last executing test programs:

8m41.160737662s ago: executing program 1 (id=73):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000400)={0x13, 0x10, 0x8, {0x0, r1, 0x1}}, 0x18)

8m32.029828924s ago: executing program 1 (id=75):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)

8m21.513243589s ago: executing program 1 (id=77):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)

8m8.711187918s ago: executing program 1 (id=79):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x577d30dd1469476d)

7m57.667302303s ago: executing program 1 (id=81):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde908990817b364e51afe9c81a97f0570759f1cae63487ff68fffffffffffe8e3932e2b7185a25a4cf8a9456aa8a701c318c67edb6e9330b53c0eeba8644311ba75411892f5466eb01820a43d8e5b1dc91c5499bea0977"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xd00, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28)

7m48.730517549s ago: executing program 1 (id=83):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x76, &(0x7f0000001c40)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8635", 0x40, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0xe, 0xf989, "4b6612ea097b3682d83a"}, @md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}, @mptcp=@remove_addr={0x1e, 0x3}]}}}}}}}}, 0x0)

38.36937231s ago: executing program 0 (id=134):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x14b}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4096, 0x564}, {&(0x7f0000000400)=""/106, 0x14}, {&(0x7f0000000740)=""/73, 0x60}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x2, &(0x7f0000003700)={0x77359400})

29.004021723s ago: executing program 0 (id=135):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='hugetlbfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, &(0x7f0000000040)={[{@mode}]})

19.199640947s ago: executing program 0 (id=136):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010103}, 0x10, 0x0, 0x0, &(0x7f0000000a80)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000000140)=""/161, 0xa1}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0)

12.992252879s ago: executing program 0 (id=137):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001a00050a000000000000000002000000fc"], 0x1c}}, 0x0)

4.8872523s ago: executing program 0 (id=138):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000040)=0x1c, 0x4)
sendmsg$netlink(r0, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)={0x24, 0x1e, 0x723, 0x0, 0x0, "", [@nested={0x14, 0xa9, 0x0, 0x1, [@typed={0x8, 0x126, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @typed={0x8, 0xf, 0x0, 0x0, @ipv4=@private=0xa010100}]}]}, 0x24}], 0x1, 0x0, 0x0, 0x24008011}, 0x0)

