6830] fuse: Unknown parameter 'rootmodg'
[  276.881469][ T6832] netlink: 12 bytes leftover after parsing attributes in process `syz.4.212'.
[  277.013478][ T5810] Bluetooth: hci6: command tx timeout
[  277.014065][ T5810] Bluetooth: hci3: command tx timeout
[  277.383374][ T4218] hsr_slave_0: left promiscuous mode
[  277.415858][ T4218] hsr_slave_1: left promiscuous mode
[  277.431869][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  277.454246][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  277.552534][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.211'.
[  277.735535][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  278.245384][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  278.314034][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  281.808896][ T5807] Bluetooth: hci3: command tx timeout
[  281.808930][ T5807] Bluetooth: hci6: command tx timeout
[  282.547132][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  282.594002][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  286.183820][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  286.264632][ T5810] Bluetooth: hci6: command tx timeout
[  286.264740][ T5810] Bluetooth: hci3: command tx timeout
[  286.342276][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  287.406523][ T6867] netlink: 'syz.4.218': attribute type 21 has an invalid length.
[  288.223796][ T6875] dummy0: entered promiscuous mode
[  288.225219][ T6875] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  288.226350][ T6875] debugfs: 'hsr1' already exists in 'hsr'
[  288.226373][ T6875] Cannot create hsr debugfs directory
[  288.226559][ T6875] hsr1: entered allmulticast mode
[  288.226574][ T6875] dummy0: entered allmulticast mode
[  288.226597][ T6875] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  288.421348][ T6572] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  288.685239][ T6572] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  288.781791][ T6572] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  288.888857][ T6572] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  289.225930][ T6895] 9pnet_virtio: no channels available for device syz
[  289.636169][ T6793] chnl_net:caif_netlink_parms(): no params data found
[  289.659230][ T5807] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  289.935956][ T6795] chnl_net:caif_netlink_parms(): no params data found
[  290.287742][ T6793] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.287889][ T6793] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.288042][ T6793] bridge_slave_0: entered allmulticast mode
[  290.292712][ T6793] bridge_slave_0: entered promiscuous mode
[  290.366175][ T6793] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.366294][ T6793] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.366542][ T6793] bridge_slave_1: entered allmulticast mode
[  290.369125][ T6793] bridge_slave_1: entered promiscuous mode
[  290.534668][ T6793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.597110][ T6793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.597769][ T6795] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.597882][ T6795] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.598082][ T6795] bridge_slave_0: entered allmulticast mode
[  290.602479][ T6795] bridge_slave_0: entered promiscuous mode
[  290.669403][ T6795] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.669575][ T6795] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.669747][ T6795] bridge_slave_1: entered allmulticast mode
[  290.672286][ T6795] bridge_slave_1: entered promiscuous mode
[  290.783712][ T6793] team0: Port device team_slave_0 added
[  290.822306][ T6793] team0: Port device team_slave_1 added
[  290.832812][ T6795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.872723][ T6795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.970665][ T6793] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.970678][ T6793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  290.970697][ T6793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.063408][ T6793] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.063426][ T6793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.063453][ T6793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.125166][ T6795] team0: Port device team_slave_0 added
[  291.190529][ T6795] team0: Port device team_slave_1 added
[  291.320228][ T6795] batman_adv: batadv0: Adding interface: batadv_slave_0
[  291.320244][ T6795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.320272][ T6795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.410035][ T6795] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.410048][ T6795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.410069][ T6795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.466295][ T6793] hsr_slave_0: entered promiscuous mode
[  291.468624][ T6793] hsr_slave_1: entered promiscuous mode
[  291.469644][ T6793] debugfs: 'hsr0' already exists in 'hsr'
[  291.469668][ T6793] Cannot create hsr debugfs directory
[  291.868124][ T6572] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.110586][ T6795] hsr_slave_0: entered promiscuous mode
[  292.114938][ T6795] hsr_slave_1: entered promiscuous mode
[  292.123514][ T6795] debugfs: 'hsr0' already exists in 'hsr'
[  292.123532][ T6795] Cannot create hsr debugfs directory
[  296.567447][ T6572] 8021q: adding VLAN 0 to HW filter on device team0
[  296.788587][  T787] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.788904][  T787] bridge0: port 1(bridge_slave_0) entered forwarding state
[  300.495395][  T787] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.528486][  T787] bridge0: port 2(bridge_slave_1) entered forwarding state
[  300.827303][ T5810] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  300.880422][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  300.900869][ T5807] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  300.902740][ T5807] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  300.920671][ T5807] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  300.921529][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  305.923242][ T5807] Bluetooth: hci1: command tx timeout
[  306.586414][ T6989] 9pnet_virtio: no channels available for device syz
[  310.863205][ T5810] Bluetooth: hci1: command 0x041b tx timeout
[  312.019467][ T5807] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  312.418424][ T4218] bridge_slave_1: left allmulticast mode
[  312.418451][ T4218] bridge_slave_1: left promiscuous mode
[  312.418699][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.499860][ T4218] bridge_slave_0: left allmulticast mode
[  312.500984][ T4218] bridge_slave_0: left promiscuous mode
[  312.502545][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.597498][ T4218] bridge_slave_1: left allmulticast mode
[  312.597528][ T4218] bridge_slave_1: left promiscuous mode
[  312.597782][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.675455][ T4218] bridge_slave_0: left allmulticast mode
[  312.675578][ T4218] bridge_slave_0: left promiscuous mode
[  312.675818][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.933444][ T5810] Bluetooth: hci1: command 0x041b tx timeout
[  316.843878][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  316.851560][ T5807] Bluetooth: hci1: command 0x041b tx timeout
[  316.985593][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  317.048450][ T7036] capability: warning: `syz.1.243' uses 32-bit capabilities (legacy support in use)
[  317.050782][ T7036] program syz.1.243 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  317.084933][ T4218] bond0 (unregistering): Released all slaves
[  317.146735][ T7038] netlink: 'syz.1.244': attribute type 21 has an invalid length.
