last executing test programs:

5.719641489s ago: executing program 2 (id=2133):
r0 = syz_io_uring_setup(0x239, &(0x7f0000000080), &(0x7f0000000000), &(0x7f00000001c0)) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f00000014c0)="de", 0x1)
syz_usb_connect(0x2, 0x3f, &(0x7f0000000b00)=ANY=[], 0x0)

5.381633065s ago: executing program 4 (id=2138):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r1, @ANYBLOB], 0x1c}}, 0x0)
r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
mknodat$loop(r5, &(0x7f0000000080)='./file0\x00', 0x2000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="2c0000000c2b52ecfb3f8c5ab2ebcaa4f7e1770ec561280833bdfb41ec9271f8158fdd23ba0389743060f21acf44647d2b325198644406c8ef09ce95697015a51524daf6ad2c05ddca05c1db1218275e5b06ad1cc097cc739f7277be9b1da0d6e08841aa66e6a5b258e586d17f2cfd72cb002b5d880f9d58f84051148523a13c439445490087044e6204119255c40c23cd5c356e1c94bc90c69315fd6a07a89e2baa94e6e2eaec9d72eda0b374340ab70c1e908890a42570fc416ab9", @ANYRES16=r7, @ANYBLOB="010000000000000000001900000018000180140002007465616d5f736c6176655f3000000000"], 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000840)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000008000a0006ab7a00080006001300000008001100ff03000000000000060bccb9b1f564bf43741e29201c605f134a1ca571360a0ec947b334db2f4c5c1b90a48a1192f1619eabce451a093fb3d66efeed766d7a9dbca0877b6a8729658fab090d8afcf79fe1a1d6733df2841900"/120], 0x34}, 0x1, 0x0, 0x0, 0x4881}, 0x1)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f00000002c0)={'gretap0\x00', &(0x7f0000000540)={'ip_vti0\x00', 0x0, 0x1, 0x80ce, 0xfffe, 0xfff, {{0x23, 0x4, 0x3, 0x15, 0x8c, 0x66, 0x0, 0x5, 0x2f, 0x0, @multicast2, @multicast1, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0x5, [@empty, @multicast1]}, @timestamp_prespec={0x44, 0x2c, 0x36, 0x3, 0x4, [{@local, 0x1}, {@remote, 0x8001}, {@empty, 0x7f}, {@local, 0x4}, {@loopback}]}, @end, @rr={0x7, 0x27, 0xb4, [@dev={0xac, 0x14, 0x14, 0x31}, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x8}, @private=0xa010101, @local, @broadcast, @loopback, @multicast1, @private=0xa010101]}, @generic={0x86, 0x12, "50e05afec07b746e478b37360700f248"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x4, 0xef, 0x9, 0x184d, 0x4, @dev={0xfe, 0x80, '\x00', 0x26}, @mcast1, 0x40, 0x10, 0x1, 0x2}})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000680))
getsockopt$inet_mreqn(r5, 0x0, 0x0, &(0x7f00000003c0)={@empty, @broadcast}, &(0x7f0000000400)=0xc)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000001300290afcffffff0000000007000000", @ANYRES32, @ANYBLOB="00d13f08000005004945418a665a18211a523dbbfa7e232e45649f69706f5d647bcfb6a19da37f26f265d782c00cc37426cd9db5db6cdc017284178edd8a26c26123d7fa15cff0f808"], 0x2c}}, 0x0)
getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000440)={0x0, @local}, &(0x7f0000000480)=0xc)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r8, 0x89f0, &(0x7f0000000200)={'tunl0\x00', 0x0})
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000001e00)={'bond0\x00', <r11=>0x0})
setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000001e40)={r11, 0x3, 0x6}, 0x10)

5.129639097s ago: executing program 2 (id=2139):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000130000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050009"], 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @empty}, @rand_addr=' \x01\x00', @dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a20021})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x38, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "4ff5677c1a"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}]}, 0x38}}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', 0x0, 0x0, 0x0)

4.269326811s ago: executing program 2 (id=2142):
socket$inet6(0xa, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0081"], 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000280)=ANY=[], 0x18c)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x1546, 0x0, &(0x7f0000000240), 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r2}, './bus\x00'})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000400)={'erspan0\x00', <r4=>0x0, 0x8000, 0x4822094a8f87297b, 0x1, 0x1, {{0x30, 0x4, 0x2, 0x4, 0xc0, 0x66, 0x0, 0x7e, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x32}, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp={0x44, 0xc, 0xcd, 0x0, 0x3, [0x1, 0x8]}, @timestamp_prespec={0x44, 0x2c, 0x12, 0x3, 0x2, [{@rand_addr=0x64010101, 0x2}, {@private=0xa010101, 0x2}, {@local, 0x7fff}, {@private=0xa010101, 0x132}, {@multicast1, 0x73}]}, @end, @noop, @ra={0x94, 0x4}, @end, @cipso={0x86, 0x55, 0x0, [{0x6, 0xf, "6f38893ef28aa89a605aa79ed1"}, {0x1, 0x4, '5E'}, {0x0, 0x7, "cb348f9dee"}, {0x0, 0x11, "9baa08b1d99559a0691600e27894f6"}, {0x7, 0x2}, {0x2, 0x3, 'x'}, {0x5, 0xf, "94c458ac7a8a773e7131e8e250"}, {0x7, 0x10, "2dc13b12cc195ad2b6f4805421e2"}]}, @timestamp_prespec={0x44, 0x14, 0xdb, 0x3, 0x4, [{@broadcast, 0x3340}, {@multicast1}]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000500)={'syztnl1\x00', r4, 0x2f, 0x6, 0x4, 0xff0b, 0x48, @remote, @private0, 0x7f80, 0x7, 0x2, 0x7f}})
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000080)=0x2e9aa845)
writev(r5, &(0x7f0000000140)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, &(0x7f0000002d40)=ANY=[@ANYBLOB="181000000400000001000000000000800700000000000000520807ac56726e57614dcf11ad57f63380b10b16eec7e739535305049330137e757c9304bd2d7ac0ad8b735fb82eb2e5499ab67dec76b51a2d13ab8501ff61b3a24b98b1f3b7247c3fb7bc429bb243bb135fc50bb2c5ed0b99fe60e190826a672c18520f0e7499b13db97690ed46d8b72feb50a831f7df123ea983c3f3fdd37538d9b2e2f397128b900890d6859769ee67908bf997de95521a7ec56f067358c36c693b78e1bebb1643f6fae9462c8c6df3bfce9df8ff65b8bb44870c7284b9f08b196393530fdd609a25cdc422ce15c98c71e40a39ba6f7e0875475b81b35c29d5842dd170d0dcde7bae62d9c1d75bbf6fe35cbd5d353ae8db97aca841aee7862069c53d7a46c97ae068cca57cf7365fa0dcf353ac35326b036a2c8f24a72b04cbb49c933b0b1ccb60d66445faae1fa2ea13cb5960265594ac3ce41de6c9cce2dc6bd109ea4d7ce2abb041467397fc047dbdd60f3c6bef1583ebefb5db70255368771ac5d56b3e28bf55c2e9f7b1f379f07a65ef35f32975fd4d693e3ef2ea7aaf66dce899b028ee4be05a51534133673583bee2ac25744fbb3979bc0197c18db88508aaebbb414878cbf6fd085c26dac4e46d25d641b1f205760df47d0ec34346da6cdce7cde2b7615c29049380504e577146653368d809810aa256d60b403c71f0ce3b0227c499abd6cee278fefd959b6408818c9873649c2988c7483ec08e269f2bbaddf8c01248af682a24f8a77bd699c915e338c286bcbbd229940713293461861ac12bc0cffe564743cb53aa2148fa1d2397f1d52e64f760dcb0539b94de30b42769c484d9c5da884a79860497909f4ca2177c62e591e8e66b5bc0274f0d846a2c82aac2516252fc9c0cd2a4a504748e088dbca5917bc45a56190a3068f6847f231cb0b4d60171ad216cf0d7341565e4c85e4ecb550172307461b5f4d6b3cd34b199d0a1b407787b146f4553d5ed7e91ba6fd8c7da47d8ad868073c352f317f47b9a70f3efab7c07fb3a55c5f22e96839ed3c6e02060e41f1c0267f689270a533afc45f3691212e128ee3ff9a7ccfdea6519987adf177045d556d1c26affd6dcea3f47aeb75a9612cef3d5acb44df53c23b942b07b57cfbcdaaedee83394392d1c25c0985dab8a7ff5f8aad1a09a186cc0d430aac84446b1c8f7287d7fa675cb8ef373d051dcc6d022b30b120a773bee125da3ac60717283c9f9610c240056dcc6e8e0f6424e5d8e62629220c72b00d81662b416c6bb8fe1214338d66f5aa108c913aa870568df0a550439ac1b7cc1dddf4972446012e58f93eb39d2b49fe66fcf15db317606433dd9f34db972938adc711d89e6249ff62d57859498bb4c07446626ae00863009c2a43874edb4cd59062a6fc3e5f03d15ba46ee25cf74590a7e1c4ffcb52c01bb36735e36cf2b0ce6edffcdb22dd4a7d6215ae0f2aa0d6e4e317cac864e6dfcb22bf139b42d688b8fdcb718f28ebad124f19bf912d881d4505bff2d40a4db9f6085feca1a684ee1560138e6439168536fe898ca559f13282ac7f4be18e4aef6572767d86d7a648e1960749939a9a3f5cb0b1eb6f510d99ca7c1a1dce3beca6bc0ffab67b3fe2187226976bc5429b21a99422284141d02d2ad74ed5a1e6978c49fbbe9d8ecfdc8bcbba8a0cd8b4c31e946a4ce4c0a3b9b30091aefd06353eb89864b78c1c35eecae99991b9cc7f7fdb65e1ce0da49779c933a29293a9d2fda10d223cb407c4b8a5fdbae69dde3384c7c23da249ae762ea372736c659e5da3ed3dd6b1a52b62367178728530c83f8419886d001269c271e9f3e281285ba31be8f17aee93528cb5794efc1f5cf9f9d43e896221ee1e5303563c5e4a1aa46881259a5ebd2bc5af6f79ed6b85189544bf7159ca67967dd2c4977d096fbe0b2417cce6d076278e1c6e4e87efb895ebeefc099369ed51e33048c3382ee0c28e72ee6c7af0ebc9a0dc4cdb34b86aad4711cece790819709133d7d1780cc3b16576c9573efcaecebc85acfcbc9d6f16d00943506b7138b3bb4b3ceea70c6bbaa45c63a4347ea502fbd7dbe65296a2614d1b930b2716642bb0f20ec4e112cb9e3c8c7cf14191332a696d859bed6730099943e38a4247cabd1a85c55e064155b8459a5162cc6951f85adccf17e2260097af9cc490de8b89d9058fa60400bd4e2c59f0dd5b2b50fb626c693557525d2c1ced2c27524b5c6af7066318dfbcc64afa99cf9a46d585a080f1efbeb7b52eab4160451062ea8a1a0febe152c6bfc0c877c953b38f7750e3b280968fb2c368063ad0d87e952efc8e75522ee34321afba710ad2bec73c428d8894b9b8f1c103907feb7a2000bb84b07ce728e981d0e4bb3eb784dbc4d6c8e4cb271611fd418b9b37fa8bfc0045b8894418adc83f992be940a51af8a8d2d1eecf8b51841e84be460f454e8bb054e65a0463f96196627cb4709d39b25f1b21dcef5b930a80fb887e80e0c7be269563c9747c499aa0733c4cd1e020c03d85f0d5497cf7118118804e3e6d18a8e5dd095e129c048fcfa9812316dcee555cf58617960ef45a9fada2671a9bd9dc434cf96eaff9d6226909f4e0c5ffeacd3484781062bbcf19169aa354192e2e975c7477df4f071093212b2184499f04224e39ac3f35721262db4934f190a74d7d3bec77634d85028083a5449051edfcc170000d9fd10217a8224f40fca47aef0148396e309beba81ff5401b2e44e87c9fca5f68b0862c56a2c6fd560d40836706358f3e5f629debad8ef6a139966c0248e2e0bbe0075076fc501f51c1c53fa1248c12c033c1ffc424bc3d7570d48223aaf6b140a00ae0a0c4a65edd19fb926bf82b6734926e133364728dcf49e3f7ba2eed233422760a1936474dd2531ceb33813bbebeb48094a9d5b88d744af28ad0bced54721c49ea67fad2664bf260326ff98c6369b1c8881dc94ba2694093a718db1dd47013c80d8f721fd039fe8a19d3651f7c4f252af8712d1f67f05ba9b38f8153b5c6602a2bc62875473bc923d65394f0d9c37544c52826738897615b8174a8a89ce7e9cfa6ba59e2d0c1618d7e155f0ccc7af496442af764f88a3b96740525e6cdd9ff328b9a5fd513fb5c8e89f8ef8a4479789c678f2d6297c5cdc6a446e68d8672f0e0091dae60f6fcec1a7eda9777ef6f31423643ca2dffd9c2cca7ee7860de9048d88ba8c5f5cfdde56c5eb224568b61bd8723da32a59b0a1bc1806e20def45bffc9743520b60e18f7346ff3ba64a5ac884b23d248cf632722f837e3ec541dad8e4fe218b86a66d3838031168111d3be8670435c0e5d4f1acc9fa9f4bf14ae30490d5b929eb4c420fa315b554f60719df48011983fe54c2d1beeaada10eb104188a2120a0235afb62ec8b26c655e5d13e90c3eab95c2066a4296122ba08a86f15984491fb7d425efa1fd255db7e591fb97e3a5d92363d7c19751684b49d384ecddb0555d3192084ca369b50b51aa5e9d28f6432ebb7b069834fb82ac47193683aefabeda5a6697895675141182d304e9b075e289a143b5975eda07304aa7757f403359de76096efc7e3dbbb926a1cf0f3c3470ab9e0600ee12cde8fe7c83cf3be7e9edd6a1200b984aaf3896a3b01d53be9da521b4275737af5336a8d69b2095a3e8c21022682134fc52a96c6fff14417f7e1416d4f5dfe7b815b3ec1d425273b9771117f25d3a69066efb9220164940ae5c40c0151c741e04e1eb8a4262a4a4140ea947df7dc79f4a07122c05cfa9c4d21d4bf7b29fb9eaa8b9997f49c9c0795dd364298dfc1df8da85061bb813e438b9e192025b6a3d76735915f07b9c65b5c3956317e9039dc64ba134dd5ab612ba07c631727ca98263f656e9366f1770cec744bc7ba402b6cfcc0b4f17ad10ecbbd87412e54dd2fe08d4d7f9bcca1fcaeeb957304c6c72151714ccef564d17127a05846e51347003aa82f242e19ff48bbe31c7cec070b1f15d6cacc6c878c0fd37d85f690b3938e5d96efee62f142a230e33b7bb5392bb2433522e3dde20b60a61d7da2c8c3e2231e3f1944111cd4e9f6d1a0b16da0c94d3c55406d7e84298a4100aed4143bd9d67463a96dd2c711462390a2281717613256b4264e5a5eee80f2cff37d0f2174294ea9771eafe80236d2814c436056229734d6ae9c02a811d7856e9912f7286dd06ea887479b52056543d46158420b72f8b37a7deae6560ed3a5a35d53d92fd2520a9a4f68b45b87b07ab5c29c033a81c6fb12cb8b35e94cc2b59caf5f0424daa6d0965ee36ffa2240236301183dab973b2a0060a35a1a25c1b52c25f2063a03443ac787d182929c1f3e03a6ae19fe34bbb371447fda48bee91b4b484e68a4b774a3658ef490de1bf54ac228739b361d0c23c4e730069021913e37426315c974842730d595e887596254aa531b8a295ad1eb021bd4d67c38c4dcb919aa6b4e00d72e6833cf5546c01d49bf9e8b3e273b925a1e5632d70ec8e7820d6bf444598dd5ad4be891dcc411f7db305b158036a3877914d30de4aed9464ec9628eb1b0a42112b532ec5dd6ce39121ce0aa921cfb1361d49741699db6996f28986e5994d2b3d80298358e0c805914e68ef2d1d00b4c46aa0b7229115624fe9c8a82182c351f7086ab6280d186535892d3f2f7e3e6b93378e6bf9ef03866ccc27d213ef44f6ea35f91c0aa14e0801def8256719674dfa8f5dad4a72ef4c8c0bb66bdd5e4975afb19e0d8e5ccbfcbd58f960f08a8d024716319806f61ece6b2d10456c87965fd9a714383fca88cd07cd3ab472adceac6f574ffcbf9b9f88103acf0382ec013957a1a2649edd6c4f4a8f83606b2766e16aef8359f57e156949acfb62f3ed2b699284a0cb92419b0f8cbbd88202d6f0bd10ad02fc573e724b71558d224d96259c2c79258e52ab897d018ee7bd02e7bfde0765323b07187600f3ac0f0f5e66bf270760a416a087ae4da291151af85bac72968ff50f2947d8d722808649d1445fa5af5bec9ba5a2b4728a54be0ebc93bc369f61f22ad0a92a90bc1f2a5ca1b65b45461bbbf8211a3567b3a2d1abf2cb0ec02e8214a7716b9e786247b425c8644e97e7af75d8f302ede6e7e835869f857aa926dc6a515c1318f746785ef9b33e24fa0bacf47897a92a2104ab3ea41015fb58ffdfa159e9d226942fda1c6b1812d21258d7c45815e96d93784a95a0a36637cc706bf9a0191acbfe03ff1469eab69eb117b3cedc57d72d6a057c24252655cdeda5d107a134945abef300d219deaa2f43301df65174ccd4a786268735c4e343445c5e2672f62627d74893298e71f2f532b49aa2378f631a4aacfd94c2f1c22fe4d8fcd3d1878d06266e794069608138f757550902cb6a67568a2841ee4d4b7cd736ec9ccae69337295f208d9919b6d5cd61f280c8084d9ccbc27a19c38e717781529f9fc2820c83dc5a4d29b7354ff63c5048057d9849713fc6cb36e132d92903029866987a08652dd0a090671962e771b18192825e74785e7073a77e77f1a9b8318a18ee57ab3f86fd2c7d4283550cd59ee8fbbc0b27da3873180f83847f50dc91b6851edb0525f9af2eb6730eecdbe77e0e79780cd5078946fd6004f477b8e5c7595bd5d276a5989725b190acbca5a784ca19377bbd51627c2db554b7ad568e9a701ab5fd1454f4e2552a0a21d61c9ae5fec2b54052757266dc0384a5e8d4601247e497a594cc63e7986088b02d2bb26979b86613229c92d2470b5330614e49945a4150414db5d8ac175a8f7462d7a9506c7aef66601048a846ed9070d984dd32942d97d077488c179f7821b8ec1dd1e4a546087995f2b3e86fd58b25cc5df195f723431961b482cbc1f37efc97aa33c5c9d1b6a815a5873613f3199241713c9898dd7789bfaf666ed8209f6ab7cd3f8805cd7059a28d06efaedbc01c4079717b35ee4b44a9ec23e1243c7ed30ed1d01bcd86de7e0ad193712aed0a7dd18fa3a450e9fd5fa47e679abbb62d15f53bff334d2f62b7b733f776df61159e4758dbc1c55f83760c4977d4dbbd0aeab8fb8e0c948b3a6a22816bd5e84dcd5056b8bfbde8c8b34be909d1c55812a92cb79acc0230930b79647ba4b0c844d7ae876e5ecaac44a98f63a004369c696d3053961db003ce85736d2128c698d96707b718709120c619e0e2b0097096e6ccbe625bbeb8efeb5784466ace4a03743cc1a9146f24ecd1934eabba199eae7394c6b1184d36c37da49e72e21f2ae3dac4993c2c1d4cc8665165eb8da325b55466e"])
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x40102, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x200, 0x0, r6}, 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000000514010029bd7000fbdbdf250800010002000000080003fc01000000"], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x7, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f00000005c0)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x9, 0x1, 0x5}, 0x10, 0x1ffdf, r8, 0x6, &(0x7f0000000680)=[r7, r2, r7, r6, r3], &(0x7f00000006c0)=[{0x3, 0x4, 0xf, 0x6}, {0x0, 0x5, 0x10, 0x9}, {0x2, 0x4, 0xb, 0xc}, {0x3, 0x3, 0xb, 0x1}, {0x3, 0x2, 0xf, 0x3}, {0x3, 0x4, 0x0, 0x9}], 0x10, 0x7}, 0x90)
sendfile(r8, 0xffffffffffffffff, 0x0, 0x2)
syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), 0xffffffffffffffff)