0s ago: executing program 0 (id=139):
r0 = socket(0x2c, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'tunl0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f2, &(0x7f0000000500)={'syztnl1\x00', &(0x7f0000000400)={'sit0\x00', 0x0, 0x0, 0x8, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x0, 0x0, 0x50, 0x0, 0x0, @multicast1, @broadcast}}}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:11029' (ED25519) to the list of known hosts.
syzkaller login: [  401.677426][ T3199] cgroup: Unknown subsys name 'net'
[  402.267047][ T3199] cgroup: Unknown subsys name 'cpuset'
[  402.367962][ T3199] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  459.922129][ T3199] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  531.419525][ T3211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  531.486044][ T3211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  534.504265][ T3213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  534.617666][ T3213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  545.074462][ T3211] hsr_slave_0: entered promiscuous mode
[  545.106493][ T3211] hsr_slave_1: entered promiscuous mode
[  546.957525][ T3213] hsr_slave_0: entered promiscuous mode
[  546.977348][ T3213] hsr_slave_1: entered promiscuous mode
[  547.003472][ T3213] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  547.006270][ T3213] Cannot create hsr debugfs directory
[  554.115871][ T3211] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  554.265530][ T3211] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  554.418757][ T3211] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  554.745296][ T3211] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  555.714851][ T3213] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  555.888802][ T3213] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  556.436673][ T3213] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  556.556269][ T3213] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  568.768223][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.486799][ T3213] 8021q: adding VLAN 0 to HW filter on device bond0
[  611.893900][ T3211] veth0_vlan: entered promiscuous mode
[  612.281265][ T3211] veth1_vlan: entered promiscuous mode
[  613.350070][ T3211] veth0_macvtap: entered promiscuous mode
[  613.501301][ T3211] veth1_macvtap: entered promiscuous mode
[  615.257945][ T3211] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.262814][ T3211] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.265018][ T3211] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.267054][ T3211] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  617.329247][ T3213] veth0_vlan: entered promiscuous mode
[  617.638237][ T3213] veth1_vlan: entered promiscuous mode
[  617.802742][ T3211] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  619.524682][ T3213] veth0_macvtap: entered promiscuous mode
[  619.872983][ T3213] veth1_macvtap: entered promiscuous mode
[  621.523921][ T3213] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  621.526415][ T3213] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  621.528579][ T3213] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  621.532109][ T3213] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  704.985846][ T3942] [U] 
[  707.970017][ T3945] netlink: 'syz.0.22': attribute type 3 has an invalid length.
[  715.954925][    T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  716.757478][    T8] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  716.806544][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.709000][    T8] usb 2-1: config 0 descriptor??
[  718.257858][    T8] cp210x 2-1:0.0: cp210x converter detected
[  721.123744][    T8] usb 2-1: cp210x converter now attached to ttyUSB0
[  721.509070][    T8] usb 2-1: USB disconnect, device number 2
[  722.178360][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  724.309335][    T8] cp210x 2-1:0.0: device disconnected
[  738.593554][  T930] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  740.454894][  T930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  740.457851][  T930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  740.528190][  T930] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  740.552959][  T930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.864161][  T930] usb 1-1: config 0 descriptor??
[  744.924295][  T930] hid-steam 0003:28DE:1102.0001: : USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[  745.073938][  T930] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' connected
[  745.318644][  T930] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0001/input/input0
[  746.409157][  T930] hid-steam 0003:28DE:1102.0002: hidraw0: USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[  747.428193][  T930] usb 1-1: USB disconnect, device number 2
[  749.607155][  T930] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' disconnected
[  829.516410][ T4047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.44'.
[  833.239577][ T4049] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  883.065380][  T930] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  883.333291][  T930] usb 2-1: Using ep0 maxpacket: 32
[  883.967705][  T930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  884.000112][  T930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  884.007180][  T930] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  884.009286][  T930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.159782][  T930] usb 2-1: config 0 descriptor??
[  886.997205][  T930] uclogic 0003:28BD:0094.0003: interface is invalid, ignoring
[  887.354730][  T930] usb 2-1: USB disconnect, device number 3
[  904.903268][ T4100] netlink: 'syz.0.59': attribute type 2 has an invalid length.
[  904.904804][ T4100] netlink: 132 bytes leftover after parsing attributes in process `syz.0.59'.
[  904.995531][ T3207] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  905.313678][ T3207] usb 2-1: Using ep0 maxpacket: 8
[  905.494367][ T3207] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[  905.510128][ T3207] usb 2-1: config 0 has too many interfaces: 241, using maximum allowed: 32
[  905.535861][ T3207] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 241