[  317.344625][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  317.344692][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  317.525054][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  317.604578][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  317.675041][ T4218] bond0 (unregistering): Released all slaves
[  318.336783][ T7044] syz.4.245 uses obsolete (PF_INET,SOCK_PACKET)
[  318.854187][ T5807] Bluetooth: hci1: command 0x041b tx timeout
[  319.152222][ T5807] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  319.516707][ T4218] hsr_slave_0: left promiscuous mode
[  319.543384][ T4218] hsr_slave_1: left promiscuous mode
[  319.545818][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.594108][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  319.814495][ T4218] hsr_slave_0: left promiscuous mode
[  319.858582][ T4218] hsr_slave_1: left promiscuous mode
[  319.859224][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.906803][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  320.696924][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  320.814125][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  320.874031][ T7071] 9pnet_virtio: no channels available for device syz
[  323.834577][ T7085] netlink: 'syz.4.253': attribute type 21 has an invalid length.
[  328.103878][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  328.163796][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  329.353059][   T36] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  329.627112][ T6965] chnl_net:caif_netlink_parms(): no params data found
[  329.764481][ T6965] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.764662][ T6965] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.764908][ T6965] bridge_slave_0: entered allmulticast mode
[  329.767465][ T6965] bridge_slave_0: entered promiscuous mode
[  329.770623][ T6965] bridge0: port 2(bridge_slave_1) entered blocking state
[  329.770803][ T6965] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.770958][ T6965] bridge_slave_1: entered allmulticast mode
[  329.803757][ T6965] bridge_slave_1: entered promiscuous mode
[  329.861436][   T36] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  329.861471][   T36] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  329.862568][   T36] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  329.862590][   T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  329.862612][   T36] usb 2-1: SerialNumber: syz
[  329.927902][   T36] usb 2-1: bad CDC descriptors
[  329.964287][   T36] usb-storage 2-1:1.0: USB Mass Storage device detected
[  329.987805][   T36] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  330.012272][ T6965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.017528][ T6965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.112730][ T6965] team0: Port device team_slave_0 added
[  330.152362][ T5859] usb 2-1: USB disconnect, device number 6
[  330.164218][ T6965] team0: Port device team_slave_1 added
[  330.328031][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_0
[  330.328049][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  330.328080][ T6965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  330.365181][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_1
[  330.365224][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  330.365288][ T6965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  330.518153][ T6965] hsr_slave_0: entered promiscuous mode
[  330.519884][ T6965] hsr_slave_1: entered promiscuous mode
[  330.520658][ T6965] debugfs: 'hsr0' already exists in 'hsr'
[  330.520680][ T6965] Cannot create hsr debugfs directory
[  330.566989][ T6793] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  330.590940][ T7113] 9pnet_virtio: no channels available for device syz
[  331.204524][ T5807] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  331.215759][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  331.216942][ T5807] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  331.218466][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  331.219235][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  332.665636][ T7127] loop2: detected capacity change from 0 to 7
[  332.734520][ T5810] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  332.751106][ T5810] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  332.752210][ T5810] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  332.776393][ T5810] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  332.776843][ T7101] Dev loop2: unable to read RDB block 7
[  332.776873][ T7101]  loop2: AHDI p1 p2 p3
[  332.776900][ T7101] loop2: partition table partially beyond EOD, truncated
[  332.779825][ T5810] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  332.833092][ T7101] loop2: p1 start 1818582900 is beyond EOD, truncated
[  332.833119][ T7101] loop2: p3 start 335544320 is beyond EOD, truncated
[  332.896025][ T7127] Dev loop2: unable to read RDB block 7
[  332.896052][ T7127]  loop2: AHDI p1 p2 p3
[  332.896076][ T7127] loop2: partition table partially beyond EOD, truncated
[  332.904889][ T7127] loop2: p1 start 1818582900 is beyond EOD, truncated
[  332.904938][ T7127] loop2: p3 start 335544320 is beyond EOD, truncated
[  333.253313][ T5810] Bluetooth: hci4: command tx timeout
[  334.205552][ T7137] netlink: 'syz.4.261': attribute type 21 has an invalid length.
[  335.679673][ T5810] Bluetooth: hci5: command tx timeout
[  338.351578][ T5807] Bluetooth: hci5: command tx timeout
[  338.358639][ T5810] Bluetooth: hci4: command tx timeout
[  339.173321][    T9] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  339.342682][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  339.342730][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  339.364406][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  339.364486][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  339.364544][    T9] usb 5-1: SerialNumber: syz
[  339.412599][    T9] cdc_ether 5-1:1.0: skipping garbage
[  339.412617][    T9] usb 5-1: bad CDC descriptors
[  339.418885][    T9] usb-storage 5-1:1.0: USB Mass Storage device detected
[  339.433816][    T9] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  339.591026][ T5859] usb 5-1: USB disconnect, device number 7
[  339.999840][ T7164] 9pnet_virtio: no channels available for device syz
[  340.376708][ T5807] Bluetooth: hci5: command tx timeout
[  340.379646][ T5810] Bluetooth: hci4: command tx timeout
[  345.398884][ T5807] Bluetooth: hci5: command tx timeout
[  345.398933][ T5810] Bluetooth: hci4: command tx timeout
[  345.892830][ T7118] chnl_net:caif_netlink_parms(): no params data found
[  345.915736][ T7128] chnl_net:caif_netlink_parms(): no params data found
[  346.003263][    T9] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  346.166049][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  346.166071][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  346.166095][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  346.166109][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.169398][    T9] usb 5-1: config 0 descriptor??