4.268418747s ago: executing program 4 (id=2143):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005c40)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@deltclass={0x24}, 0x24}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan1\x00'})
ioctl$EVIOCGABS20(r1, 0x80184560, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x1c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)='\b\x00\x00\x00', 0x4}], 0x1)
setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

3.331166478s ago: executing program 4 (id=2148):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) (fail_nth: 1)

3.2378298s ago: executing program 2 (id=2150):
iopl(0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setreuid(0x0, r1)
getgroups(0x2, &(0x7f0000000240)=[0x0, <r2=>0x0])
setregid(r2, 0x0)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af25, &(0x7f0000000080)=0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="14070000", @ANYRES16=r5, @ANYBLOB="000826bd7000000000000a000000"], 0xffffffffffffff73}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0405fdffc80000"], 0x7)
syz_80211_inject_frame(0x0, 0x0, 0x60)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
listen(r6, 0xfffffffc)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000240)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000080)=0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140))
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x41)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0)
io_uring_setup(0x10002edd, &(0x7f00000002c0)={0x0, 0x0, 0x8})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

2.97195757s ago: executing program 1 (id=2152):
ioperm(0x0, 0xf4, 0x10000007f)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000100)={{0x77359400}}, 0xfffffffffffffffc)
r1 = timerfd_create(0x0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000140)={{0x0, 0x989680}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000840)={0x0, 0x43, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010700000000000000000500000008003e01"], 0x1c}}, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000040)={{}, {0x0, 0x1c9c380}}, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f00000020c0)=""/4106, 0x8}], 0x8)
fallocate(0xffffffffffffffff, 0x10, 0x0, 0x5)
fdatasync(r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
connect$netlink(0xffffffffffffffff, &(0x7f0000000180)=@proc={0x10, 0x0, 0x8}, 0xc)

2.853558041s ago: executing program 1 (id=2153):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000130000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050009"], 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @empty}, @rand_addr=' \x01\x00', @dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a20021})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x38, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "4ff5677c1a"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}]}, 0x38}}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', 0x0, 0x0, 0x0)

2.833899702s ago: executing program 1 (id=2154):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x2, 0x2, 0xab78, 0x11c, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x1, 0xc}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x101, 0x7, 0x401, 0x20, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(0xffffffffffffffff, 0xfffffffffffffffd, 0x58)
r2 = epoll_create1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)="3b46228d51c8419c5a5b0c52e3fde336534d3c9d307c4b1d46f054a006198cf61ac7e25255b074f3", 0x28}], 0x1, &(0x7f0000000b40)=[@cred={{0x1c, 0x1, 0x2, {r3, 0xee01}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r3, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r3, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @cred={{0xc, 0x1, 0x2, {r3, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r3}}}, @rights={{0x28, 0x1, 0x1, [r4, r2, r5, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x120, 0x4}}, {{&(0x7f0000000c80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000000d00)="3ebfe877c03856696528e8e7741d405fd5e757da6175d89a88c6a79c196560946f052b2f8611ca23ef3a0784de864010ff56c08344c94f1a589a7bfbe2ec5edd93a475f1f409c2e0f48b919553ea11cc47614461ad3578897ae67c69fbb9f54cd272f4ab0f858dcfbcf5aa5a830834338e35c7668c81f4a4b78ebcd76b0c798272108355ddb66e8a435bbc9d7f72f767cdd2590f47fab99f0a98617ae477f5b664af10683daccc49afa7587ed781cc83ecbf1b5a973f0b2adfed7fa7ea3372999c3e7b07ffd2b72520ae15257b5db00637ab2660c859331a7c80183e9c163339b04f2612563a15", 0xe7}, {&(0x7f0000000e00)="7fb76c1e5e2d9600a9ee92e5c84bef117b29a6b31f18d3e68f64f8fb848f056cee7ba725a98b952b6a59240db5188c76ca7ef1b23ad96964147f5c4d7956b87eabf6dc2f73471c1399896734b03351728803d66526d5f193b73d8cec56025025cd4dcb1b9587213969d1b04d12deb9b1a3c45e270afa00ea4215dc85bad0a4b642308ae376e075787fe34c383f6b0766c7acea57bef5b92c15c20cffd00f15ff25f1beeab5b0bba3fe8f3a90b18be9478bf0791296643cadb5d1ab54fa1075c798bebdbe532b7766d98788825877516789a95f648968d7f88625b8a60b9b6f", 0xdf}, {&(0x7f00000005c0)="2ea5805a52754e5fdcaf666c59457dde7dc69e5f586e0b07fb9a5884b9ebb6a2f34c8454a30476903573f1c2521fa13113882a685dd83a965a044beed98b223cd7e773df65e6e6bfdc330e7978090a47382f0348bc619c0448f9a787d534837c034ee2d93c0505be61ce88a382263a7b5cbf2487c0cd12200b9807a558382dd2d67e488a9659669b55e6516419084a778a8eba1d03ff2f5d12550d56491841eede681a4423909282107f8caafcae396d56dca43e70d052b4cf1e2fccb4362508ac5e3956fecf3a13b0b11f085027b1ebb801281d63c59de86a781cc4d39a4aab7f992aca82de70012af036bc245eefcb6c4a74ad5cc383d75156b875269efe7c6f85e2b725e92f577b276fb930ee73a1caaf6c38da05039d9e1cb44b91c352adcdd6be516cdbd1755d8c6cd3c9f38c223d41f26bb80354d6091b37e04ea5f7e152224e7424c606b3cbb25fb44a01e7e24874504ce100852db0dd2cb73154f8c6aba8f955ffffffffabaf33866370b4f7a5e1f27310772e8c6b7c1a9aa77dd5958808bbf073bc0c1b00"/403, 0x193}], 0x3, &(0x7f0000001000)=[@rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r5, r5, r1, r4, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r4, 0xffffffffffffffff, r2]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r5]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r4, r2, 0xffffffffffffffff]}}], 0xb8, 0x4}}], 0x2, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = memfd_secret(0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x21011, r7, 0x0)
ioctl$SG_GET_SG_TABLESIZE(r6, 0x40046f41, &(0x7f00000000c0))

2.465918445s ago: executing program 3 (id=2156):
socket$netlink(0x10, 0x3, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
ioctl$int_out(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000180)='enc=\xecd|\xb9\xb8\xc1N\x8f\xa6\x85JR\xccw\xe1\a5;g\x05\xd9\xc9F\x94\xa7\xdf=\x15\xa4\xe2\xea$\xd7\x1b\xf9\xcd\xc6.[\x9a\x15g\xd2\x91\xf5\x8bo>?\x1a\xed1\xf2\xdc\x1fTw\xe7\xd0I\xb1\x1c\ry\x90\x1eC\'\x05\x9e\x03d\xae\x94\xf6\xf04\xdd\r\x9183\xddD)\xe0-\xaa\x1c\xa7\x10\xc8\xdc\x9d\x1a\x8e\"\f\xa3\xcd\x8d\xe2\xaf.\n#\xcdn\xc1\xf1\xef\x92\xe0\xfc\x83\xabC', 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x101)
socket$inet_dccp(0x2, 0x6, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="500100001a00010000000000020000000200001f0000c808ffffffea080006000700000008000400", @ANYRES32=0x0, @ANYBLOB="06001c004e21000008000100ac1414"], 0x150}}, 0x0)

2.436111874s ago: executing program 4 (id=2157):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {0x0}}, 0x18)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$int_in(r2, 0x5452, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, 0x0, 0x0, @private1}, 0x1c)
sendto$inet6(r2, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004380)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x198780, 0x0)
ioctl$RNDZAPENTCNT(r4, 0x5204, 0x0)

2.435428489s ago: executing program 2 (id=2158):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000005800)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kfree\x00'}, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000040)=@random={'security.', '-\x00'}, &(0x7f0000000100)='\x00', 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000005840))
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xb1ff}, @TCA_CAKE_TARGET={0x8, 0x8, 0x6}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x4c}}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
recvfrom$inet_nvme(r0, &(0x7f0000000680)=""/235, 0xeb, 0x40000000, &(0x7f0000000280)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x1}, 0x80)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000140)=0x3, 0x4)
sendto$packet(r5, &(0x7f00000000c0)="3f05fe7f7028120006001e0089e9aaa921d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.258628842s ago: executing program 3 (id=2160):
nanosleep(0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000e5ff0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x0, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x2, 0xff5, &(0x7f0000014000)=""/4085, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'erspan0\x00', <r6=>0x0})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$can_raw(r7, &(0x7f0000000e00)={&(0x7f0000000400)={0x1d, r6}, 0x10, &(0x7f0000000dc0)={&(0x7f0000000d80)=@can={{}, 0x0, 0x0, 0x0, 0x0, "63d92f2adcc1a2d5"}, 0x10}}, 0x48080)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r9 = inotify_init1(0x0)
fcntl$setown(r9, 0x8, 0xffffffffffffffff)

1.763525696s ago: executing program 0 (id=2161):
socket$netlink(0x10, 0x3, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
ioctl$int_out(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000180)='enc=\xecd|\xb9\xb8\xc1N\x8f\xa6\x85JR\xccw\xe1\a5;g\x05\xd9\xc9F\x94\xa7\xdf=\x15\xa4\xe2\xea$\xd7\x1b\xf9\xcd\xc6.[\x9a\x15g\xd2\x91\xf5\x8bo>?\x1a\xed1\xf2\xdc\x1fTw\xe7\xd0I\xb1\x1c\ry\x90\x1eC\'\x05\x9e\x03d\xae\x94\xf6\xf04\xdd\r\x9183\xddD)\xe0-\xaa\x1c\xa7\x10\xc8\xdc\x9d\x1a\x8e\"\f\xa3\xcd\x8d\xe2\xaf.\n#\xcdn\xc1\xf1\xef\x92\xe0\xfc\x83\xabC', 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
listen(r0, 0x101)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10)