[  905.538144][ T3207] usb 2-1: config 0 has no interface number 0
[  905.540311][ T3207] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  905.595092][ T3207] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  905.598556][ T3207] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  905.808056][ T3207] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  905.836415][ T3207] usb 2-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0
[  905.838792][ T3207] usb 2-1: Product: syz
[  905.870102][ T3207] usb 2-1: Manufacturer: syz
[  906.266196][ T3207] usb 2-1: config 0 descriptor??
[  906.378945][ T4095] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  910.729790][ T3207] usb 2-1: USB disconnect, device number 4
[  943.629949][ T4126] Illegal XDP return value 4294967274 on prog  (id 4) dev N/A, expect packet loss!
[  972.899151][ T4135] netlink: 24 bytes leftover after parsing attributes in process `syz.1.69'.
[  973.005267][ T4135] netlink: 56 bytes leftover after parsing attributes in process `syz.1.69'.
[  973.009307][ T4135] netlink: 'syz.1.69': attribute type 10 has an invalid length.
[ 1020.696311][ T4156] mmap: syz.0.78 (4156): VmData 29011968 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[ 1050.345906][ T4167] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1136.489236][ T4230] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1159.185426][ T4290] capability: warning: `syz.0.96' uses deprecated v2 capabilities in a way that may be insecure
[ 1186.872652][ T4183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1187.112746][ T4183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1235.372473][ T4183] hsr_slave_0: entered promiscuous mode
[ 1235.570125][ T4183] hsr_slave_1: entered promiscuous mode
[ 1235.972349][ T4183] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1235.974173][ T4183] Cannot create hsr debugfs directory
[ 1317.524523][ T4183] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1366.915669][ T4556] [U] #! ./file0	�xar�3��*�"�v�
[ 1390.925979][   T36] audit: type=1400 audit(1389.980:2): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=4565 comm="syz.0.124"
[ 1414.914328][ T3207] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1416.066587][ T3207] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1416.069268][ T3207] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1416.115391][ T3207] usb 1-1: Product: syz
[ 1416.117545][ T3207] usb 1-1: Manufacturer: syz
[ 1416.119403][ T3207] usb 1-1: SerialNumber: syz
[ 1416.422211][ T3207] usb 1-1: config 0 descriptor??
[ 1416.985660][ T3207] usb 1-1: interface 1 not found
[ 1422.188777][ T3840] usb 1-1: USB disconnect, device number 3
[ 1547.663518][   T38] INFO: task syz-executor:3211 blocked for more than 430 seconds.
[ 1547.743966][   T38]       Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0
[ 1547.746692][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1547.748897][   T38] task:syz-executor    state:D stack:0     pid:3211  tgid:3211  ppid:1      flags:0x00000006
[ 1547.816251][   T38] Call Trace:
[ 1547.818173][   T38] [<ffffffff85fe3a64>] __schedule+0xd5a/0x3886
[ 1547.875381][   T38] [<ffffffff85fe6654>] schedule+0xc4/0x324
[ 1547.877684][   T38] [<ffffffff85ff9402>] schedule_timeout+0x1e2/0x296
[ 1547.935781][   T38] [<ffffffff85fe8032>] __wait_for_common+0x1ca/0x4b6
[ 1547.938121][   T38] [<ffffffff85fe8338>] wait_for_completion+0x1a/0x22
SYZFAIL: failed to recv rpc
[ 1547.939884][   T38] [<ffffffff802d83a6>] rcu_barrier+0x2dc/0x6cc
[ 1548.023505][   T38] [<ffffffff84d323e6>] netdev_run_todo+0x294/0x105e
[ 1548.025444][   T38] [<ffffffff84d5e84e>] rtnl_unlock+0x14/0x1c
[ 1548.027266][   T38] [<ffffffff82f49524>] tun_chr_close+0xde/0x230
[ 1548.029177][   T38] [<ffffffff80a2c748>] __fput+0x378/0x9e6
[ 1548.083095][   T38] [<ffffffff80a2ce5c>] ____fput+0x1c/0x26
[ 1548.085494][   T38] [<ffffffff8014fb6c>] task_work_run+0x16a/0x25e
[ 1548.087341][   T38] [<ffffffff800d8f3c>] do_exit+0xa4c/0x2986
[ 1548.089244][   T38] [<ffffffff800db3d6>] do_group_exit+0xd4/0x26c
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1548.156767][   T38] [<ffffffff8010db26>] get_signal+0x1e98/0x23b0
[ 1548.159243][   T38] [<ffffffff8000bb06>] arch_do_signal_or_restart+0x8d6/0x1190
[ 1548.203829][   T38] [<ffffffff85fdabf4>] syscall_exit_to_user_mode+0x2a6/0x31e
[ 1548.206327][   T38] [<ffffffff85fd9b16>] do_trap_ecall_u+0x86/0x216
[ 1548.208253][   T38] [<ffffffff85ffcab6>] _new_vmalloc_restore_context_a0+0xc2/0xce
[ 1548.239036][   T38] 
[ 1548.239036][   T38] Showing all locks held in the system:
[ 1548.274872][   T38] 4 locks held by kworker/1:1/33:
[ 1548.277185][   T38] 1 lock held by khungtaskd/38:
[ 1548.278703][   T38]  #0: ffffffff87fcc100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x68/0x2d6
[ 1548.336811][   T38] 3 locks held by kworker/0:2/930:
[ 1548.338121][   T38] 1 lock held by syslogd/2995:
[ 1548.339677][   T38] 2 locks held by kworker/1:2/3021:
[ 1548.373278][   T38] 2 locks held by getty/3160:
[ 1548.374502][   T38]  #0: ff6000001c8560a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46
[ 1548.378170][   T38]  #1: ff2000000008b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd7c/0x129a
[ 1548.421238][   T38] 2 locks held by syz-executor/3199:
[ 1548.422562][   T38] 1 lock held by syz-executor/3211:
[ 1548.423648][   T38]  #0: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc
[ 1548.426846][   T38] 2 locks held by kworker/1:5/3920:
[ 1548.427968][   T38] 2 locks held by kworker/1:7/4154:
[ 1548.429014][   T38] 7 locks held by syz-executor/4183:
[ 1548.430104][   T38]  #0: ff6000001d48a420 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x728/0x9b4
[ 1548.498317][   T38]  #1: ff60000031272088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x23a/0x460
[ 1548.565629][   T38]  #2: ff6000001b2351e8 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x258/0x460
[ 1548.622084][   T38]  #3: ffffffff88c129e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf0/0x48c
[ 1548.627276][   T38]  #4: ff60000018cc50e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x9c/0x572
[ 1548.679130][   T38]  #5: ff60000018cc4250 (&devlink->lock_key){+.+.}-{3:3}, at: devl_lock+0x22/0x2c
[ 1548.744422][   T38]  #6: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc
[ 1548.749705][   T38] 2 locks held by kworker/1:8/4203:
[ 1548.792980][   T38] 1 lock held by syz.0.139/4613:
[ 1548.795100][   T38]  #0: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc
[ 1548.800050][   T38] 
[ 1548.852955][   T38] =============================================
[ 1548.852955][   T38] 
[ 1548.855841][   T38] NMI backtrace for cpu 0
[ 1548.857366][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0
[ 1548.859216][   T38] Hardware name: riscv-virtio,qemu (DT)
[ 1548.860515][   T38] Call Trace:
[ 1548.861616][   T38] [<ffffffff80010a14>] dump_backtrace+0x2e/0x3c
[ 1548.863292][   T38] [<ffffffff85f7c3bc>] show_stack+0x34/0x40
[ 1548.864732][   T38] [<ffffffff85fd796a>] dump_stack_lvl+0x122/0x196
[ 1548.866430][   T38] [<ffffffff85fd79fa>] dump_stack+0x1c/0x24
[ 1548.867974][   T38] [<ffffffff85f3fa9e>] nmi_cpu_backtrace+0x39c/0x39e
[ 1548.869722][   T38] [<ffffffff85f3fd56>] nmi_trigger_cpumask_backtrace+0x2b6/0x456
[ 1548.871573][   T38] [<ffffffff80019964>] arch_trigger_cpumask_backtrace+0x2c/0x3c
[ 1548.873385][   T38] [<ffffffff80432c2c>] watchdog+0xcfa/0x1178
[ 1548.874803][   T38] [<ffffffff80154e04>] kthread+0x28c/0x3a6
[ 1548.876322][   T38] [<ffffffff85ffcbce>] ret_from_fork+0xe/0x18
[ 1548.881137][   T38] Sending NMI from CPU 0 to CPUs 1:
[ 1548.883719][    C1] NMI backtrace for cpu 1
[ 1548.885017][    C1] CPU: 1 UID: 0 PID: 4053 Comm: kworker/1:6 Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0
[ 1548.886349][    C1] Hardware name: riscv-virtio,qemu (DT)
[ 1548.887578][    C1] Workqueue: events_power_efficient neigh_managed_work
[ 1548.889053][    C1] epc : __kernel_text_address+0x0/0x40
[ 1548.890079][    C1]  ra : walk_stackframe+0xc4/0x452
[ 1548.891371][    C1] epc : ffffffff8014fe9a ra : ffffffff80010458 sp : ff20000000016540
[ 1548.892540][    C1]  gp : ffffffff897bea80 tp : ff6000001a653480 t0 : ff20000000016890
[ 1548.893672][    C1]  t1 : ffebffff0391ccbc t2 : 0000000000000006 s0 : ff200000000165c0
[ 1548.894786][    C1]  s1 : ff20000000017320 a0 : ffffffff852a715c a1 : ffffffff852a715c
[ 1548.895897][    C1]  a2 : 0000000000f00000 a3 : ffffffff8001044e a4 : 0000000000000000
[ 1548.897011][    C1]  a5 : ff6000001a653480 a6 : 0000000000f00000 a7 : ff6000001c8e65e3
[ 1548.898221][    C1]  s2 : ff200000000171b0 s3 : 0000000000000011 s4 : ffffffff852a715c
[ 1548.899424][    C1]  s5 : 0000000000000000 s6 : ffffffff852a715c s7 : dfffffff00000000
[ 1548.900888][    C1]  s8 : dfffffff00000000 s9 : ffffffff85ffc970 s10: 0000000000007fff
[ 1548.902215][    C1]  s11: ff20000000017320 t3 : 1fec0000034ca7f3 t4 : ffebffff0391ccbc
[ 1548.903353][    C1]  t5 : ffebffff0391ccbd t6 : 1fec0000034ca80c
[ 1548.904354][    C1] status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001
[ 1548.905630][    C1] [<ffffffff8014fe9a>] __kernel_text_address+0x0/0x40
[ 1548.906918][    C1] [<ffffffff85fd9d60>] arch_stack_walk+0x1c/0x24
[ 1548.908115][    C1] [<ffffffff80329c04>] stack_trace_save+0xa0/0xd2
[ 1548.909297][    C1] [<ffffffff8096f35a>] kasan_save_stack+0x3e/0x6a
[ 1548.910704][    C1] [<ffffffff8096f3b0>] kasan_save_track+0x16/0x28
[ 1548.912606][    C1] [<ffffffff809720c4>] kasan_save_alloc_info+0x30/0x3e
[ 1548.914361][    C1] [<ffffffff8096ee46>] __kasan_kmalloc+0xa0/0xa6
[ 1548.916137][    C1] [<ffffffff808d6c52>] __kmalloc_cache_noprof+0x1f4/0x318
[ 1548.917822][    C1] [<ffffffff8171b438>] ref_tracker_alloc+0x18e/0x542
[ 1548.919499][    C1] [<ffffffff84d3c128>] dst_init+0xca/0x506
[ 1548.921568][    C1] [<ffffffff84d3c612>] dst_alloc+0xae/0x174
[ 1548.923137][    C1] [<ffffffff85308ac2>] rt_dst_alloc+0x3a/0x340
[ 1548.924768][    C1] [<ffffffff85320e32>] ip_route_output_key_hash_rcu+0x822/0x2748
[ 1548.926641][    C1] [<ffffffff85322eb0>] ip_route_output_key_hash+0x158/0x31c
[ 1548.928406][    C1] [<ffffffff85323a5e>] ip_route_output_flow+0x2a/0x142
[ 1548.930342][    C1] [<ffffffff855bcefe>] ip_route_me_harder+0x4e4/0x1158
[ 1548.932323][    C1] [<ffffffff851cf000>] synproxy_send_tcp.isra.0+0x2be/0x5d2
[ 1548.934180][    C1] [<ffffffff851d10a0>] synproxy_send_client_synack+0x940/0xc9a
[ 1548.935956][    C1] [<ffffffff852a715c>] nft_synproxy_do_eval+0x8ac/0xa52
[ 1548.937645][    C1] [<ffffffff852a7360>] nft_synproxy_eval+0x28/0x36
[ 1548.939286][    C1] [<ffffffff851dd7b2>] nft_do_chain+0x328/0x1598
[ 1548.941738][    C1] [<ffffffff8523728c>] nft_do_chain_inet+0x180/0x316
[ 1548.943605][    C1] [<ffffffff85112720>] nf_hook_slow+0xb8/0x1ec
[ 1548.945447][    C1] [<ffffffff8533037a>] ip_local_deliver+0x2ea/0x568
[ 1548.947194][    C1] [<ffffffff8532ee22>] ip_rcv_finish+0x1b0/0x2d2
[ 1548.948910][    C1] [<ffffffff853306ce>] ip_rcv+0xd6/0x44e
[ 1548.950572][    C1] [<ffffffff84d21a44>] __netif_receive_skb_one_core+0x106/0x16e
[ 1548.952509][    C1] [<ffffffff84d21cc4>] __netif_receive_skb+0x2c/0x144
[ 1548.954330][    C1] [<ffffffff84d22d48>] process_backlog+0x4fc/0x1cbc
[ 1548.956037][    C1] [<ffffffff84d275fa>] __napi_poll.constprop.0+0xaa/0x4b8
[ 1548.957755][    C1] [<ffffffff84d2841a>] net_rx_action+0xa12/0xf10
[ 1548.959436][    C1] [<ffffffff800e0faa>] handle_softirqs+0x4a6/0x10de
[ 1548.961579][    C1] [<ffffffff85ffcca8>] __do_softirq+0x12/0x1a
[ 1548.963367][    C1] [<ffffffff80006f74>] ___do_softirq+0x18/0x20
[ 1548.964846][    C1] [<ffffffff85ffcc0a>] call_on_irq_stack+0x32/0x40
[ 1549.545979][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[ 1549.548638][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0
[ 1549.550565][   T38] Hardware name: riscv-virtio,qemu (DT)
[ 1549.552024][   T38] Call Trace:
[ 1549.553162][   T38] [<ffffffff80010a14>] dump_backtrace+0x2e/0x3c
[ 1549.554916][   T38] [<ffffffff85f7c3bc>] show_stack+0x34/0x40
[ 1549.556424][   T38] [<ffffffff85fd7950>] dump_stack_lvl+0x108/0x196
[ 1549.558151][   T38] [<ffffffff85fd79fa>] dump_stack+0x1c/0x24
[ 1549.559890][   T38] [<ffffffff85f7cfd4>] panic+0x388/0x86c
[ 1549.561570][   T38] [<ffffffff804326bc>] watchdog+0x78a/0x1178
[ 1549.563121][   T38] [<ffffffff80154e04>] kthread+0x28c/0x3a6
[ 1549.564752][   T38] [<ffffffff85ffcbce>] ret_from_fork+0xe/0x18
[ 1549.566900][   T38] SMP: stopping secondary CPUs
[ 1549.571017][   T38] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:05:13  Registers:
info registers vcpu 0