[  346.224717][    T9] hub 5-1:0.0: USB hub found
[  346.523521][ T7191] netlink: 'syz.4.271': attribute type 7 has an invalid length.
[  346.577480][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.271'.
[  346.680518][    T9] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  347.332548][ T7118] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.332778][ T7118] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.332966][ T7118] bridge_slave_0: entered allmulticast mode
[  347.345871][ T7118] bridge_slave_0: entered promiscuous mode
[  347.458642][ T7118] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.458760][ T7118] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.459022][ T7118] bridge_slave_1: entered allmulticast mode
[  347.461670][ T7118] bridge_slave_1: entered promiscuous mode
[  347.497049][ T7128] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.497235][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.497677][ T7128] bridge_slave_0: entered allmulticast mode
[  347.501827][ T7128] bridge_slave_0: entered promiscuous mode
[  347.535024][ T7205] 9pnet_virtio: no channels available for device syz
[  347.816241][ T7128] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.816390][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.817437][ T7128] bridge_slave_1: entered allmulticast mode
[  347.849016][ T7128] bridge_slave_1: entered promiscuous mode
[  347.952658][ T6965] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  348.042470][ T7118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  348.144348][ T6965] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  348.181794][ T7118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.196041][ T7128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  348.201905][ T6965] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  348.288841][ T7128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.291265][ T6965] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  348.551068][ T7118] team0: Port device team_slave_0 added
[  348.619187][ T7118] team0: Port device team_slave_1 added
[  348.651693][ T7128] team0: Port device team_slave_0 added
[  348.734880][ T7128] team0: Port device team_slave_1 added
[  348.855966][ T7118] batman_adv: batadv0: Adding interface: batadv_slave_0
[  348.855983][ T7118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  348.856009][ T7118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  348.860607][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  348.860715][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  348.956352][    T9] usb 5-1: USB disconnect, device number 8
[  349.010800][ T7118] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.010816][ T7118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  349.010842][ T7118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  349.083836][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  349.083849][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  349.083868][ T7128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.143834][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.143851][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  349.143878][ T7128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  349.383279][ T5881] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  349.547445][ T5881] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.547504][ T5881] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  349.550867][ T5881] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  349.550894][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  349.550911][ T5881] usb 5-1: SerialNumber: syz
[  349.629091][ T5881] cdc_ether 5-1:1.0: skipping garbage
[  349.629113][ T5881] usb 5-1: bad CDC descriptors
[  349.630808][ T5881] usb-storage 5-1:1.0: USB Mass Storage device detected
[  349.655496][ T5881] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  349.657852][ T7118] hsr_slave_0: entered promiscuous mode
[  349.659151][ T7118] hsr_slave_1: entered promiscuous mode
[  349.659955][ T7118] debugfs: 'hsr0' already exists in 'hsr'
[  349.659978][ T7118] Cannot create hsr debugfs directory
[  349.825576][ T5859] usb 5-1: USB disconnect, device number 9
[  349.874897][ T7128] hsr_slave_0: entered promiscuous mode
[  349.876054][ T7128] hsr_slave_1: entered promiscuous mode
[  349.877396][ T7128] debugfs: 'hsr0' already exists in 'hsr'
[  349.877420][ T7128] Cannot create hsr debugfs directory
[  354.063486][ T6965] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.535837][ T4218] bridge_slave_1: left allmulticast mode
[  354.535865][ T4218] bridge_slave_1: left promiscuous mode
[  354.536085][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.778167][ T4218] bridge_slave_0: left allmulticast mode
[  354.778196][ T4218] bridge_slave_0: left promiscuous mode
[  354.778466][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.914829][ T4218] bridge_slave_1: left allmulticast mode
[  354.914857][ T4218] bridge_slave_1: left promiscuous mode
[  354.915090][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.216175][ T4218] bridge_slave_0: left allmulticast mode
[  355.216205][ T4218] bridge_slave_0: left promiscuous mode
[  355.216424][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.277030][ T4218] bridge_slave_1: left allmulticast mode
[  356.277077][ T4218] bridge_slave_1: left promiscuous mode
[  356.277330][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.384554][ T4218] bridge_slave_0: left allmulticast mode
[  356.384575][ T4218] bridge_slave_0: left promiscuous mode
[  356.384755][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.695727][ T7269] 9pnet_virtio: no channels available for device syz
[  357.023922][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  357.256421][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  357.336973][ T4218] bond0 (unregistering): Released all slaves
[  357.574183][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  357.654510][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  357.716341][ T4218] bond0 (unregistering): Released all slaves
[  358.144218][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  358.224080][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  358.285682][ T4218] bond0 (unregistering): Released all slaves
[  358.951146][ T6965] 8021q: adding VLAN 0 to HW filter on device team0
[  359.962516][ T1363] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.962683][ T1363] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.006204][  T787] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.006337][  T787] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.033860][ T7283] loop2: detected capacity change from 0 to 7
[  360.055706][ T7283] Dev loop2: unable to read RDB block 7