1.762497713s ago: executing program 2 (id=2162):
syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff080047000030000000000006907800000000000000008608ffffffff0102"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWRULE={0xa4, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}, {0x38, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0xab}, @NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_BYTEORDER_OP={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_BYTEORDER_DREG={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x494, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_EXPRESSIONS={0x450, 0x12, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x5}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_XFRM_DIR={0x5, 0x3, 0x3}]}}}, {0x34, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0xfffb}, @NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x1}, @NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0xc29}, @NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x10}]}}}, {0x2c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x5cc5462}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0xa000}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x7ff}]}}}, {0x10, 0x1, 0x0, 0x1, @queue={{0xa}, @void}}, {0x364, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x350, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x54, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x2c, 0x1, "65163d7c4633bbf4135d8ef3e84daf5679b48f06c27c1479d709625faca70a42b800244df5d170e2"}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_IMMEDIATE_DATA={0x1c4, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x84, 0x1, "ed897eab9dbacacb552b53c895fa93ba574c8ba964c039e9a768fac26c68c76978899b013dd9b2497c0af573bf37d16791c6eb61e74329dff04683bb121c47a7ee9cc2568fbaaaccd2ea50ef27693567c51bb515d6be593915abfd308f92afd1181b889856c23561daf87bad6d8adda2153ca929431f01aacddaaada51e54f45"}, @NFTA_DATA_VALUE={0xfb, 0x1, "70938884edc63b71962782ca94019ed15911fc728b58a8290fed872393e1210de2df6a224faba68a391883b59574aa4e61c3b2aafdf09430b0b098e2a59f03686be0f3e61f17275f82c319da2beab5cf0e61dd8f1101b2f1f3312adfffd84ae692282326b31f533d906b1ad070cfc0042a65262d20a9ff282d41312ba8a84cb6b847dec5daf3f450d7b39f5f6ee41fd987098ad5656876865875202ad788cfc1638161ca7afc21b416087d7747ac44650d69d7c1fb9279986f0f4bc98e903a8bb2ee1b446e4aa63db5e6374aafcb7bd24c78e24c5b80494316633e789cf20250935889964f5c15b99cbf0d4a6450ca9b310d4fb9d3c73a"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0xfffffff9}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0xf7}]}]}, @NFTA_IMMEDIATE_DATA={0x114, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1a, 0x1, "9185dfe1565f25bc6c0f05e1d1cac9dd5235388d61a5"}, @NFTA_DATA_VALUE={0xf4, 0x1, "ed73b2770aa27a47ceac2bad9308f10c9026cca6259d16dd599f3435a907cc22af1d020cc960beb71754490f1566aa8764e79dbbaa44ab2f2b74316da8e0dd761c73e7bc293be7b531dfa82076aaa66af29bb987c72c2bd1adf02609a7035c910257ce24b5b020cf78f0d8b17465b97e5374661cfa7f06ecdb41f1d186bda370b5f64d85459ea2a43514f07adcfe6db0c92100b23b393ac18359bbc5dd231548a84ba22a7de4ae18442c92ff0b28630b175f29b9b43999bc1f99e4fc114dcef101219943dc8970b95141f63c377c1bc3785094412cf3b720e9b7bb5ed409c3cf0e8a639587010a1de7c93a637aa4d6c0"}]}]}}}, {0x3c, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_MODE={0x8}, @NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_TUNNEL_MODE={0x8}, @NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}], {0x14, 0x10}}, 0x560}}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x6, 0x6, 0x0, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x801}, 0xc1)
sendmsg$NFNL_MSG_COMPAT_GET(r2, 0x0, 0x4000)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x400)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x10}, 0x18)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000340)=0x100, 0x4)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x60, 0x4, 0x8, 0x401, 0x0, 0x0, {0x3}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9000}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf6}, @CTA_TIMEOUT_L4PROTO={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
r6 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001540)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r2, 0x0, 0x800)
r7 = syz_open_dev$usbfs(&(0x7f0000001740), 0x1, 0x40240)
ioctl$USBDEVFS_REAPURBNDELAY(r7, 0x4008550d, &(0x7f0000001780))
r8 = socket$can_raw(0x1d, 0x3, 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f00000017c0)=0xf3, 0x4)
ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, &(0x7f0000001800)=""/14)
ioctl$BTRFS_IOC_TREE_SEARCH(r5, 0xd0009411, &(0x7f0000001880)={{<r9=>0x0, 0x0, 0x0, 0x3, 0x0, 0x73c4, 0x4, 0x9, 0x4, 0x7, 0x10001, 0x7, 0x6, 0x8e, 0xd49}})
ioctl$BTRFS_IOC_INO_LOOKUP(r8, 0xd0009412, &(0x7f0000002880)={r9})
msgget$private(0x0, 0x100)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0x6c, &(0x7f0000003880)={[{0x68, 0x4e00, "816410d844ec7016c3697d5151b668bf41b475bc0dd8ab27fbb2a79179bc02e1a06d956ff3b21c02ae453c46bb56b9757379f982a11627ef91d4b924d655ab6bf87b93e1318890b7050145ecfe2bbfe57f8e6b2ac4d6cec9641387fa992f88ea1228e5edd3f0365e"}]})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x3, 0x1, &(0x7f0000000100)=""/200, &(0x7f00000002c0)=""/81, &(0x7f0000000340)=""/43, 0x3000})
syz_usb_connect(0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000690109022f00010000000009040000000e010000152403"], 0x0)

1.633577727s ago: executing program 0 (id=2163):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
socket$inet6(0xa, 0x80001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000791048000000000079002800000008000000000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000}, 0x90)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
recvmsg(r0, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x101301)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
ioctl$USBDEVFS_BULK(r1, 0x80045515, &(0x7f0000000000)={{{0x1, 0x1}}, 0x0, 0x0, 0x0})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="8252", 0x2}], 0x1}}], 0x1, 0x4000c000)
sendto$inet6(r2, &(0x7f0000000300), 0x16, 0x0, 0x0, 0xfffffffffffffdfd)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r3)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r6, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
linkat(r6, &(0x7f0000001180)='./file1\x00', r6, &(0x7f00000002c0)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)