CPU#0
 V      =   0
 pc       ffffffff853a25ee
 mhartid  0000000000000000
 mstatus  0000000a000001a2
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000000
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000444
 medeleg  0000000000f0b509
 hedeleg  000000000000b109
 mtvec    0000000080000428
 stvec    ffffffff85ffc970
 vstvec   0000000000000000
 mepc     ffffffff8001fb06
 sepc     ffffffff80430ad2
 vsepc    0000000000000000
 mcause   0000000000000009
 scause   8000000000000009
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 0000000080029000
 sscratch 0000000000000000
 satp     a02850000009874a
 x0/zero  0000000000000000 x1/ra    ffffffff8024031c x2/sp    ff20000000006a30 x3/gp    ffffffff897bea80
 x4/tp    ff600000136dcec0 x5/t0    ff600000136dd9e0 x6/t1    ff600000136ddaa8 x7/t2    0000000000000006
 x8/s0    ff20000000006d20 x9/s1    ff60000028ef5dc0 x10/a0   0000000000000005 x11/a1   0000000000000000
 x12/a2   0000000000f00000 x13/a3   ffffffff84dd6840 x14/a4   1ffffffff0ffb81e x15/a5   0000000000000000
 x16/a6   0000000000f00000 x17/a7   0000000056e543b7 x18/s2   ff600000136dd9e0 x19/s3   0000000000000001
 x20/s4   ff600000136ddec0 x21/s5   1fe4000000000d84 x22/s6   ff6000001e27bfc0 x23/s7   0000000000000001
 x24/s8   0000000000000000 x25/s9   ff60000028ef5dc0 x26/s10  dfffffff00000000 x27/s11  ff6000001ab44464
 x28/t3   1fec0000026dbb3b x29/t4   000000000000000f x30/t5   8374b928a67c3bc0 x31/t6   1fec0000026dbb59
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1