[  360.055739][ T7283]  loop2: AHDI p1 p2 p3
[  360.055766][ T7283] loop2: partition table partially beyond EOD, truncated
[  360.056003][ T7283] loop2: p1 start 1818582900 is beyond EOD, truncated
[  360.056021][ T7283] loop2: p3 start 335544320 is beyond EOD, truncated
[  360.238952][ T7287] program syz.4.290 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  360.553321][ T4218] hsr_slave_0: left promiscuous mode
[  360.578158][ T4218] hsr_slave_1: left promiscuous mode
[  360.579136][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  361.435170][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  361.751255][ T5807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  361.771543][ T5807] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  361.772712][ T5807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  361.788741][ T5807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  361.789468][ T5807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  363.124803][ T4218] hsr_slave_0: left promiscuous mode
[  363.303492][ T4218] hsr_slave_1: left promiscuous mode
[  363.304398][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  363.371919][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  363.414325][ T7307] program syz.4.295 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  363.614544][ T4218] hsr_slave_0: left promiscuous mode
[  363.652484][ T7313] program syz.4.298 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  363.670038][ T4218] hsr_slave_1: left promiscuous mode
[  363.670898][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  363.714240][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  363.754737][ T7315] program syz.4.299 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  363.893297][ T5810] Bluetooth: hci3: command tx timeout
[  364.334756][ T7327] loop2: detected capacity change from 0 to 7
[  364.342401][ T7190] Dev loop2: unable to read RDB block 7
[  364.342432][ T7190]  loop2: AHDI p1 p2 p3
[  364.342459][ T7190] loop2: partition table partially beyond EOD, truncated
[  364.345017][ T7190] loop2: p1 start 1818582900 is beyond EOD, truncated
[  364.345097][ T7190] loop2: p3 start 335544320 is beyond EOD, truncated
[  364.351584][ T7327] Dev loop2: unable to read RDB block 7
[  364.351713][ T7327]  loop2: AHDI p1 p2 p3
[  364.351777][ T7327] loop2: partition table partially beyond EOD, truncated
[  364.378231][ T7327] loop2: p1 start 1818582900 is beyond EOD, truncated
[  364.378328][ T7327] loop2: p3 start 335544320 is beyond EOD, truncated
[  364.634189][ T7330] loop2: detected capacity change from 0 to 7
[  364.638479][ T7330] Dev loop2: unable to read RDB block 7
[  364.638507][ T7330]  loop2: AHDI p1 p2 p3
[  364.638532][ T7330] loop2: partition table partially beyond EOD, truncated
[  364.639907][ T7330] loop2: p1 start 1818582900 is beyond EOD, truncated
[  364.639929][ T7330] loop2: p3 start 335544320 is beyond EOD, truncated
[  364.874291][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  365.896802][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  365.973519][ T5810] Bluetooth: hci3: command tx timeout
[  366.640055][ T7344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.310'.
[  367.124229][ T7342] batman_adv: batadv: cannot create tp meter kthread
[  367.547190][ T7352] program syz.4.313 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  367.903862][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  368.125703][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  368.777581][ T5810] Bluetooth: hci3: command tx timeout
[  369.931327][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  370.027315][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  370.073760][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  371.603266][ T5807] Bluetooth: hci3: command tx timeout
[  372.429136][ T7389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.318'.
[  372.854598][ T7387] batman_adv: batadv: cannot create tp meter kthread
[  374.474424][ T7298] chnl_net:caif_netlink_parms(): no params data found
[  374.923650][ T7298] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.923765][ T7298] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.923951][ T7298] bridge_slave_0: entered allmulticast mode
[  374.959164][ T7298] bridge_slave_0: entered promiscuous mode
[  374.979138][ T7298] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.979209][ T7298] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.979328][ T7298] bridge_slave_1: entered allmulticast mode
[  374.981019][ T7298] bridge_slave_1: entered promiscuous mode
[  375.208184][ T7298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.208253][ T7118] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  375.288065][ T7298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.302064][ T7118] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  375.458007][ T7118] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  375.640319][ T7118] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  375.705872][ T7298] team0: Port device team_slave_0 added
[  375.794210][ T7298] team0: Port device team_slave_1 added
[  375.856197][ T7438] loop2: detected capacity change from 0 to 7
[  375.857435][ T7438] Dev loop2: unable to read RDB block 7
[  375.857466][ T7438]  loop2: AHDI p1 p2 p3
[  375.857494][ T7438] loop2: partition table partially beyond EOD, truncated
[  375.857738][ T7438] loop2: p1 start 1818582900 is beyond EOD, truncated
[  375.857759][ T7438] loop2: p3 start 335544320 is beyond EOD, truncated
[  377.700679][ T7298] batman_adv: batadv0: Adding interface: batadv_slave_0
[  377.700692][ T7298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  377.700711][ T7298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  377.783417][ T7298] batman_adv: batadv0: Adding interface: batadv_slave_1
[  377.783434][ T7298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  377.783488][ T7298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  378.006152][ T5807] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  378.021157][ T7128] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  378.127792][ T7128] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  378.198343][ T7128] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  378.292727][ T7298] hsr_slave_0: entered promiscuous mode
[  378.298197][ T7298] hsr_slave_1: entered promiscuous mode
[  378.300904][ T7298] debugfs: 'hsr0' already exists in 'hsr'
[  378.300970][ T7298] Cannot create hsr debugfs directory
[  378.327574][ T7128] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  378.783346][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  378.783417][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  379.640209][ T7481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.327'.