1.616163633s ago: executing program 1 (id=2164):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/protocols\x00')
lseek(r0, 0x8, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r1, 0x89f9, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000080)={@loopback, @rand_addr=0x64010100, 0x11, 0x5}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x2}]}], {0x14, 0x10}}, 0x90}}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000200)={0x0, 'xfrm0\x00', {}, 0x7fff})
r3 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, 0x0)
pread64(r3, &(0x7f0000000080)=""/180, 0xb4, 0x0)
r4 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000140)=0x1c)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCADDRT(r5, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty, 0x80000}, @nfc={0x27, 0x0, 0x1, 0x6}, @nl=@unspec, 0x1c9, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00'})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, <r6=>0x0})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000001840)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{r4}, r6, 0x33, @unused=[0x7, 0xb55e, 0x72, 0x5], @devid=r7})
ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f0000000700)={{}, r6, 0x8, @inherit={0x50, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000010000000000000002000000000000000000000000000000010000000000000004000000000000000100000000000000000000000000000001000000c6057bc7d772000000000000"]}, @name="1e169fba058102e2d57595d1463f4113da3b46a98497daa419eb83ef44d65270cee9a7cadcd6e373998dfe99675c831ee2d2dc347c6e2108af70562bae4ace5c257ace118abc24c72caa710adc9c7f73a4a88525a019528c22945763cc7d9af7f8f03e50db702aa113067747d4f7944d6e805dc1a00781b723ebda289cbe9b5ff4efd0296a3dc0114af13eddbd66bf39b72a80e65eb9721f1f677757c44ff5a840a1e20301c7df83b523b6989b3543347eb5379cf5d620b86e34eee760d1d610b56e4160594df377b635840dd5e7f848148382a35d5d4517abc77fa7656ac5f2d3e2ac8610bd389a4999579081f536605dd5bb39f84096ab23c393eb759fd52580413e283dbaec12cf01d8881d30a4d76e4b0871d4a198c5568532dd793fa2f6d567353c68f77b6ef849cfeca273e48fc34c1823ea034d4b68db48634b328a0bb5eb517ad7a061c91d0df6ebfd1a0d1f6089732edb4868e05450e653f2d7cd3047db3a0b2548b0c58f41da831c5d9523b5b167bcc77bc8961a469bb99bdeeac3e159f73b9ca9960d82ba4a4e3d039b1ae145d8cdaf5102387bdbb19bdd164d95fb404d0c53941d0cc275af023a5bba6d01f0572b7617a498f105a43e9a0d80f5b6e8b58aa9e7d514d4b5326e4e275873df4ba9460ff8a6fca3f4620826e58011a98d14b19aaf7c4793b01cac20a1c19e2e1bb903a49a845515fdccf0ab631cd979d79ded30e479faed46f08e3c68b93a45823bbb002f8eab4497fa2e191002a15806217f846cca4984c20d3e41d45d53b6f0a40955b57337d094d8e0662d9a8eda4e45a9433e0867627a2f76976b059839a38d2ac6847136e49416428e655a2c36ff4479afde2b3e55e9222c9334eaa86c8d84bea2ffedcab112311f5a6fce630c5d7c4493aaef622318df02161ffccc95bd8d73aabdb2457dd9e5f9980c5fc094b0566289d3192fe3ece58e385d8af23e8065ee25a52040a11ad97b7fd552b25e3f40329ca1b8b79f694c79362f5bef7514aa56912a9ef8ffafddce2ce9864c62b0751383cf0af0ede1d2206fe61e373b2a74736b0dce9caf0b07e1fb164a0140111fbaca841e3a79cc956825ef979a8eb17492c4519de82edb2e515f13786ea886e29409f3a745e1c8a5cf1512581725dba97fddca847611046972a907c630356276b4c68d50bdd027255ad59d8df76496873dead9e92b2af566a5156c9185da77cbcae5b3974138bc1c3473323dc8783f70181a48a381c388c79b6c362bc00fa1c9ecb61d6de51381fed4923fff91b025816747e0f6573e6b7c2b35a02ab2b8e63765130c87cf5374c5e314a62bbf4a08de32abf1b36d7fc940d865068dd1cd788b8a37d56bb0827b9df5d815f80864c6fc08ae6538d2fe3a23e85720f23c486c504700273720b24afd1bd1c70468913a7d2465860785cb9f7db036bc7b1a778936c707881a91125e0d423cb6834bf1973d95d16e1d103f1e0b3076a6e44e83443b1e7a9a65719d60497d78b78658b952ccf28dafef4a3a43d0cbb5952402a43a8d442f5a1218262eb08a146aa5f54cee651a4f4be366bb9d18d0bdf17607cf0284b82264d4d6721b84a20ecfa7d6081533ccf9735edcd932ea364475d495cf99bef485e4912843d1c6096fc989e1b0b4ab1ea22a553e7aec6165012ccdd9e0f6cfc5a54f4758d26de113973a3963564511feea85436c636ab653486ed262be8f818e10d7300957a1f5d30c4faef95e52372e89249f1cc3b39af765a7790566e00a8fb29dc75bebdd3d390754ec88fad6e0fa05b26db5f99844962731889818e89d06f77eb5ea71b02db60dc1aeb99bdd775b6d28c9bbabebd98d178f68e28b32cad9378a26bc798b974160d19559632d9bcc48189264217b2f7667fe03e9082f6650c1979fdd2c0d643fb1d4cd602c19adf852fef6c1232d0faca05e6ce6066ba92f9f6d855d3250063ebf558c05b844954909bf4c02b2a16ce3b6873e4f5deba93cbfa0b940a47e0200499d8df97179199cbe0a5aa32cad446f1036fabf43266871acf2e726659f4737028f2432706734b99f8e7b724e3813f78028c013db2210f7b181c77b29809e2a8686374aa12fa89bd6b359f3911e3d610a3710be9b273fee4bf709b39ec2872d366439292ae7475270a9f505c6670973da3106a56f313bf4068c82c029bf7b583c52f1d3a1f71a49f8abec35b4b18893bc9b927c322767af31d8d84b3649e1b2a21098cca8873a793e6f5c24f79d73ee61520ddec6b3749bf4803845af1f96013e6b6695248553cbd7c91c6a7caabd9bfc2dee45e963e1b5816c8f082031704c6224a95d7e43017a9ebc7ec57b3d817de4a3a40f4af3620fe36f31e963fc1ee49b3cdff7a22add36ecafebf384754ab8966e9f3133febe48f6d02381d1dd3758dab62b46ada941b7bd8f58a3c47e6f04297996f334f520561d7365ee8dd2da21c727ffc8290fee096b105da0ae13b7e3a05a1b07e460242d8068db9dc45827ad2b9418c0724646e118a03584a00027895a043e1920f9aceda2b702c773a87ba0ad13955ceb8030257a49f9e62be012c4c60fb5b06222852b2028b543d7a98595e36a94f1ce6a55f1d3d1f59bfed140465a1b16feadb217ed1706cb480234d67b424edb07b5a6ad794d613532ddf3b5bd32c6047f7ec18c4b4a8db38e1baa60ca5cabe78a2261bf4ede4a273bf4f9be87dccb063490481d3904c478f851127fe14e7afd073de5c0ab2775d45265927285e29f25e726087b9ece8b8c1700e8b5fc8c63cecc4ae1f71046ed9247aee189d8b6469c31b256d9e12543ec8bf3cabc2f5ab57e4e37ca3e29156975178ff9b690a805775db4d24cadaa2451021eb11301802d548d80fefce338db0b084a08c837e325535ce7dbb8f3d400c79b23e73729187e36af8154b34b7b1d2a50ff87a0fbc96e27717ffb78e2a741c52267c90a984afe5a56df0bbe5cde7a1c4761150b90cdf32930190d58a1e9dd84945e86ff77ab934540e6f50487960c0b92af0ba7b0ad49f44a39f19bb406d0225ef1594bf210239aa576990b85f636c3683fa43d1c65ef271ab18a10f027b6955e84d5ac61977497aebccbc25ba961e97095c501e0345c58c3bbb180b52b60bb8371fb94b0f14935496d7ad45367ebf608c2be83b12a7ba8b7302b97787dd6f5b2781e2eecfc5fa41a75b4d1789da30868c97547a0d3fec5c8429ad921994653d913adde51cd87fc19889109385c9518d5776969a96f205e888c3f46f3b45b5cdde58261a2ed0f6b0106299275832ca38b1993eb61a2af726ba4a1aad0bfe10bb722daa86722c93751806d04e3f205e173351eadaaf266053fb603383ec5ba17e19f88c33624e5b49c7660ef71421f6125948510597beaac663a93e2a63f98d47f3a2aac55c442a6dfcb6a1615feffb64d3e031e1202c5d3fdc7fcc42caeac799b11c53a2087fae0f584077be4c11d529430c51c067dad734561d4b8d96174a9eba56b40442f0f640e6a692bce176193997727b8c777f5c8b30bfac51ee01b7912b32288df5c1105cb19ef7a75c2a511e9ac37a60ab70394346392edd53d169c597b4856961bd00502ae034501976e99b86c8633c1f1f26f2322032fd8c3e9ad18be2d65f50d3deda96a83508de046a20bbe6f5a17e98a401e58df0ab7b870b89755d5c2451621feaa36e2cbc03a34f99bb1d86b516c9a27eb24cc1baf074307002449202ed747f4863db3e67119d1c361ea68bfa75b78429b772e53c37209ba840ccbaf28d7b2992dbaeedf5ec46ae9d407da2675c4ecb325da434cbe56c3221d17499c69105c1bb3088558a3a6cbf3dab11d550713b02af903dda865c146b1b01b2f3cc799c3ee593a665c4fe66d0659f64c1ced8e23599eff061d329e39c084f3c219c8eb119a3f4d1680bc55a483b9b6f03feecf842cb7552adfa22c580496bf58983e7e4fb251ff25ee97372686311e7c298af37494c1b42eb8716152f20bb40036240a263cdd9ef65697c3baf270d642df8f71b6f51dd501fccd63d6f81a2aec5c56778da5b6d22958a75bc0d8810d9d769644dbea40440f0364078e0e0d498f2a38d969b4af7d2d0478451f197f698df38f4e36cf80c584a69acc75aea9e34b0badb6c77a49c409a3d7f01694d418f82c52d74a1e3dce65be9e3fd0220baeb041493ffc3d3493df263fc33836573cc4f38ecf169cd2b741c41e5ebdac936274537aedc74da05af24eea84226b45362b89b8b1462929ed1c0d9ce8baed4184a2a2e02f34022408161b1b325587ff8811d41c8ebf0f623b11422e68ce3f957ff010c7e8af79b1bed10ea1bf7eed355cdb5e15ecf2941325b8ff4f0be0112b9d5ec1589a5882ff2adffdcfd3f5ec69326cc7ae1ad3da47d8641437b33ccca5935f213ba177810e0c5076bf7375c0a452d0f614590bc20848c0ff95bef81a53ca633491674ade98448a119ad2a1477a937d501b2b498dd6b3ac06c861f338d7adcf8301cd3ce03904151186e16e806c193d62f437f6e6d228cec15c47a8aeeaaadb3e4373d5f4541f9a26f9d3386bd4e41901aee366e76101ae8e2e82cb395ba15df2cbd6c39dd9859eb2ddef211f96fb221baff32f63c4ceadb5c1f33fa77811e554616b4b74e318cc7ad106d18ef41baa1867cce35add6755d472de54739f48257ae578aa7217e894b4e8fa5ca9f0b2d4f8247813a97d8e6736cfe8702f086499a3f8d9db4ccf7a8108e5bd12390778b94c4f7cf3f6810548129c099379df2b4c35b2bfb412275e582069db37f68395d24df1bfce2ed738ecf2a217780c7ffdea0e75630c5dc22e365736bb452938d0f3ee2705fc0b92c7fcfc73edc5acfb7acaa25b4267262bcc0a44c98353630f198c5ff5b7c259b63a00e3745cda89ab597594d981ddadb9fc80761d1c202abb872171821f5d16386422fe2e87e146b5630e52da179816648f0626d44d9c4ba3e995ed4102a544625d2c397e539dcb02e106d0d1776d7828cd7284a5d78813bf703d372bab8a884349d66abaa228dd3da45df357630918edbc8e9498ab15acb0633cb44afc157c2959acb213a6a6ef0b65064fe5ecc5b3036fdd51baf153b66634ee52553f020539eb871df09faa53bdaa1b997c837e18ff97216344f1919202f10068c471cf164e38a18789381bcc7574a69936a0397feda8478db12104ad685b5c00fb68f81f827a2d866317cc70c697914b897f88fb3572c4cccf68d92edf684178bc2f1cafff8fe142f8064ff9f66f3bc7016c39d16606b1bf57ea1c7fdb7b4f89eee544e5f579fc1535153774f41fbcb2d8ccfdf55ac375bdd1cfcf5bd932b42a7d24a46ec91195ce88c78674f8726c96ba7de2df49786fb21aedd40ae44043fa07c85d40a1f78fcecc4e8572be9aae81ab019fdfa7dd70d03df30dfcc157a60bd7be4b6b199b4bbc1763e4704d0d56078a0e99ef02c70b8aa134c53cea2e80b642154f8982b1259e45f999ccc74b884fbda0b3e61d05665824c22e9f6f68c282665fde5c80546b9342996530db286ce6e16ee3e6fee2ed8a81e6e10b7f4a6cca11494ab70e54df167522510d1201ff55d9d6b4c799048213437550d4e97fe3e0c87c7609017d8460d563e2b95a2c9ef4377042440e57b04b1d2ffcd38ec9bc2d87cf9b100a52f854d7cff69c7cc68ac5edfa4306142cd133d17a3f6f44e70ee4b8d4d78fbc57bfe8ab967bcad5"})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f00000000c0)={{}, r6, 0x10, @inherit={0x60, &(0x7f0000001fc0)=ANY=[@ANYBLOB="0100000000000000030000000000810000000000000004000000000000002e0000000000000002000000000000000600000000000000feffffffffffffff010001000000000039080000000000000800"/96]}, @name="e833627598dc322c846c0d8cfce8e99d053887e5f542d229cc2d17c31006d724f9605c4fa4dc7d6af23bc1f3cfc0135531245714342c58256eaff694b237d959f7d2a31b12240981ac835f5a4f90b5c4a53f6388557c87d425920a9d8ca9d5e46f141c8a2ff7cc86f15d4244da3cf90e4018bd683782bd00bf1a1a8f59b128fbf2c83827f847a1b333531f79fcfb0491b73821048fde80ab952134abf99a06cf8ed26178fd57558d96d95f981bbc92972900213d2635de3eb693feee908881959f3e2f6159c1edf99f18f33ec7eca7599d3c4bdccb499bffae40b1d6415f2cc0bd475ec47940e297d40de3c61c12bd97d63bb39a1757e28dc5aad7ce8f29063a7b176b92f169ed88c067e659d7583e3db5304efa5d38c3cc7bf2efcb07a4d7dc8eea031766ab56c66fb83b4d81b9ca1f1512c3419688d51683839157c6d70e4bb7b027fe25aea0b411dd330878e8d371d672140108826b8b07ca112f60cd5a0f1310fc8ce05c5135eae78890f014b0f167da6dc9e8273cfd4f47ec6a69fc83d51fea240f7e89c5ccfbfbdd9f8e637b1f1081bd3e64fb75af2eeda5adbf000be4fa63ded0cac47c3a0dc7ba7075a873634fb63fc53e87259994ce69ec70338d783c42e9b2cfb9b0e00370516f93527001e76fa535938e766163fa3cefb8310eb0674cc12152dbe225e6631dbb5c77058ee53791e835535de24e6de4aeea3b6f7a3864b9febbf03716a50aa4f302be07a0f004889f9e79c91bc44141c78ce23730939e4c4f2c1a3825733fed7f5cae0057a0e0606abeb89888f2f0de41c4923d96fdc977a40274c6f7ad3fa3e3220204daefa454290919086a5309922954e522bba538e7adde3aafeff714560d184a6a60489af6f2ceb2851e6301aa9897c738aa51c42911a566922e39113bbc2a7d51b4fa76fe593bd7ae347bf29090d767bd72f2b39cd0626d7d22338e48f53d75c4b0235dec344d5299a1cc176446194b8ce3776c416ebd0b0d17f7d71244286a41ce91f9ab21348db970fb1e00ab20bc4d62ca20969d7d3442a9b4837338eabcc3c6e989515000d28777471b0e17556346936047b08e408ae0f4bcad05ff6a7cd2997a59a2e034992eeeaaa3f8347b8454a6de2065e2608c736934b78009b3333cd56cde7a1798c819e76524162fdf886ebe9efea4d9aba0506c96d5b6fb54812a13d1b1648efce4018ca2840e320c293c7ff25a374692f7a1c8d23a6369819223d8ecf33245e5a2062ae1e6df5eb2ef26f84a4cb25d9d2578f4d69e4f2c5262e74ebc1405bf9a7b7c15b2ca68019438c8096421742308db8cc011affb0878abd994e406b5a452cdf884ec44bda8c29885d8c120eacc909e87838854a8555aca3cf4bde4352996f9085d5ee4417c40ab3f60b9b50929aaf959b56cd8bd8e0e9cdc5ee4875efb98f2e471975a303339f6a0bd2ac8591b157c0d943f018b84c0c9c69649a00def15652475c325997633f8f50edb640b7299e57a325ffc138c86ec853c168456f971d6edd76370a6383ac1e4a4222e00cdf27aeeff4a83df72a6e41753f62fe7d92c08839fd97b84a036c3fb62788bb01f7f33fba696467811f114c92c837afad6c05c13650a1301ef4cb9c3b67738425f5f1ec7796acf663c0cb246c6d9abb7701635ae6be5b5df13be90f8e51733b9083361722a5555ad8b049813b7adb94b7d3d1045e0caa4d850ee9b667ecdccb394de01bdf0984352d6f22df8ce72b812b97e16bcea8533ed401c93748db9e6f6db8f2828416e99a06bf9915f3ad6b80e4401592ed5a7fc6895f5cc0fce118058c168151517ffe04f6ea9fea7c41b16fca66daf1ddaaca348a5cf4dac3d028b0fcafa237c1b4cd669c2e074c78608868640ff525575505fa73448d44f4f5cad21d32eb480a25ad7a991f4fe88cd2d737f00a079f2361a599b35d6ed78789ba6be27640dfd3f4cdf7bee1d095d76bc1b6be4b9ad21a54a8f7bf39545baa84de95d5a6233c5471d8a1cb423888f3094f14fdb2778062c9d81ff45c47b71e5c57d84621167a244419bb13494e8a4ca967cc2b5ec35ed14ae6488bab440170512e5ffdd75dfd9181a2d0e5ae31173537100129936e52c9fd778a104c51925431a2415b0def70b9389d45f40a204e131a2bea691560c3dda0cd79b34a4c19ac45c4bdb16208d1a3f85a204e040cf60f3d4c725aa8f6199015cbd8812062ed668e406e38d45f533a62f55f8a36f0b416a2237b4a5c30280dbff8e52aa6e20d5803c11b030395907c14e0eedb6d0243233d7bba8b9c6122517fd8b0be38795bbb295878f947dad0e3137a6dd5bff9c84c218a895d48c8882c065e656aee7121838dbc88d04c933e080a25d1b01e01a81d12ca3e3ce31500b29b8c4c25776072cb15e95bf4156157850b07df4a62adccf6715ac57b16a94067cbfc53ce7f7904b1d55469b41e8e8db845a267579ce7d6d9b800cbbc03a8845e42b1c1c5a14a6c7ea8bb45f71b8fe5f966f3eb4aeb70cdffeeed2952ce68c63f04969e81ed09ae9f9645bc7d9f2c8369230b9629fccb878487da7c91927666ee4e45df2f37ba74d2dc0885c04ac4c523145ae937b3ffefc4821f7bf62a401dfb8da1c951537e499fa51191244cdec44ee749ffa4b3cce5aac384a56b189682fafbeb6a3e383dff244b42f7d11cfdb2925f74cf9b4e12e59d7c9922efd439a87bad5804baca8abd9864d28728ff709a3cf96cfa93722ae9920bf61088d571fa930df499263d62f6ade7f4d761183b2f365016156b755ffd55a25dd965fbb484b93a94bb3ca93a2546a0dd4d3bbbe68d4525b3ab45af054070738c02b55ef0a8e2613d51a0abe8926ba85dd671ef300cf636e48d13fe3a3d65cdcdb9087eabe2afd186e83792928f1a47c7234a79388d1a58cfa9d7d06756480762610b40ee0dde5f7b87417e0e4be8b2d7d853ef9007e8811f2b8d604effabf2dd22292ead8ec29aae7b259956541176d36a79e5ab094698d3a5d371a19153bb9f7aa69510bc750c610d49f0cd792b7f71461763fa3a8b452c297e4b2e3d3c60bdada0c7368dd86e2805f00e2b7973eddac2073f27741b60fcd24bbb7ea16fcbe02cd369278e4a35de8791757f82fd5326f9142e75fe1f73fcc0062870863429927073c23a9c9f0f10c45dd4d11b16be2b472130dc97a833987a6b26617656d12a3a8604441283939b2e89b6c088de2cfc6c5f588cf8a30842ed7fb25405a525e68ac996eff29872831a047470f5535f29b1ce69d620edb7a0c14ae55f8900751d4249e3c9905916ac9e1950d5192bac71167f99cea64380c6c3142944e7f3e97e83dbfc63ee5aaa42d4ccd7cccda85748d44da90496f5b675f95696574642fe903638e2bbda0ddd275582ed203137a9780d19d31889ef70a28afa057851f105ec02d88dcad888c1245b5138b0011934f68df8659c59a223476fc9efedf00b8359d0fc475d22f1bd3a4e35c9f51e46715d1479b22d76759435833b5e5b2a5672088211baa160e9faee2b08342794c17721639d6174dcec13deac0260ca6e87afe10b1b6ae95834f0484334f5e409eb2958432a069e810be08e2e90b4a06294c43d7531d14320069791691ae2b901ed9a0d4792f4b62652ae97ee9f5461c6a7a1388fbd82ee9f5b8262dd6a851aa639edb2590e20610ec60cb1f23d2ea1558ca7af36657032a11770d2777f0cbbb09051cff0731c096a154f3756d2f705328b66004152e98bb4687caebd8bf925719e1a21dabf616fc632dd870f25ea3368489a0a834e07d0e6d95af7f3f908415104d8de3ff26895b36997ecb1bba0285bf3f6571fbc95e45ef440ae7cf910340f76eefdd3b6975093bbc5631dcfd75b58d9e5fbf3a98a7e9282d6917f73f8c78699c7b81ff60bf52cb606245c76267154058f14c23ac3ff4d3b1429ceaa2dea4e5c6271e84a42df04c931d2940eb39743c5cb562bbc5184e8c6ea781fa410479db5cbbd5193a7cf62a3f367a7919b68ed2b801a8119dd8155256362e5c3606f8874c2f869c09a1a96d2f3fcde03dc0b61775418485d5242f492612b4bb90db77f7289140e8ef268e5a95a6e5229c30260d676dc8987530e91eca8693bdb43fc6881a527deab291a796c193de992eb8225f6bb5c6bce7901b8dcef7ba0500b035f04c9a08a1d0cbe1467a02e1c1d4de0453a836cba3c5656f05dbc6cb989786dd0b33cda94b8c13cea157a4a05035066770e172526b662716e70e32ae5fae01882f241e305c6c2145e1335519b84ec4ab88c85da90adc0e47dedda61859526279a990c0d1d37c71d91708273e3be982de5c1b6336e3f9765d0c20380085df3c1edc512efcfedd9c7fa7cfc6da37dff4a9e1fbe4ddf0c4518b96d822e6fdbb9302a544cf3b7f29eaa7d69041f75568ddef72855ce13c4b9e25f871b4731c3e7d5e68adfa7424efbd34ed5209fcc0059604c33a00e55dfd2226f7d4ac37934d2c4fffae3ce7f8e3d8951407486f8804d1a9409ba34d55199c875fbdef6a87ead81bc03a9046a9c3f77c7c59ed1a8cef1509006b3f015fa5fbdc5954a179d18c8fe70970a73dfc635c07c3f85034fb08eaaf936c38e2d8e44759556b427c5fe38d204812fe1d4982638a43c07e250d02e58611d0cc5311da7b8edb91b295a93c64d5f916ac5cd0943744e05da8c1d25cd822b80f01bb9a32c2601e21eff7d03e2a794d4cf89fa05803b21a625114fefa95c9bc3b116895a5c7c4ac11e6bd1ac3585e465d7de43db0161cecf91ee94964d1d35b9791f2e7be1ebd58192c2c99330dc3b59aa4e1856a3bebb8169bf45e56b2b9bb1e10b5393d3e49a394d3033dc57f72607f10191fdaf34c662e4e25504adbff0701564d84d1f82bec4b36a4a68ffd59f66f213f56f6c209b69f8acfa747a1f09002be161bcdf241a28f0da9ab67670c3191ac27f186335672ff3ac31602b29d4f773940b32d4d7ad1498c0ee83bce73cae5ea22956a8bde1be949dcab1705ec8bfed9bb04d99ef0583a7a8325bd38d5d2acd86e24dcbbc208de7273698841b87d2fe24f2236033c1fa72941595839e45686b94d48ad0063b7c2c23f2dd6a69a5abf9e6405c86eebc04c10b0c30082c4eedb6c6ed4b6eba9f8022a9e0cdf6fe026a30687c04bf8f5fa9211773cacde7b641c68646f589835c5805867151c1269de19d187dafcc8470bf01720d49b748f0bea1a0e93d6bde5196a6f0be3316e606d455c01de71658a2488154ce1e34d8144d73cd6776e79cfbb2d428b0d837f70df52515e8af51cbb7b6a13a70d25a60a9d8b76e305d802e093ac8bceaf426c2b4731770a2413ad2b2a1e37ce104252b24b8b5f31238bc3628219b81413bae50f0e6d333f3c31f1eb9c0a53d1c78432c6261b44837ffc561a49465506733ac6394112ad38141fb81517aa574400f9704b28246cdfb37e3dc63570dc254a4308cd508e6991318f0755cffa3f2122baf7efad59dce8e66853b2ab3e711db3a8869495bb2f7d485045c73aaa97d4db71b468f7d200d71bf790d853a353e4d314cf968a66d7039631b9b757b57728a63f955fb5d7b871e0ddaee2aa5c05151b696531ca1d52afb45b9b69f7002889ce3b8fb4bdeb299ab1f58e518342725fb1b2b7a819d5c92394952cd1e8e759dcbf1a46350a8334d6c9c6e0d4d1165e72fdc0df6128ad40b0204422a57567afc9932eb4ccaa584b96e41860135a79"})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000dc0)={{}, r6, 0x12, @inherit={0x78, &(0x7f00000000c0)={0x1, 0x6, 0x10001, 0x1, {0x0, 0x7fff, 0x0, 0x2, 0x1}, [0x15, 0x4, 0x66, 0x0, 0x80000000, 0x0]}}, @subvolid=0x401})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000040)={"a5ecc0cf380b21f63199eb0ce42a8cfe", 0x0, r6, {0x8a0, 0x5e48}, {0x7fffffff}, 0x4, [0x0, 0xffffffffffffffbd, 0xfffffffffffffd22, 0x4e, 0x3, 0x1ff, 0x7, 0x3, 0x20, 0x5, 0x0, 0x7fffffff, 0xf, 0x1, 0xffffffff, 0x1f]})
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000001e40)={{r2}, r6, 0x0, @inherit={0x60, &(0x7f00000002c0)={0x0, 0x3, 0xffff, 0x401, {0x4e, 0x80, 0x6, 0xc, 0x6}, [0x1, 0x100, 0x9]}}, @subvolid})
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f00000003c0)=r6)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
r10 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
r12 = dup2(r9, r8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r12, 0x84, 0x1, &(0x7f0000000280)={r11, 0x10e, 0x2, 0x5, 0x7fffffff, 0x2}, &(0x7f00000002c0)=0x14)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000001dc0)=@assoc_value={r11, 0x2}, 0x8)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000100)=r6)