CPU#1
 V      =   0
 pc       ffffffff80010468
 mhartid  0000000000000001
 mstatus  0000000a000000a0
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000000
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000444
 medeleg  0000000000f0b509
 hedeleg  000000000000b109
 mtvec    0000000080000428
 stvec    ffffffff85ffc970
 vstvec   0000000000000000
 mepc     ffffffff80430ad2
 sepc     ffffffff80010474
 vsepc    0000000000000000
 mcause   8000000000000003
 scause   8000000000000005
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 0000000080027000
 sscratch 0000000000000000
 satp     a01410000009bc08
 x0/zero  0000000000000000 x1/ra    ffffffff85154200 x2/sp    ff20000000016db0 x3/gp    ffffffff897bea80
 x4/tp    ff6000001add4ec0 x5/t0    ff6000001add59e0 x6/t1    0000000000000098 x7/t2    0000000000000006
 x8/s0    ff20000000016ba0 x9/s1    0000000000000000 x10/a0   0000000000000005 x11/a1   0000000000000013
 x12/a2   0000000000000028 x13/a3   ffffffff8513aa80 x14/a4   0000000000000000 x15/a5   ff6000001add4ec0
 x16/a6   0000000000f00000 x17/a7   1fec0000035bab45 x18/s2   ff60000034b2b280 x19/s3   0000000000000006
 x20/s4   ff20000000016eb0 x21/s5   1fe4000000002dda x22/s6   0000000000000014 x23/s7   0000000000000000
 x24/s8   ffe3ffff00002d9c x25/s9   1fe4000000002d50 x26/s10  0000000000000008 x27/s11  ff6000003a2d5900
 x28/t3   1fec000005e16f03 x29/t4   ff6000001c8e6138 x30/t5   ffffffff87217028 x31/t6   1fec0000035bab54
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000