[  380.119542][ T7480] batman_adv: batadv: cannot create tp meter kthread
[  380.425489][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  382.406740][ T7118] 8021q: adding VLAN 0 to HW filter on device bond0
[  382.464738][ T7118] 8021q: adding VLAN 0 to HW filter on device team0
[  382.500733][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.500972][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  382.528464][ T7128] 8021q: adding VLAN 0 to HW filter on device bond0
[  382.684925][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.688950][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  382.811342][ T7128] 8021q: adding VLAN 0 to HW filter on device team0
[  382.869997][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.872598][ T6073] bridge0: port 1(bridge_slave_0) entered forwarding state
[  382.997079][ T1363] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.999507][ T1363] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.160911][ T4218] bridge_slave_1: left allmulticast mode
[  384.160939][ T4218] bridge_slave_1: left promiscuous mode
[  384.161133][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.235301][ T4218] bridge_slave_0: left allmulticast mode
[  384.235329][ T4218] bridge_slave_0: left promiscuous mode
[  384.235525][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.045631][ T5807] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  386.404045][ T7525] fuse: Unknown parameter 'Name:	syz.4.337
[  386.404045][ T7525] Umask:	0077
[  386.404045][ T7525] State:	R (running)
[  386.404045][ T7525] Tgid:	503
[  386.404045][ T7525] Ngid:	0
[  386.404045][ T7525] Pid:	505
[  386.404045][ T7525] PPid:	1
[  386.404045][ T7525] TracerPid:	0
[  386.404045][ T7525] Uid:	0	0	0	0
[  386.404045][ T7525] Gid:	0	0	0	0
[  386.404045][ T7525] FDSize:	256
[  386.404045][ T7525] Groups:	0 10 
[  386.404045][ T7525] NStgid:	503
[  386.404045][ T7525] NSpid:	505
[  386.404045][ T7525] NSpgid:	503
[  386.404045][ T7525] NSsid:	0
[  386.404045][ T7525] Kthread:	0
[  386.404045][ T7525] VmPeak:	  102488 kB
[  386.404045][ T7525] VmSize:	  102488 kB
[  386.404045][ T7525] VmLck:	       0 kB
[  386.404045][ T7525] VmPin:	       0 kB
[  386.404045][ T7525] VmHWM:	   24404 kB
[  386.404045][ T7525] VmRSS:	   24404 kB
[  386.404045][ T7525] RssAnon:	    1460 kB
[  386.404045][ T7525] RssFile:	   22944 kB
[  386.404045][ T7525] RssShmem:	       0 kB
[  386.404045][ T7525] VmData:	   36712 kB
[  386.404045][ T7525] VmStk:	     132 kB
[  386.404045][ T7525] VmExe:	    1772 kB
[  386.404045][ T7525] VmLib:	       8 kB
[  386.404045][ T7525] VmPTE:	     132 kB
[  386.404045][ T7525] VmSwap:	       0 kB
[  386.404045][ T7525] HugetlbPages:	       0 kB
[  386.404045][ T7525] CoreDumping:	0
[  386.404045][ T7525] THP_enabled:	0
[  386.404045][ T7525] untag_mask:	0xffffffffffffffff
[  386.404045][ T7525] Threads:	3
[  386.404045][ T7525] SigQ:	0/13021
[  386.404045][ T7525] SigPnd:	0000000000000000
[  386.404045][ T7525] ShdPnd:	0000000000000000
[  386.404045][ T7525] SigBlk:	0000000000000000
[  386.404045][ T7525] SigIgn:	fffffffefffaba35
[  386.404045][ T7525] SigCgt:	0000000100010440
[  386.404045][ T7525] CapInh:	0000000000000000
[  386.404045][ T7525] CapPrm:	000001ffff77ffff
[  386.404045][ T7525] CapEff:	000001ffff77ffff
[  386.404045][ T7525] CapBnd:	000001ffffffffff
[  386.404045][ T7525] CapAmb:	0000000000000000
[  386.404045][ T7525] NoNewPrivs:	0
[  386.902185][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  387.183993][ T4218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  387.265567][ T4218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  387.328410][ T4218] bond0 (unregistering): Released all slaves
[  387.885947][ T4218] hsr_slave_0: left promiscuous mode
[  387.923381][ T4218] hsr_slave_1: left promiscuous mode
[  387.924252][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.974573][ T4218] batman_adv: batadv0: Removing interface: batadv_slave_1
[  388.454630][ T4218] team0 (unregistering): Port device team_slave_1 removed
[  388.503799][ T4218] team0 (unregistering): Port device team_slave_0 removed
[  389.813588][ T7118] 8021q: adding VLAN 0 to HW filter on device batadv0
[  390.434035][ T7298] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  391.118367][ T7561] fuse: Unknown parameter 'acerPid:	0
[  391.118367][ T7561] Uid:	0	0	0	0
[  391.118367][ T7561] Gid:	0	0	0	0
[  391.118367][ T7561] FDSize:	256
[  391.118367][ T7561] Groups:	0 10 
[  391.118367][ T7561] NStgid:	523
[  391.118367][ T7561] NSpid:	524
[  391.118367][ T7561] NSpgid:	523
[  391.118367][ T7561] NSsid:	0
[  391.118367][ T7561] Kthread:	0
[  391.118367][ T7561] VmPeak:	  102488 kB
[  391.118367][ T7561] VmSize:	  102488 kB
[  391.118367][ T7561] VmLck:	       0 kB