1.523265692s ago: executing program 4 (id=2165):
socket$kcm(0xa, 0x5, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, <r0=>0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], 0x3, 0x0, 0xc0c0c0c0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, <r1=>0x0, 0x0], &(0x7f0000000200)=[0x0], 0x6, 0x7, 0x6, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000280)={0x8, r0, r1})
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x8200, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x1000}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x1]}, 0x8, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r2}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
signalfd4(r3, &(0x7f0000000180), 0x8, 0x0)

1.473755862s ago: executing program 1 (id=2166):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
linkat(r0, &(0x7f0000001180)='./file1\x00', r0, &(0x7f00000002c0)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
unlinkat(r0, &(0x7f0000000240)='./file1\x00', 0x0)
unlink(&(0x7f0000000180)='./file1\x00')

1.381926331s ago: executing program 0 (id=2167):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000005800)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kfree\x00'}, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000040)=@random={'security.', '-\x00'}, &(0x7f0000000100)='\x00', 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000005840))
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xb1ff}, @TCA_CAKE_TARGET={0x8, 0x8, 0x6}, @TCA_CAKE_FLOW_MODE={0x8}]}}]}, 0x4c}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'geneve0\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000140)=0x3, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f05fe7f7028120006001e0089e9aaa921d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.361670796s ago: executing program 1 (id=2168):
iopl(0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setreuid(0x0, r1)
getgroups(0x2, &(0x7f0000000240)=[0x0, <r2=>0x0])
setregid(r2, 0x0)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af25, &(0x7f0000000080)=0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="14070000", @ANYRES16=r5, @ANYBLOB="000826bd7000000000000a000000"], 0xffffffffffffff73}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0405fdffc80000"], 0x7)
syz_80211_inject_frame(0x0, 0x0, 0x60)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
listen(r6, 0xfffffffc)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000240)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000080)=0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140))
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f00000000c0)=0x41)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0)
io_uring_setup(0x10002edd, &(0x7f00000002c0)={0x0, 0x0, 0x8})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

1.290299872s ago: executing program 0 (id=2169):
add_key$keyring(&(0x7f00000021c0), &(0x7f0000002200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x21000900}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x11}, 0x40)

1.073770822s ago: executing program 3 (id=2170):
socket$netlink(0x10, 0x3, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
ioctl$int_out(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000180)='enc=\xecd|\xb9\xb8\xc1N\x8f\xa6\x85JR\xccw\xe1\a5;g\x05\xd9\xc9F\x94\xa7\xdf=\x15\xa4\xe2\xea$\xd7\x1b\xf9\xcd\xc6.[\x9a\x15g\xd2\x91\xf5\x8bo>?\x1a\xed1\xf2\xdc\x1fTw\xe7\xd0I\xb1\x1c\ry\x90\x1eC\'\x05\x9e\x03d\xae\x94\xf6\xf04\xdd\r\x9183\xddD)\xe0-\xaa\x1c\xa7\x10\xc8\xdc\x9d\x1a\x8e\"\f\xa3\xcd\x8d\xe2\xaf.\n#\xcdn\xc1\xf1\xef\x92\xe0\xfc\x83\xabC', 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x101)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="500100001a00010000000000020000000200001f0000c808ffffffea080006000700000008000400", @ANYRES32=0x0, @ANYBLOB="06001c004e21000008000100ac1414"], 0x150}}, 0x0)

1.028005744s ago: executing program 3 (id=2171):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES8], 0x6)

1.004055768s ago: executing program 0 (id=2172):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000005800)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kfree\x00'}, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
lsetxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000040)=@random={'security.', '-\x00'}, &(0x7f0000000100)='\x00', 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000005840))
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xb1ff}, @TCA_CAKE_TARGET={0x8, 0x8, 0x6}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x4c}}, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'geneve0\x00', <r5=>0x0})
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000680)=""/235, 0xeb, 0x40000000, &(0x7f0000000280)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x1}, 0x80)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000140)=0x3, 0x4)
sendto$packet(r4, &(0x7f00000000c0)="3f05fe7f7028120006001e0089e9aaa921d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)

909.659812ms ago: executing program 3 (id=2173):
socket$netlink(0x10, 0x3, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
ioctl$int_out(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000180)='enc=\xecd|\xb9\xb8\xc1N\x8f\xa6\x85JR\xccw\xe1\a5;g\x05\xd9\xc9F\x94\xa7\xdf=\x15\xa4\xe2\xea$\xd7\x1b\xf9\xcd\xc6.[\x9a\x15g\xd2\x91\xf5\x8bo>?\x1a\xed1\xf2\xdc\x1fTw\xe7\xd0I\xb1\x1c\ry\x90\x1eC\'\x05\x9e\x03d\xae\x94\xf6\xf04\xdd\r\x9183\xddD)\xe0-\xaa\x1c\xa7\x10\xc8\xdc\x9d\x1a\x8e\"\f\xa3\xcd\x8d\xe2\xaf.\n#\xcdn\xc1\xf1\xef\x92\xe0\xfc\x83\xabC', 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
listen(r0, 0x101)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10)

881.114318ms ago: executing program 0 (id=2174):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x2, 0x2, 0xab78, 0x11c, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x1, 0xc}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x101, 0x7, 0x401, 0x20, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(0xffffffffffffffff, 0xfffffffffffffffd, 0x58)
r2 = epoll_create1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)="3b46228d51c8419c5a5b0c52e3fde336534d3c9d307c4b1d46f054a006198cf61ac7e25255b074f3", 0x28}], 0x1, &(0x7f0000000b40)=[@cred={{0x1c, 0x1, 0x2, {r3, 0xee01}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r3, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r3, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @cred={{0xc, 0x1, 0x2, {r3, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r3}}}, @rights={{0x28, 0x1, 0x1, [r4, r2, r5, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x120, 0x4}}, {{&(0x7f0000000c80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000000d00)="3ebfe877c03856696528e8e7741d405fd5e757da6175d89a88c6a79c196560946f052b2f8611ca23ef3a0784de864010ff56c08344c94f1a589a7bfbe2ec5edd93a475f1f409c2e0f48b919553ea11cc47614461ad3578897ae67c69fbb9f54cd272f4ab0f858dcfbcf5aa5a830834338e35c7668c81f4a4b78ebcd76b0c798272108355ddb66e8a435bbc9d7f72f767cdd2590f47fab99f0a98617ae477f5b664af10683daccc49afa7587ed781cc83ecbf1b5a973f0b2adfed7fa7ea3372999c3e7b07ffd2b72520ae15257b5db00637ab2660c859331a7c80183e9c163339b04f2612563a15", 0xe7}, {&(0x7f0000000e00)="7fb76c1e5e2d9600a9ee92e5c84bef117b29a6b31f18d3e68f64f8fb848f056cee7ba725a98b952b6a59240db5188c76ca7ef1b23ad96964147f5c4d7956b87eabf6dc2f73471c1399896734b03351728803d66526d5f193b73d8cec56025025cd4dcb1b9587213969d1b04d12deb9b1a3c45e270afa00ea4215dc85bad0a4b642308ae376e075787fe34c383f6b0766c7acea57bef5b92c15c20cffd00f15ff25f1beeab5b0bba3fe8f3a90b18be9478bf0791296643cadb5d1ab54fa1075c798bebdbe532b7766d98788825877516789a95f648968d7f88625b8a60b9b6f", 0xdf}, {&(0x7f00000005c0)="2ea5805a52754e5fdcaf666c59457dde7dc69e5f586e0b07fb9a5884b9ebb6a2f34c8454a30476903573f1c2521fa13113882a685dd83a965a044beed98b223cd7e773df65e6e6bfdc330e7978090a47382f0348bc619c0448f9a787d534837c034ee2d93c0505be61ce88a382263a7b5cbf2487c0cd12200b9807a558382dd2d67e488a9659669b55e6516419084a778a8eba1d03ff2f5d12550d56491841eede681a4423909282107f8caafcae396d56dca43e70d052b4cf1e2fccb4362508ac5e3956fecf3a13b0b11f085027b1ebb801281d63c59de86a781cc4d39a4aab7f992aca82de70012af036bc245eefcb6c4a74ad5cc383d75156b875269efe7c6f85e2b725e92f577b276fb930ee73a1caaf6c38da05039d9e1cb44b91c352adcdd6be516cdbd1755d8c6cd3c9f38c223d41f26bb80354d6091b37e04ea5f7e152224e7424c606b3cbb25fb44a01e7e24874504ce100852db0dd2cb73154f8c6aba8f955ffffffffabaf33866370b4f7a5e1f27310772e8c6b7c1a9aa77dd5958808bbf073bc0c1b00"/403, 0x193}], 0x3, &(0x7f0000001000)=[@rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r5, r5, r1, r4, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r4, 0xffffffffffffffff, r2]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r5]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r4, r2, 0xffffffffffffffff]}}], 0xb8, 0x4}}], 0x2, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = memfd_secret(0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x21011, r7, 0x0)
ioctl$SG_GET_SG_TABLESIZE(r6, 0x40046f41, &(0x7f00000000c0))

608.353184ms ago: executing program 4 (id=2175):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f00000006c0)="2ce45717a37e3284cff71a465692541b688bbbb6f253df100e9cf80580b2b56401eb1b0f1c27479d1bcd20b70cfaafa02213e074a88e615fb9e387bbfeb4ea08febe4fdf969055477018f955aaa39190be2764a287ad81aeb7512394ed91c19a0fff5dafd393ef75e8a61ebaa3816b028ae307e916309de6aac9143f111ccf0e2c808f697386c03ed8988531ce53d2f4f840dc1a69d30b9b0848edd64b82cbfa44c7e8669b198921d90f8e6034b327dd98fe8842dc3a23aa3bd61d7df8f3973a6c8bc4e1a5192aa216c5e36b33d8f277bb511aea2b5bb105a998dffd22473812a2696bfd", 0xe4}], 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
getsockopt$inet_opts(r3, 0x0, 0x9, &(0x7f0000000680)=""/23, &(0x7f00000000c0)=0x17)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0xfffffffffffffe25}, 0x0)

0s ago: executing program 3 (id=2176):
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0)
flock(r0, 0x2)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r1, 0x1)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.stat\x00', 0x275a, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r4 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0)
write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff)
unlink(&(0x7f0000000100)='./file0/file1\x00')
mount(0x0, &(0x7f0000000240)='./file0/file1\x00', &(0x7f00000000c0)='pipefs\x00', 0x0, 0x0)
flock(r2, 0x1)
flock(r0, 0x1)

kernel console output (not intermixed with test programs):