[  391.118367][ T7561] VmPin:	       0 kB
[  391.118367][ T7561] VmHWM:	   24480 kB
[  391.118367][ T7561] VmRSS:	   24480 kB
[  391.118367][ T7561] RssAnon:	    1532 kB
[  391.118367][ T7561] RssFile:	   22948 kB
[  391.118367][ T7561] RssShmem:	       0 kB
[  391.118367][ T7561] VmData:	   36840 kB
[  391.118367][ T7561] VmStk:	     132 kB
[  391.118367][ T7561] VmExe:	    1772 kB
[  391.118367][ T7561] VmLib:	       8 kB
[  391.118367][ T7561] VmPTE:	     132 kB
[  391.118367][ T7561] VmSwap:	       0 kB
[  391.118367][ T7561] HugetlbPages:	       0 kB
[  391.118367][ T7561] CoreDumping:	0
[  391.118367][ T7561] THP_enabled:	0
[  391.118367][ T7561] untag_mask:	0xffffffffffffffff
[  391.118367][ T7561] Threads:	4
[  391.118367][ T7561] SigQ:	1/13021
[  391.118367][ T7561] SigPnd:	0000000000000000
[  391.118367][ T7561] ShdPnd:	0000000000000000
[  391.118367][ T7561] SigBlk:	0000000000000000
[  391.118367][ T7561] SigIgn:	fffffffefffaba35
[  391.118367][ T7561] SigCgt:	0000000100010440
[  391.118367][ T7561] CapInh:	0000000000000000
[  391.118367][ T7561] CapPrm:	000001ffff77ffff
[  391.118367][ T7561] CapEff:	000001ffff77ffff
[  391.118367][ T7561] CapBnd:	000001ffffffffff
[  391.118367][ T7561] CapAmb:	0000000000000000
[  391.118367][ T7561] NoNewPrivs:	0
[  391.118367][ T7561] Seccomp:	0
[  391.118367][ T7561] Seccomp_filters:	0
[  391.118367][ T7561] Speculation_Store_Bypass:	thread vulnerable
[  391.118367][ T7561] SpeculationIndirectBranch:	conditional enabled
[  391.118367][ T7561] Cpus_allowed:	2
[  391.175104][ T7298] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  391.353081][ T7298] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  391.382486][ T7298] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  391.577744][ T7128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.918160][ T5810] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  392.075949][ T7298] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.164491][ T7298] 8021q: adding VLAN 0 to HW filter on device team0
[  392.245581][  T787] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.273305][  T787] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.315163][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.346023][ T4218] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.505301][ T7592] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  392.797000][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  392.801764][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  392.802861][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  392.804940][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  392.806879][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  393.230285][ T5807] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  393.424115][ T5807] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  393.431561][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  393.434503][ T5807] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  393.450879][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  393.452451][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  393.526817][ T5810] ==================================================================
[  393.526835][ T5810] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x86a/0x1390
[  393.526878][ T5810] Read of size 8 at addr ffff888056ff0500 by task kworker/u9:5/5810
[  393.526894][ T5810] 
[  393.526920][ T5810] CPU: 1 UID: 0 PID: 5810 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  393.526943][ T5810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  393.526956][ T5810] Workqueue: hci4 hci_rx_work
[  393.526992][ T5810] Call Trace:
[  393.527003][ T5810]  <TASK>
[  393.527012][ T5810]  dump_stack_lvl+0xe8/0x150
[  393.527079][ T5810]  print_report+0xba/0x230
[  393.527108][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.527142][ T5810]  kasan_report+0x117/0x150
[  393.527177][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.527203][ T5810]  l2cap_connect_cfm+0x86a/0x1390
[  393.527229][ T5810]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  393.527250][ T5810]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  393.527281][ T5810]  ? lockdep_hardirqs_on+0x7a/0x110
[  393.527310][ T5810]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  393.527340][ T5810]  ? mutex_lock_nested+0x152/0x1d0
[  393.527361][ T5810]  ? hci_connect_cfm+0x2c/0x140
[  393.527391][ T5810]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  393.527413][ T5810]  hci_connect_cfm+0x95/0x140
[  393.527445][ T5810]  le_conn_complete_evt+0xf65/0x1430
[  393.527485][ T5810]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  393.527519][ T5810]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  393.527549][ T5810]  ? lockdep_hardirqs_on+0x7a/0x110
[  393.527578][ T5810]  ? skb_pull_data+0xfb/0x200
[  393.527601][ T5810]  hci_le_conn_complete_evt+0x187/0x470
[  393.527636][ T5810]  hci_event_packet+0x7af/0x12c0
[  393.527665][ T5810]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  393.527696][ T5810]  ? __pfx_hci_event_packet+0x10/0x10
[  393.527721][ T5810]  ? rt_spin_unlock+0x14f/0x200
[  393.527748][ T5810]  ? hci_send_to_monitor+0xe2/0x590
[  393.527770][ T5810]  hci_rx_work+0x3ee/0x1030
[  393.527798][ T5810]  ? process_scheduled_works+0xa25/0x1830
[  393.527826][ T5810]  process_scheduled_works+0xb02/0x1830
[  393.527887][ T5810]  ? __pfx_process_scheduled_works+0x10/0x10
[  393.527917][ T5810]  ? assign_work+0x3d5/0x5e0
[  393.527948][ T5810]  worker_thread+0xa50/0xfc0
[  393.527992][ T5810]  kthread+0x388/0x470
[  393.528013][ T5810]  ? __pfx_worker_thread+0x10/0x10
[  393.528044][ T5810]  ? __pfx_kthread+0x10/0x10
[  393.528066][ T5810]  ret_from_fork+0x51e/0xb90
[  393.528098][ T5810]  ? __pfx_ret_from_fork+0x10/0x10
[  393.528127][ T5810]  ? __switch_to+0xc7d/0x1450
[  393.528164][ T5810]  ? __pfx_kthread+0x10/0x10
[  393.528186][ T5810]  ret_from_fork_asm+0x1a/0x30
[  393.528212][ T5810]  </TASK>
[  393.528220][ T5810] 
[  393.528225][ T5810] Allocated by task 5810:
[  393.528241][ T5810]  kasan_save_track+0x3e/0x80
[  393.528268][ T5810]  __kasan_kmalloc+0x93/0xb0
[  393.528313][ T5810]  __kmalloc_cache_noprof+0x3a6/0x690
[  393.528339][ T5810]  l2cap_chan_create+0x51/0x7a0
[  393.528359][ T5810]  l2cap_sock_new_connection_cb+0x182/0x2e0
[  393.528379][ T5810]  l2cap_connect_cfm+0x368/0x1390
[  393.528395][ T5810]  hci_connect_cfm+0x95/0x140
[  393.528420][ T5810]  le_conn_complete_evt+0xf65/0x1430
[  393.528445][ T5810]  hci_le_conn_complete_evt+0x187/0x470
[  393.528471][ T5810]  hci_event_packet+0x7af/0x12c0
[  393.528491][ T5810]  hci_rx_work+0x3ee/0x1030
[  393.528510][ T5810]  process_scheduled_works+0xb02/0x1830
[  393.528533][ T5810]  worker_thread+0xa50/0xfc0
[  393.528574][ T5810]  kthread+0x388/0x470
[  393.528590][ T5810]  ret_from_fork+0x51e/0xb90
[  393.528613][ T5810]  ret_from_fork_asm+0x1a/0x30
[  393.528629][ T5810] 
[  393.528634][ T5810] Freed by task 7601:
[  393.528643][ T5810]  kasan_save_track+0x3e/0x80
[  393.528672][ T5810]  kasan_save_free_info+0x46/0x50
[  393.528709][ T5810]  __kasan_slab_free+0x5c/0x80
[  393.528739][ T5810]  kfree+0x1c1/0x6c0
[  393.528764][ T5810]  l2cap_sock_cleanup_listen+0xf0/0x440
[  393.528787][ T5810]  l2cap_sock_release+0x6e/0x270
[  393.528807][ T5810]  sock_close+0xc3/0x240
[  393.528826][ T5810]  __fput+0x461/0xa90
[  393.528863][ T5810]  task_work_run+0x1d9/0x270
[  393.528885][ T5810]  exit_to_user_mode_loop+0xed/0x480
[  393.528917][ T5810]  do_syscall_64+0x32d/0xf80
[  393.528944][ T5810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.528966][ T5810] 
[  393.528972][ T5810] The buggy address belongs to the object at ffff888056ff0000
[  393.528972][ T5810]  which belongs to the cache kmalloc-2k of size 2048
[  393.528992][ T5810] The buggy address is located 1280 bytes inside of
[  393.528992][ T5810]  freed 2048-byte region [ffff888056ff0000, ffff888056ff0800)
[  393.529014][ T5810] 
[  393.529020][ T5810] The buggy address belongs to the physical page:
[  393.529040][ T5810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56ff0
[  393.529061][ T5810] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  393.529081][ T5810] flags: 0x80000000000040(head|node=0|zone=1)
[  393.529109][ T5810] page_type: f5(slab)
[  393.529136][ T5810] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  393.529155][ T5810] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  393.529176][ T5810] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  393.529196][ T5810] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  393.529217][ T5810] head: 0080000000000003 ffffea00015bfc01 00000000ffffffff 00000000ffffffff
[  393.529236][ T5810] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  393.529249][ T5810] page dumped because: kasan: bad access detected
[  393.529266][ T5810] page_owner tracks the page as allocated
[  393.529274][ T5810] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6393, tgid 6393 (syz-executor), ts 261355446535, free_ts 156358476369
[  393.529314][ T5810]  post_alloc_hook+0x231/0x280
[  393.529345][ T5810]  get_page_from_freelist+0x28bb/0x2950
[  393.529366][ T5810]  __alloc_frozen_pages_noprof+0x18d/0x380
[  393.529389][ T5810]  allocate_slab+0x77/0x660
[  393.529414][ T5810]  refill_objects+0x334/0x3c0
[  393.529435][ T5810]  __pcs_replace_empty_main+0x371/0x5c0
[  393.529461][ T5810]  __kvmalloc_node_noprof+0x6f4/0x8e0
[  393.529481][ T5810]  page_pool_create_percpu+0x2ea/0xba0
[  393.529512][ T5810]  nsim_open+0x3c4/0xa20
[  393.529547][ T5810]  __dev_open+0x44d/0x830