T11604] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001
[  517.616827][T11604] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  517.624838][T11604]  </TASK>
[  517.749489][T11582] bond_slave_0: left promiscuous mode
[  517.754980][T11582] bond_slave_1: left promiscuous mode
[  517.826340][T11607] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  517.840749][T11607] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  517.880773][T11593] bond_slave_0: left promiscuous mode
[  517.886433][T11593] bond_slave_1: left promiscuous mode
[  519.107093][T11624] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  519.178306][ T5214] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  519.397473][ T5214] usb 1-1: Using ep0 maxpacket: 32
[  519.410270][ T5214] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  519.420005][ T5214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.429928][ T5214] usb 1-1: Product: syz
[  519.434693][ T5214] usb 1-1: Manufacturer: syz
[  519.441722][ T5214] usb 1-1: SerialNumber: syz
[  519.453157][ T5214] usb 1-1: config 0 descriptor??
[  519.679781][T11611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.690112][T11611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.425392][T11644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1743'.
[  520.714721][T11657] bond_slave_0: entered promiscuous mode
[  520.720636][T11657] bond_slave_1: entered promiscuous mode
[  520.782323][ T5214] rtl8150 1-1:0.0: couldn't reset the device
[  520.788851][ T5214] rtl8150 1-1:0.0: probe with driver rtl8150 failed with error -5
[  521.004308][ T5214] usb 1-1: USB disconnect, device number 29
[  521.237528][   T29] audit: type=1326 audit(1721625208.320:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11643 comm="syz.1.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfaad75b59 code=0x7fc00000
[  521.404473][T11650] bond_slave_0: left promiscuous mode
[  521.410077][T11650] bond_slave_1: left promiscuous mode
[  521.694644][T11679] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  521.736973][T11680] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  521.743175][T11672] cgroup: fork rejected by pids controller in /syz0
[  521.758340][T11680] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  522.116950][T11715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1753'.
[  522.272671][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  522.285764][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  522.295438][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  522.305008][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  522.313470][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  522.321205][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  522.413124][T11719] FAULT_INJECTION: forcing a failure.
[  522.413124][T11719] name failslab, interval 1, probability 0, space 0, times 0
[  522.478186][T11719] CPU: 0 PID: 11719 Comm: syz.0.1754 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  522.488110][T11719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  522.498251][T11719] Call Trace:
[  522.501529][T11719]  <TASK>
[  522.504454][T11719]  dump_stack_lvl+0x241/0x360
[  522.509231][T11719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  522.514472][T11719]  ? __pfx__printk+0x10/0x10
[  522.519175][T11719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.525442][T11719]  should_fail_ex+0x3b0/0x4e0
[  522.530234][T11719]  ? copy_splice_read+0x18d/0xb60
[  522.535294][T11719]  should_failslab+0x9/0x20
[  522.540071][T11719]  __kmalloc_noprof+0xd8/0x400
[  522.544854][T11719]  ? __pfx_copy_splice_read+0x10/0x10
[  522.550286][T11719]  copy_splice_read+0x18d/0xb60
[  522.555165][T11719]  ? __asan_memset+0x23/0x50
[  522.559785][T11719]  ? __pfx_copy_splice_read+0x10/0x10
[  522.565193][T11719]  ? __raw_spin_lock_init+0x45/0x100
[  522.570528][T11719]  ? alloc_pipe_info+0x370/0x4d0
[  522.575505][T11719]  ? __pfx_copy_splice_read+0x10/0x10
[  522.580935][T11719]  splice_direct_to_actor+0x4b7/0xc90
[  522.586357][T11719]  ? __pfx_direct_splice_actor+0x10/0x10
[  522.592297][T11719]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  522.598260][T11719]  ? __fget_files+0x29/0x470
[  522.602887][T11719]  ? __pfx_lock_release+0x10/0x10
[  522.607960][T11719]  do_splice_direct+0x28c/0x3e0
[  522.612856][T11719]  ? __pfx_do_splice_direct+0x10/0x10
[  522.618611][T11719]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  522.624546][T11719]  ? security_file_permission+0x7f/0xa0
[  522.630399][T11719]  ? rw_verify_area+0x1d2/0x6b0
[  522.635292][T11719]  do_sendfile+0x56d/0xe20
[  522.639756][T11719]  ? __might_fault+0xaa/0x120
[  522.644467][T11719]  ? __pfx_do_sendfile+0x10/0x10
[  522.649482][T11719]  ? __might_fault+0xc6/0x120
[  522.654201][T11719]  __se_sys_sendfile64+0x100/0x1e0
[  522.659344][T11719]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  522.665099][T11719]  ? do_syscall_64+0x100/0x230
[  522.669890][T11719]  ? do_syscall_64+0xb6/0x230
[  522.674593][T11719]  do_syscall_64+0xf3/0x230
[  522.679116][T11719]  ? clear_bhb_loop+0x35/0x90
[  522.683823][T11719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.689831][T11719] RIP: 0033:0x7f274e975b59
[  522.694264][T11719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  522.714242][T11719] RSP: 002b:00007f274f6c8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  522.722947][T11719] RAX: ffffffffffffffda RBX: 00007f274eb05f60 RCX: 00007f274e975b59
[  522.731031][T11719] RDX: 0000000020000100 RSI: 0000000000000004 RDI: 0000000000000006
[  522.739293][T11719] RBP: 00007f274f6c80a0 R08: 0000000000000000 R09: 0000000000000000
[  522.747386][T11719] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  522.755582][T11719] R13: 000000000000000b R14: 00007f274eb05f60 R15: 00007fffaee1d898
[  522.763599][T11719]  </TASK>
[  522.784117][T11716] chnl_net:caif_netlink_parms(): no params data found
[  522.917948][   T46] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  523.009329][T11731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.039040][T11731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.116152][T11716] bridge0: port 1(bridge_slave_0) entered blocking state
[  523.127502][T11716] bridge0: port 1(bridge_slave_0) entered disabled state
[  523.156627][T11716] bridge_slave_0: entered allmulticast mode
[  523.160878][   T46] usb 3-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[  523.170876][T11716] bridge_slave_0: entered promiscuous mode
[  523.184465][T11716] bridge0: port 2(bridge_slave_1) entered blocking state
[  523.210643][T11716] bridge0: port 2(bridge_slave_1) entered disabled state
[  523.224538][   T46] usb 3-1: New USB device found, idVendor=045e, idProduct=00f8, bcdDevice=ea.05
[  523.243196][T11716] bridge_slave_1: entered allmulticast mode
[  523.256386][T11716] bridge_slave_1: entered promiscuous mode
[  523.295805][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.309779][   T46] usb 3-1: config 0 descriptor??
[  523.356652][T11716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  523.395186][T11716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  523.478847][T11716] team0: Port device team_slave_0 added
[  523.498905][T11716] team0: Port device team_slave_1 added
[  523.547694][ T5142] usb 3-1: USB disconnect, device number 36
[  523.567790][T11716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  523.583340][T11716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  523.613590][T11716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  523.642190][   T46] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  523.647508][T11716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  523.657167][T11716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  523.689446][T11716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  523.870273][   T46] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  523.885229][T11716] hsr_slave_0: entered promiscuous mode
[  523.912382][   T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  523.922869][T11716] hsr_slave_1: entered promiscuous mode
[  523.934778][T11716] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  523.944986][   T46] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  523.953351][T11716] Cannot create hsr debugfs directory
[  523.957564][   T46] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  523.993072][   T46] usb 5-1: Manufacturer: syz
[  524.011355][   T46] usb 5-1: config 0 descriptor??
[  524.087436][   T46] rc_core: IR keymap rc-hauppauge not found
[  524.093590][   T46] Registered IR keymap rc-empty
[  524.120259][   T46] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  524.155989][   T46] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input52
[  524.418292][ T5103] Bluetooth: hci0: command tx timeout
[  524.523007][T11716] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  524.572686][T11751] bond_slave_0: entered promiscuous mode
[  524.578490][T11751] bond_slave_1: entered promiscuous mode
[  524.584212][T11751] batadv0: entered promiscuous mode
[  524.658923][T11716] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  524.773861][T11716] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  524.855589][T11716] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.131583][T11744] bond_slave_0: left promiscuous mode
[  525.137048][T11744] bond_slave_1: left promiscuous mode
[  525.142717][T11744] batadv0: left promiscuous mode
[  525.174353][T11716] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  525.214961][ T5141] usb 5-1: USB disconnect, device number 35
[  525.243402][T11716] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  525.328256][T11716] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  525.349421][T11716] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  525.799635][T11767] cifs: Unknown parameter 'Ü[—Íñ¦bšÿÿÿITäŒ&¬æ:ÅèÙ"‚Õë�ï1:ºÃÃÓ­'Ä4,�Zz-#FÇ<æõ]%gCžÊ
[  525.799635][T11767] SÃȘØÈžZ§6ŸÂ'
[  526.252079][T11716] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.342364][T11716] 8021q: adding VLAN 0 to HW filter on device team0
[  526.372414][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.379611][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state
[  526.982772][T11773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  526.993152][ T5103] Bluetooth: hci0: command tx timeout
[  527.401708][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state
[  527.408844][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  527.447898][T11773] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  527.454847][T11773] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  527.470021][T11773] vhci_hcd vhci_hcd.0: Device attached
[  527.484635][T11774] bond_slave_0: entered promiscuous mode
[  527.490680][T11774] bond_slave_1: entered promiscuous mode
[  527.496658][T11774] batadv0: entered promiscuous mode
[  527.506397][T11771] bond_slave_0: left promiscuous mode
[  527.513522][T11771] bond_slave_1: left promiscuous mode
[  527.519186][T11771] batadv0: left promiscuous mode
[  527.609951][ T5103] Bluetooth: hci2: unexpected event 0x09 length: 17 > 3
[  527.656715][T11782] vhci_hcd: connection closed
[  527.723761][ T2461] vhci_hcd: stop threads
[  527.799429][T11792] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  527.809838][ T2461] vhci_hcd: release socket
[  528.050015][ T2461] vhci_hcd: disconnect device
[  528.050097][ T5141] usb 18-1: SetAddress Request (2) to port 0
[  528.075314][ T5141] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd
[  528.084557][T11792] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  528.816754][T11805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.835486][T11805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.942069][T11716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  529.057583][ T5103] Bluetooth: hci0: command tx timeout
[  529.190725][T11819] bond_slave_0: entered promiscuous mode
[  529.196492][T11819] bond_slave_1: entered promiscuous mode
[  529.202371][T11819] batadv0: entered promiscuous mode
[  529.239609][T11716] veth0_vlan: entered promiscuous mode
[  529.304780][T11716] veth1_vlan: entered promiscuous mode
[  529.368785][T11716] veth0_macvtap: entered promiscuous mode
[  529.383762][T11716] veth1_macvtap: entered promiscuous mode
[  529.415753][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.431291][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.442378][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.453764][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.466495][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.478782][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.490283][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.501983][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.513588][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.524197][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.534895][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.547358][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.557474][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.568221][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.579902][T11716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  529.599799][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.614922][ T5142] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  529.627923][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.627938][ T5103] Bluetooth: hci2: command 0x0406 tx timeout
[  529.646991][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.671309][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.695819][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.716935][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.738618][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.754352][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.765315][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.784801][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.795889][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.807694][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.827882][T11716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.843860][T11716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.856670][ T5142] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  529.873203][ T5142] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  529.878193][T11716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  529.888769][ T5142] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  529.912282][T11809] bond_slave_0: left promiscuous mode
[  529.914795][ T5142] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  529.917875][T11809] bond_slave_1: left promiscuous mode
[  529.931488][T11809] batadv0: left promiscuous mode
[  529.952585][ T5142] usb 4-1: Manufacturer: syz
[  529.972937][T11716] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  529.993654][T11716] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.003865][ T5142] usb 4-1: config 0 descriptor??
[  530.009243][T11716] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.020205][T11716] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.195465][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.214524][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.223769][ T5142] rc_core: IR keymap rc-hauppauge not found
[  530.267622][ T5142] Registered IR keymap rc-empty
[  530.273327][ T5142] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  530.294293][ T6587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.305648][ T5142] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input53
[  530.305850][ T6587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.332990][ T5142] usb 4-1: USB disconnect, device number 38
[  530.703376][T11841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  530.912520][T11841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  531.138575][ T5103] Bluetooth: hci0: command tx timeout
[  531.832848][ T5142] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  532.029035][ T5103] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  532.048810][ T5142] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  532.076335][ T5142] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  532.099913][ T5142] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  532.110105][ T5142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.219647][T11858] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  532.232149][T11858] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  532.371033][T11849] usb usb9: usbfs: process 11849 (syz.3.1783) did not claim interface 0 before use
[  532.595502][T11866] bond_slave_0: entered promiscuous mode
[  532.601374][T11866] bond_slave_1: entered promiscuous mode
[  532.624316][T11849] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  532.653012][ T5142] usb 4-1: USB disconnect, device number 39
[  532.972527][T11872] FAULT_INJECTION: forcing a failure.
[  532.972527][T11872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.991491][T11872] CPU: 0 PID: 11872 Comm: syz.2.1788 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  533.001442][T11872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  533.011611][T11872] Call Trace:
[  533.014909][T11872]  <TASK>
[  533.017953][T11872]  dump_stack_lvl+0x241/0x360
[  533.022662][T11872]  ? __pfx_dump_stack_lvl+0x10/0x10
[  533.027979][T11872]  ? __pfx__printk+0x10/0x10
[  533.032610][T11872]  ? __pfx_lock_release+0x10/0x10
[  533.037670][T11872]  should_fail_ex+0x3b0/0x4e0
[  533.042509][T11872]  _copy_from_user+0x2f/0xe0
[  533.047131][T11872]  copy_msghdr_from_user+0xae/0x680
[  533.052452][T11872]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  533.058313][T11872]  __sys_sendmsg+0x23d/0x3a0
[  533.062927][T11872]  ? __pfx___sys_sendmsg+0x10/0x10
[  533.068061][T11872]  ? vfs_write+0x7c4/0xc90
[  533.072633][T11872]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  533.078992][T11872]  ? do_syscall_64+0x100/0x230
[  533.083793][T11872]  ? do_syscall_64+0xb6/0x230