[  393.529569][ T5810]  __dev_change_flags+0x1f7/0x690
[  393.529596][ T5810]  netif_change_flags+0x88/0x1a0
[  393.529625][ T5810]  do_setlink+0xf82/0x4590
[  393.529650][ T5810]  rtnl_newlink+0x15a9/0x1be0
[  393.529673][ T5810]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  393.529696][ T5810]  netlink_rcv_skb+0x232/0x4b0
[  393.529718][ T5810] page last free pid 31 tgid 31 stack trace:
[  393.529731][ T5810]  __free_frozen_pages+0xfe3/0x1170
[  393.529762][ T5810]  kasan_depopulate_vmalloc_pte+0x6d/0x90
[  393.529790][ T5810]  __apply_to_page_range+0xbdc/0x1420
[  393.529818][ T5810]  __kasan_release_vmalloc+0xa2/0xd0
[  393.529852][ T5810]  purge_vmap_node+0x220/0x960
[  393.529872][ T5810]  __purge_vmap_area_lazy+0x779/0xb70
[  393.529892][ T5810]  drain_vmap_area_work+0x27/0x40
[  393.529912][ T5810]  process_scheduled_works+0xb02/0x1830
[  393.529940][ T5810]  worker_thread+0xa50/0xfc0
[  393.529966][ T5810]  kthread+0x388/0x470
[  393.529985][ T5810]  ret_from_fork+0x51e/0xb90
[  393.530012][ T5810]  ret_from_fork_asm+0x1a/0x30
[  393.530043][ T5810] 
[  393.530048][ T5810] Memory state around the buggy address:
[  393.530059][ T5810]  ffff888056ff0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  393.530073][ T5810]  ffff888056ff0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  393.530087][ T5810] >ffff888056ff0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  393.530097][ T5810]                    ^
[  393.530108][ T5810]  ffff888056ff0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  393.530122][ T5810]  ffff888056ff0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  393.530133][ T5810] ==================================================================
[  393.530157][ T5810] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  393.530173][ T5810] CPU: 1 UID: 0 PID: 5810 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  393.530197][ T5810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  393.530211][ T5810] Workqueue: hci4 hci_rx_work
[  393.530236][ T5810] Call Trace:
[  393.530243][ T5810]  <TASK>
[  393.530253][ T5810]  vpanic+0x56c/0xa60
[  393.530285][ T5810]  ? __pfx_vpanic+0x10/0x10
[  393.530321][ T5810]  panic+0xc5/0xd0
[  393.530350][ T5810]  ? __pfx_panic+0x10/0x10
[  393.530382][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.530407][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.530426][ T5810]  check_panic_on_warn+0x89/0xb0
[  393.530448][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.530468][ T5810]  end_report+0x73/0x180
[  393.530498][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.530517][ T5810]  kasan_report+0x128/0x150
[  393.530549][ T5810]  ? l2cap_connect_cfm+0x86a/0x1390
[  393.530573][ T5810]  l2cap_connect_cfm+0x86a/0x1390
[  393.530597][ T5810]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  393.530616][ T5810]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  393.530645][ T5810]  ? lockdep_hardirqs_on+0x7a/0x110
[  393.530672][ T5810]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  393.530699][ T5810]  ? mutex_lock_nested+0x152/0x1d0
[  393.530718][ T5810]  ? hci_connect_cfm+0x2c/0x140
[  393.530747][ T5810]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  393.530767][ T5810]  hci_connect_cfm+0x95/0x140
[  393.530797][ T5810]  le_conn_complete_evt+0xf65/0x1430
[  393.530833][ T5810]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  393.530874][ T5810]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  393.530902][ T5810]  ? lockdep_hardirqs_on+0x7a/0x110
[  393.530929][ T5810]  ? skb_pull_data+0xfb/0x200
[  393.530961][ T5810]  hci_le_conn_complete_evt+0x187/0x470
[  393.530991][ T5810]  hci_event_packet+0x7af/0x12c0
[  393.531016][ T5810]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  393.531042][ T5810]  ? __pfx_hci_event_packet+0x10/0x10
[  393.531064][ T5810]  ? rt_spin_unlock+0x14f/0x200
[  393.531088][ T5810]  ? hci_send_to_monitor+0xe2/0x590
[  393.531108][ T5810]  hci_rx_work+0x3ee/0x1030
[  393.531134][ T5810]  ? process_scheduled_works+0xa25/0x1830
[  393.531160][ T5810]  process_scheduled_works+0xb02/0x1830
[  393.531200][ T5810]  ? __pfx_process_scheduled_works+0x10/0x10
[  393.531230][ T5810]  ? assign_work+0x3d5/0x5e0
[  393.531258][ T5810]  worker_thread+0xa50/0xfc0
[  393.531297][ T5810]  kthread+0x388/0x470
[  393.531316][ T5810]  ? __pfx_worker_thread+0x10/0x10
[  393.531341][ T5810]  ? __pfx_kthread+0x10/0x10
[  393.531362][ T5810]  ret_from_fork+0x51e/0xb90
[  393.531389][ T5810]  ? __pfx_ret_from_fork+0x10/0x10
[  393.531416][ T5810]  ? __switch_to+0xc7d/0x1450
[  393.531439][ T5810]  ? __pfx_kthread+0x10/0x10
[  393.531459][ T5810]  ret_from_fork_asm+0x1a/0x30
[  393.531485][ T5810]  </TASK>
[  393.532081][ T5810] Kernel Offset: disabled