[  533.088675][T11872]  do_syscall_64+0xf3/0x230
[  533.093284][T11872]  ? clear_bhb_loop+0x35/0x90
[  533.098076][T11872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.103999][T11872] RIP: 0033:0x7f04a0375b59
[  533.108523][T11872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.128156][T11872] RSP: 002b:00007f04a11ef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  533.136625][T11872] RAX: ffffffffffffffda RBX: 00007f04a0505f60 RCX: 00007f04a0375b59
[  533.138330][ T5141] usb 18-1: device descriptor read/8, error -110
[  533.144609][T11872] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[  533.158924][T11872] RBP: 00007f04a11ef0a0 R08: 0000000000000000 R09: 0000000000000000
[  533.166915][T11872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.174909][T11872] R13: 000000000000000b R14: 00007f04a0505f60 R15: 00007ffe9d0b0b48
[  533.182925][T11872]  </TASK>
[  533.236444][T11860] bond_slave_0: left promiscuous mode
[  533.242051][T11860] bond_slave_1: left promiscuous mode
[  533.427885][ T5141] usb 18-1: SetAddress Request (3) to port 0
[  533.445306][ T5141] usb 18-1: new SuperSpeed USB device number 3 using vhci_hcd
[  533.677935][ T5142] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  533.868648][ T5214] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  533.869464][ T5142] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  533.894692][ T5142] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  533.905426][ T5142] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  533.921697][ T5142] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  533.931211][ T5142] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  533.941496][ T5142] usb 1-1: Manufacturer: syz
[  533.968316][ T5142] usb 1-1: config 0 descriptor??
[  533.985437][ T5142] igorplugusb 1-1:0.0: incorrect number of endpoints
[  534.077515][ T5214] usb 4-1: Using ep0 maxpacket: 8
[  534.084114][ T5214] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  534.100793][ T5214] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  534.104549][ T5103] Bluetooth: hci0: command tx timeout
[  534.121973][ T5214] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  534.135638][ T5214] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  534.206398][ T5214] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  534.319794][ T5214] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  534.592788][ T5214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.786447][T11904] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1798'.
[  534.861942][T11887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  534.875762][ T5214] usb 4-1: GET_CAPABILITIES returned 0
[  534.883498][T11907] FAULT_INJECTION: forcing a failure.
[  534.883498][T11907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  534.897097][ T5214] usbtmc 4-1:16.0: can't read capabilities
[  534.902246][ T5142] usb 1-1: USB disconnect, device number 30
[  534.912238][T11887] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  534.920657][T11907] CPU: 0 PID: 11907 Comm: syz.4.1800 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  534.920685][T11907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  534.920696][T11907] Call Trace:
[  534.920704][T11907]  <TASK>
[  534.920713][T11907]  dump_stack_lvl+0x241/0x360
[  534.920741][T11907]  ? __pfx_dump_stack_lvl+0x10/0x10
[  534.920760][T11907]  ? __pfx__printk+0x10/0x10
[  534.920786][T11907]  ? __pfx_lock_release+0x10/0x10
[  534.920815][T11907]  should_fail_ex+0x3b0/0x4e0
[  534.920842][T11907]  _copy_from_user+0x2f/0xe0
[  534.920868][T11907]  copy_msghdr_from_user+0xae/0x680
[  534.920894][T11907]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  534.920927][T11907]  __sys_sendmsg+0x23d/0x3a0
[  534.920953][T11907]  ? __pfx___sys_sendmsg+0x10/0x10
[  534.920973][T11907]  ? vfs_write+0x7c4/0xc90
[  534.921034][T11907]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  534.921058][T11907]  ? do_syscall_64+0x100/0x230
[  534.921079][T11907]  ? do_syscall_64+0xb6/0x230
[  534.921100][T11907]  do_syscall_64+0xf3/0x230
[  534.921119][T11907]  ? clear_bhb_loop+0x35/0x90
[  534.921143][T11907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.921164][T11907] RIP: 0033:0x7f1ad2175b59
[  534.921182][T11907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  534.921197][T11907] RSP: 002b:00007f1ad2ef4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  534.921220][T11907] RAX: ffffffffffffffda RBX: 00007f1ad2305f60 RCX: 00007f1ad2175b59
[  534.921235][T11907] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
[  534.921247][T11907] RBP: 00007f1ad2ef40a0 R08: 0000000000000000 R09: 0000000000000000
[  534.921259][T11907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  534.921271][T11907] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  534.921299][T11907]  </TASK>
[  534.960391][ T5214] usb 4-1: USB disconnect, device number 40
[  535.239566][T11926] bond_slave_0: entered promiscuous mode
[  535.239607][T11926] bond_slave_1: entered promiscuous mode
[  535.255961][ T5103] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  535.662333][T11930] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  535.681930][T11930] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  535.850511][T11912] bond_slave_0: left promiscuous mode
[  535.855976][T11912] bond_slave_1: left promiscuous mode
[  536.922548][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.969433][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.562680][ T5103] Bluetooth: hci0: command tx timeout
[  537.607644][   T46] kernel read not supported for file /dsp (pid: 46 comm: kworker/1:1)
[  538.557634][   T46] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  538.579413][ T5141] usb 18-1: device descriptor read/8, error -110
[  538.707917][ T5141] usb usb18-port1: attempt power cycle
[  538.739616][   T46] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  538.749390][   T46] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  538.764959][   T46] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  538.779709][   T46] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  538.789497][   T46] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  538.798548][   T46] usb 5-1: Manufacturer: syz
[  538.804623][   T46] usb 5-1: config 0 descriptor??
[  538.811502][   T46] igorplugusb 5-1:0.0: incorrect number of endpoints
[  538.818874][ T5086] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  538.826759][ T5142] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  538.927503][ T5141] usb 18-1: SetAddress Request (4) to port 0
[  538.935514][ T5141] usb 18-1: new SuperSpeed USB device number 4 using vhci_hcd
[  539.007443][ T5086] usb 1-1: Using ep0 maxpacket: 8
[  539.014500][ T5086] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  539.028209][ T5214] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  539.035207][ T5086] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  539.045932][ T5142] usb 3-1: config 0 has an invalid interface descriptor of length 2, skipping
[  539.064112][ T5086] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  539.074553][ T5142] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  539.092548][T11964] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1816'.
[  539.101877][ T5086] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  539.117115][ T5137] usb 5-1: USB disconnect, device number 36
[  539.117447][ T5142] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  539.149902][ T5086] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  539.159233][ T5142] usb 3-1: New USB device found, idVendor=0403, idProduct=ff00, bcdDevice=5c.04
[  539.168373][ T5086] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.177063][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.190372][ T5142] usb 3-1: config 0 descriptor??
[  539.198151][ T5142] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  539.206356][ T5142] ftdi_sio ttyUSB0: unknown device type: 0x5c04
[  539.219868][ T5214] usb 4-1: config 0 has an invalid interface descriptor of length 2, skipping
[  539.229286][ T5214] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  539.248488][ T5214] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  539.265775][ T5214] usb 4-1: New USB device found, idVendor=0403, idProduct=ff00, bcdDevice=5c.04
[  539.275026][ T5214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.285282][ T5214] usb 4-1: config 0 descriptor??
[  539.292310][ T5214] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  539.300837][ T5214] ftdi_sio ttyUSB1: unknown device type: 0x5c04
[  539.455357][ T5142] usb 3-1: USB disconnect, device number 37
[  539.479558][ T5142] ftdi_sio 3-1:0.0: device disconnected
[  539.665248][T11979] usb 4-1: USB disconnect, device number 41
[  540.489363][T11979] ftdi_sio 4-1:0.0: device disconnected
[  540.631014][T11994] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1823'.
[  541.640329][ T5086] usb 1-1: usb_control_msg returned -71
[  541.667571][ T5086] usbtmc 1-1:16.0: can't read capabilities
[  541.748225][ T5086] usb 1-1: USB disconnect, device number 31
[  542.137473][T11979] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  542.297941][ T5137] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  542.329552][T11979] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  542.351849][T11979] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  542.365135][T11979] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  542.374559][T11979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.750362][ T5137] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  542.799325][ T5137] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.855758][ T5137] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  543.491632][ T5137] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  543.508790][T12024] usb usb9: usbfs: process 12024 (syz.3.1831) did not claim interface 0 before use
[  543.530641][ T5137] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  543.558099][ T5137] usb 3-1: Manufacturer: syz
[  543.565191][T12041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.578323][ T5137] usb 3-1: config 0 descriptor??
[  543.594390][ T5137] igorplugusb 3-1:0.0: incorrect number of endpoints
[  543.613902][T12041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.672637][T12043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1837'.
[  543.777968][T12024] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  543.830711][T11979] usb 4-1: USB disconnect, device number 42
[  544.032294][ T5141] usb 18-1: device descriptor read/8, error -110
[  544.050814][ T5086] usb 3-1: USB disconnect, device number 38
[  544.331775][ T5141] usb 18-1: SetAddress Request (5) to port 0
[  544.348302][ T5141] usb 18-1: new SuperSpeed USB device number 5 using vhci_hcd
[  544.427673][T11979] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  544.667562][T11979] usb 1-1: Using ep0 maxpacket: 8
[  544.754474][T11979] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  544.833545][T11979] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  544.867012][T11979] usb 1-1: config 0 has no interface number 0
[  544.875539][T11979] usb 1-1: config 0 interface 52 has no altsetting 0
[  544.885281][T11979] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  544.903948][T11979] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  544.912679][T11979] usb 1-1: Product: syz
[  544.960788][T11979] usb 1-1: SerialNumber: syz
[  544.970774][T11979] usb 1-1: config 0 descriptor??
[  545.453096][T12049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  545.478269][T12049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  545.543211][T12049] netlink: 'syz.0.1838': attribute type 2 has an invalid length.
[  545.887062][T11979] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  545.890439][ T5214] usb 1-1: USB disconnect, device number 32
[  546.097540][T11979] usb 2-1: Using ep0 maxpacket: 8
[  546.123055][T11979] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  546.167645][T11979] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  546.177729][T11979] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  546.187916][T11979] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  546.235058][T11979] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  546.308254][T11979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.862909][T11979] usb 2-1: usb_control_msg returned -71
[  548.881840][T11979] usbtmc 2-1:16.0: can't read capabilities
[  548.948601][T11979] usb 2-1: USB disconnect, device number 34
[  549.029127][T12094] FAULT_INJECTION: forcing a failure.
[  549.029127][T12094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.045901][T12093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  549.071889][T12094] CPU: 1 PID: 12094 Comm: syz.1.1848 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  549.082057][T12094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  549.092427][T12094] Call Trace:
[  549.095993][T12094]  <TASK>
[  549.098939][T12094]  dump_stack_lvl+0x241/0x360
[  549.103746][T12094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.109003][T12094]  ? __pfx__printk+0x10/0x10
[  549.113712][T12094]  ? __pfx_lock_release+0x10/0x10
[  549.118863][T12094]  should_fail_ex+0x3b0/0x4e0
[  549.123582][T12094]  _copy_from_user+0x2f/0xe0
[  549.128306][T12094]  copy_msghdr_from_user+0xae/0x680
[  549.133619][T12094]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  549.139471][T12094]  __sys_sendmsg+0x23d/0x3a0
[  549.144131][T12094]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.149366][T12094]  ? vfs_write+0x7c4/0xc90
[  549.153955][T12094]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  549.160666][T12094]  ? do_syscall_64+0x100/0x230
[  549.165460][T12094]  ? do_syscall_64+0xb6/0x230
[  549.170161][T12094]  do_syscall_64+0xf3/0x230
[  549.174690][T12094]  ? clear_bhb_loop+0x35/0x90
[  549.179420][T12094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.185437][T12094] RIP: 0033:0x7f2277b75b59
[  549.189974][T12094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.209969][T12094] RSP: 002b:00007f2278991048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.218588][T12094] RAX: ffffffffffffffda RBX: 00007f2277d05f60 RCX: 00007f2277b75b59
[  549.226767][T12094] RDX: 0000000000000000 RSI: 0000000020000a80 RDI: 0000000000000003
[  549.235049][T12094] RBP: 00007f22789910a0 R08: 0000000000000000 R09: 0000000000000000
[  549.243218][T12094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.251566][T12094] R13: 000000000000000b R14: 00007f2277d05f60 R15: 00007fff0b17da78
[  549.259671][T12094]  </TASK>
[  549.269915][T12093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  549.358668][    C1] eth0: bad gso: type: 1, size: 1408
[  549.458176][ T5141] usb 18-1: device descriptor read/8, error -110
[  549.589245][ T5141] usb usb18-port1: unable to enumerate USB device
[  549.622000][T12100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1851'.
[  550.398630][T12103] vlan1: entered promiscuous mode
[  550.506080][T12103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1852'.
[  552.811178][T12103] vlan1 (unregistering): left promiscuous mode
[  552.908563][T12114] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  553.075307][T12126] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  553.091354][T12126] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  554.621811][T12150] FAULT_INJECTION: forcing a failure.
[  554.621811][T12150] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.636737][T12150] CPU: 1 PID: 12150 Comm: syz.1.1865 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  554.646757][T12150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  554.657190][T12150] Call Trace:
[  554.660572][T12150]  <TASK>
[  554.663531][T12150]  dump_stack_lvl+0x241/0x360
[  554.668406][T12150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.673659][T12150]  ? __pfx__printk+0x10/0x10
[  554.678269][T12150]  ? __pfx_lock_release+0x10/0x10
[  554.683317][T12150]  should_fail_ex+0x3b0/0x4e0
[  554.688105][T12150]  _copy_from_user+0x2f/0xe0
[  554.692806][T12150]  copy_msghdr_from_user+0xae/0x680
[  554.698254][T12150]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  554.704378][T12150]  __sys_sendmsg+0x23d/0x3a0
[  554.709135][T12150]  ? __pfx___sys_sendmsg+0x10/0x10
[  554.714260][T12150]  ? vfs_write+0x7c4/0xc90
[  554.719085][T12146] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  554.719171][T12150]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  554.741995][T12150]  ? do_syscall_64+0x100/0x230
[  554.746802][T12150]  ? do_syscall_64+0xb6/0x230
[  554.751517][T12150]  do_syscall_64+0xf3/0x230
[  554.756049][T12150]  ? clear_bhb_loop+0x35/0x90
[  554.761168][T12150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.767184][T12150] RIP: 0033:0x7f2277b75b59
[  554.771973][T12150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.791706][T12150] RSP: 002b:00007f2278991048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  554.800153][T12150] RAX: ffffffffffffffda RBX: 00007f2277d05f60 RCX: 00007f2277b75b59
[  554.808426][T12150] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005
[  554.816514][T12150] RBP: 00007f22789910a0 R08: 0000000000000000 R09: 0000000000000000
[  554.824515][T12150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  554.833133][T12150] R13: 000000000000000b R14: 00007f2277d05f60 R15: 00007fff0b17da78
[  554.841314][T12150]  </TASK>
[  554.844428][    C1] vkms_vblank_simulate: vblank timer overrun
[  555.040499][T12157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.106723][T12157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.938031][T12193] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1877'.
[  557.366989][T12210] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  557.400652][T12210] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  557.763900][T12224] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1885'.
[  557.824085][T12224] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1885'.
[  557.913427][T12229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.990388][T12229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  559.410610][    C1] eth0: bad gso: type: 1, size: 1408
[  559.439043][T12246] FAULT_INJECTION: forcing a failure.
[  559.439043][T12246] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.452471][T12246] CPU: 1 PID: 12246 Comm: syz.3.1891 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  559.462394][T12246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  559.472433][T12246] Call Trace:
[  559.475697][T12246]  <TASK>
[  559.478612][T12246]  dump_stack_lvl+0x241/0x360
[  559.483304][T12246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.488518][T12246]  ? __pfx__printk+0x10/0x10
[  559.493108][T12246]  ? __pfx_lock_release+0x10/0x10
[  559.498144][T12246]  should_fail_ex+0x3b0/0x4e0
[  559.502825][T12246]  _copy_from_user+0x2f/0xe0
[  559.507506][T12246]  copy_msghdr_from_user+0xae/0x680
[  559.512721][T12246]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  559.518534][T12246]  __sys_sendmsg+0x23d/0x3a0
[  559.523137][T12246]  ? __pfx___sys_sendmsg+0x10/0x10
[  559.528241][T12246]  ? vfs_write+0x7c4/0xc90
[  559.532754][T12246]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  559.539157][T12246]  ? do_syscall_64+0x100/0x230
[  559.543910][T12246]  ? do_syscall_64+0xb6/0x230
[  559.548660][T12246]  do_syscall_64+0xf3/0x230
[  559.553160][T12246]  ? clear_bhb_loop+0x35/0x90
[  559.557848][T12246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.563774][T12246] RIP: 0033:0x7fd040175b59
[  559.568188][T12246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.587914][T12246] RSP: 002b:00007fd040e65048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  559.596415][T12246] RAX: ffffffffffffffda RBX: 00007fd040305f60 RCX: 00007fd040175b59
[  559.604476][T12246] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[  559.612444][T12246] RBP: 00007fd040e650a0 R08: 0000000000000000 R09: 0000000000000000
[  559.620507][T12246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.628557][T12246] R13: 000000000000000b R14: 00007fd040305f60 R15: 00007fff67f5ac58
[  559.636527][T12246]  </TASK>
[  560.684965][T12248] FAULT_INJECTION: forcing a failure.
[  560.684965][T12248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.744001][T12248] CPU: 1 PID: 12248 Comm: syz.2.1892 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  560.754288][T12248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  560.764600][T12248] Call Trace:
[  560.767878][T12248]  <TASK>
[  560.770804][T12248]  dump_stack_lvl+0x241/0x360
[  560.775846][T12248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.781139][T12248]  ? __pfx__printk+0x10/0x10
[  560.785729][T12248]  ? __pfx_lock_release+0x10/0x10
[  560.790768][T12248]  should_fail_ex+0x3b0/0x4e0
[  560.795459][T12248]  _copy_from_user+0x2f/0xe0
[  560.800078][T12248]  __copy_siginfo_from_user+0x97/0x4f0
[  560.805551][T12248]  ? __pfx___copy_siginfo_from_user+0x10/0x10
[  560.811639][T12248]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  560.817633][T12248]  ? __fget_files+0x3f6/0x470
[  560.822333][T12248]  __x64_sys_rt_tgsigqueueinfo+0x118/0x270
[  560.828669][T12248]  ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10
[  560.835186][T12248]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  560.841180][T12248]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  560.847528][T12248]  ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0
[  560.853947][T12248]  ? syscall_user_dispatch+0x4e/0x90
[  560.859265][T12248]  do_syscall_64+0xf3/0x230
[  560.863801][T12248]  ? clear_bhb_loop+0x35/0x90
[  560.868478][T12248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.874369][T12248] RIP: 0033:0x7f04a0375b59
[  560.878865][T12248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.898645][T12248] RSP: 002b:00007f04a11ef048 EFLAGS: 00000246 ORIG_RAX: 0000000000000129
[  560.907055][T12248] RAX: ffffffffffffffda RBX: 00007f04a0505f60 RCX: 00007f04a0375b59
[  560.915016][T12248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  560.922987][T12248] RBP: 00007f04a11ef0a0 R08: 0000000000000000 R09: 0000000000000000
[  560.930975][T12248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.939032][T12248] R13: 000000000000000b R14: 00007f04a0505f60 R15: 00007ffe9d0b0b48
[  560.947016][T12248]  </TASK>
[  561.161550][T12266] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1897'.
[  562.372310][ T5094] Bluetooth: hci2: unexpected event 0x09 length: 17 > 3
[  562.413113][T12283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1902'.
[  562.439886][ T5141] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  562.535625][T12284] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  562.544391][T12284] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  562.698965][ T5141] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  562.707827][ T5141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  562.727999][ T5141] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  562.753969][ T5141] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  562.808224][ T5141] usb 3-1: Manufacturer: syz
[  562.829098][ T5141] usb 3-1: config 0 descriptor??
[  562.956354][T12290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  562.968162][T12289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.009686][T12290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.030838][T12289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.077576][ T5141] rc_core: IR keymap rc-hauppauge not found
[  563.084620][ T5141] Registered IR keymap rc-empty
[  563.105330][ T5141] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  563.143133][ T5141] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input54
[  563.192313][ T5141] usb 3-1: USB disconnect, device number 39
[  563.383347][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  563.390033][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  563.436364][T12297] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1906'.
[  564.144649][T12307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  564.177513][T12302] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  564.246818][T12307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  564.417626][ T5094] Bluetooth: hci2: command 0x0406 tx timeout
[  564.428603][T12311] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  564.459039][T12311] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  565.017248][T12335] bond_slave_0: entered promiscuous mode
[  565.022995][T12335] bond_slave_1: entered promiscuous mode
[  565.667213][T12328] bond_slave_0: left promiscuous mode
[  565.672730][T12328] bond_slave_1: left promiscuous mode
[  565.839526][T12351] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  565.911344][T12351] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  566.202267][T12361] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  566.508998][T12361] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  566.517971][ T5191] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  566.981449][ T5191] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  566.994000][ T5191] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  567.004099][ T5191] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  567.013875][ T5191] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.090213][ T5094] Bluetooth: hci2: unexpected event 0x09 length: 17 > 3
[  567.262647][T12354] usb usb9: usbfs: process 12354 (syz.4.1921) did not claim interface 0 before use
[  567.362143][T12374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.369939][T12367] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  567.406494][T12374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.482401][T12354] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  567.640196][T12379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.668954][T12379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.871194][T12384] FAULT_INJECTION: forcing a failure.
[  567.871194][T12384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.887920][T12384] CPU: 0 PID: 12384 Comm: syz.2.1930 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  567.897757][T12384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  567.907923][T12384] Call Trace:
[  567.911228][T12384]  <TASK>
[  567.914174][T12384]  dump_stack_lvl+0x241/0x360
[  567.918872][T12384]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.924108][T12384]  ? __pfx__printk+0x10/0x10
[  567.928725][T12384]  ? __pfx_lock_release+0x10/0x10
[  567.933772][T12384]  should_fail_ex+0x3b0/0x4e0
[  567.938535][T12384]  _copy_from_user+0x2f/0xe0
[  567.943132][T12384]  copy_msghdr_from_user+0xae/0x680
[  567.948338][T12384]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  567.954156][T12384]  __sys_sendmsg+0x23d/0x3a0
[  567.958765][T12384]  ? __pfx___sys_sendmsg+0x10/0x10
[  567.963888][T12384]  ? vfs_write+0x7c4/0xc90
[  567.968366][T12384]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  567.974731][T12384]  ? do_syscall_64+0x100/0x230
[  567.979545][T12384]  ? do_syscall_64+0xb6/0x230
[  567.984246][T12384]  do_syscall_64+0xf3/0x230
[  567.988858][T12384]  ? clear_bhb_loop+0x35/0x90
[  567.993554][T12384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.999626][T12384] RIP: 0033:0x7f04a0375b59
[  568.004037][T12384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.023677][T12384] RSP: 002b:00007f04a11ef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  568.032105][T12384] RAX: ffffffffffffffda RBX: 00007f04a0505f60 RCX: 00007f04a0375b59
[  568.040087][T12384] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[  568.048068][T12384] RBP: 00007f04a11ef0a0 R08: 0000000000000000 R09: 0000000000000000
[  568.056298][T12384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  568.064294][T12384] R13: 000000000000000b R14: 00007f04a0505f60 R15: 00007ffe9d0b0b48
[  568.073530][T12384]  </TASK>
[  568.808726][T12399] bond_slave_0: entered promiscuous mode
[  568.814600][T12399] bond_slave_1: entered promiscuous mode
[  568.876172][ T5191] usb 5-1: USB disconnect, device number 37
[  568.903260][T12402] FAULT_INJECTION: forcing a failure.
[  568.903260][T12402] name failslab, interval 1, probability 0, space 0, times 0
[  568.916521][T12402] CPU: 1 PID: 12402 Comm: syz.1.1934 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  568.926445][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  568.936518][T12402] Call Trace:
[  568.939817][T12402]  <TASK>
[  568.942759][T12402]  dump_stack_lvl+0x241/0x360
[  568.947459][T12402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  568.952656][T12402]  ? __pfx__printk+0x10/0x10
[  568.957253][T12402]  should_fail_ex+0x3b0/0x4e0
[  568.961928][T12402]  ? __alloc_skb+0x1c3/0x440
[  568.966522][T12402]  should_failslab+0x9/0x20
[  568.971027][T12402]  kmem_cache_alloc_node_noprof+0x71/0x320
[  568.976838][T12402]  __alloc_skb+0x1c3/0x440
[  568.981264][T12402]  ? __pfx___alloc_skb+0x10/0x10
[  568.986209][T12402]  ? bpf_lsm_file_permission+0x9/0x10
[  568.991579][T12402]  ? security_file_permission+0x7f/0xa0
[  568.997306][T12402]  ppp_write+0xb4/0x3f0
[  569.001461][T12402]  ? vfs_write+0x288/0xc90
[  569.005874][T12402]  ? __pfx_ppp_write+0x10/0x10
[  569.010730][T12402]  vfs_write+0x2a2/0xc90
[  569.015004][T12402]  ? __pfx_vfs_write+0x10/0x10
[  569.019786][T12402]  ? __fget_files+0x29/0x470
[  569.024406][T12402]  ? __fget_files+0x3f6/0x470
[  569.029091][T12402]  ? __fget_files+0x29/0x470
[  569.033687][T12402]  ksys_write+0x1a0/0x2c0
[  569.038242][T12402]  ? __pfx_ksys_write+0x10/0x10
[  569.043257][T12402]  ? do_syscall_64+0x100/0x230
[  569.048152][T12402]  ? do_syscall_64+0xb6/0x230
[  569.052843][T12402]  do_syscall_64+0xf3/0x230
[  569.057343][T12402]  ? clear_bhb_loop+0x35/0x90
[  569.062016][T12402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.067903][T12402] RIP: 0033:0x7f2277b75b59
[  569.072311][T12402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.092055][T12402] RSP: 002b:00007f2278970048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  569.100463][T12402] RAX: ffffffffffffffda RBX: 00007f2277d06038 RCX: 00007f2277b75b59
[  569.108430][T12402] RDX: 0000000000000002 RSI: 0000000020000280 RDI: 0000000000000003
[  569.116482][T12402] RBP: 00007f22789700a0 R08: 0000000000000000 R09: 0000000000000000
[  569.124447][T12402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  569.132411][T12402] R13: 000000000000006e R14: 00007f2277d06038 R15: 00007fff0b17da78
[  569.140566][T12402]  </TASK>
[  569.165220][ T5094] Bluetooth: hci2: command 0x0406 tx timeout
[  569.414764][T12388] bond_slave_0: left promiscuous mode
[  569.420631][T12388] bond_slave_1: left promiscuous mode
[  570.321786][T12409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  571.739236][T12432] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  571.757740][T12432] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  572.627454][T10031] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  572.863244][T10031] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  572.897820][T10031] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  572.918761][T10031] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  572.940037][ T5137] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  572.964296][T10031] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.147650][ T5137] usb 1-1: Using ep0 maxpacket: 32
[  573.160671][ T5137] usb 1-1: New USB device found, idVendor=07c4, idProduct=a103, bcdDevice=21.23
[  573.172545][T12472] bond_slave_0: entered promiscuous mode
[  573.178300][T12472] bond_slave_1: entered promiscuous mode
[  573.184595][ T5137] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.194354][ T5137] usb 1-1: Product: syz
[  573.208604][ T5137] usb 1-1: Manufacturer: syz
[  573.232724][ T5137] usb 1-1: SerialNumber: syz
[  573.251551][T12446] usb usb9: usbfs: process 12446 (syz.1.1946) did not claim interface 0 before use
[  573.264017][ T5137] usb 1-1: config 0 descriptor??
[  573.273442][ T5137] ums-sddr55 1-1:0.0: USB Mass Storage device detected
[  573.301069][ T5137] ums-sddr55 1-1:0.0: Quirks match for vid 07c4 pid a103: 8
[  573.495447][T12446] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  573.736679][T12482] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  573.746399][T12482] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  573.801208][T12461] bond_slave_0: left promiscuous mode
[  573.806821][T12461] bond_slave_1: left promiscuous mode
[  573.971223][T12485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1955'.
[  574.018963][T12485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1955'.
[  574.277740][T12489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.356388][T12489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  575.242121][T10031] usb 2-1: USB disconnect, device number 35
[  575.465326][T12500] FAULT_INJECTION: forcing a failure.
[  575.465326][T12500] name failslab, interval 1, probability 0, space 0, times 0
[  575.504794][T12500] CPU: 1 PID: 12500 Comm: syz.4.1959 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  575.514799][T12500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  575.524863][T12500] Call Trace:
[  575.528132][T12500]  <TASK>
[  575.531054][T12500]  dump_stack_lvl+0x241/0x360
[  575.535724][T12500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  575.540916][T12500]  ? __pfx__printk+0x10/0x10
[  575.545512][T12500]  ? __pfx___might_resched+0x10/0x10
[  575.550788][T12500]  should_fail_ex+0x3b0/0x4e0
[  575.555455][T12500]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  575.561181][T12500]  should_failslab+0x9/0x20
[  575.565698][T12500]  __kmalloc_noprof+0xd8/0x400
[  575.570473][T12500]  ? kfree+0x4e/0x360
[  575.574473][T12500]  tomoyo_realpath_from_path+0xcf/0x5e0
[  575.580031][T12500]  tomoyo_path_number_perm+0x23a/0x880
[  575.585505][T12500]  ? tomoyo_path_number_perm+0x208/0x880
[  575.591160][T12500]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  575.597251][T12500]  ? __fget_files+0x29/0x470
[  575.601861][T12500]  ? __fget_files+0x3f6/0x470
[  575.606636][T12500]  ? __fget_files+0x29/0x470
[  575.611229][T12500]  security_file_ioctl+0x75/0xb0
[  575.616175][T12500]  __se_sys_ioctl+0x47/0x170
[  575.620959][T12500]  do_syscall_64+0xf3/0x230
[  575.625655][T12500]  ? clear_bhb_loop+0x35/0x90
[  575.630346][T12500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  575.636239][T12500] RIP: 0033:0x7f1ad2175b59
[  575.640833][T12500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.660566][T12500] RSP: 002b:00007f1ad2ef4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  575.668976][T12500] RAX: ffffffffffffffda RBX: 00007f1ad2305f60 RCX: 00007f1ad2175b59
[  575.677036][T12500] RDX: 0000000020000200 RSI: 000000004008ae93 RDI: 0000000000000005
[  575.685003][T12500] RBP: 00007f1ad2ef40a0 R08: 0000000000000000 R09: 0000000000000000
[  575.693064][T12500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  575.701307][T12500] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  575.709303][T12500]  </TASK>
[  575.715270][T12500] ERROR: Out of memory at tomoyo_realpath_from_path.
[  575.816834][ T5214] usb 1-1: USB disconnect, device number 33
[  575.886126][T12507] overlayfs: missing 'lowerdir'
[  576.047439][T10031] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  576.091914][T12515] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1965'.
[  576.141878][T12515] Bluetooth: hci3: invalid length 0, exp 2 for type 8
[  576.160387][T12517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.193393][T12517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.234064][T12521] FAULT_INJECTION: forcing a failure.
[  576.234064][T12521] name failslab, interval 1, probability 0, space 0, times 0
[  576.247172][T12521] CPU: 0 PID: 12521 Comm: syz.4.1969 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  576.256997][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  576.267166][T12521] Call Trace:
[  576.271065][T12521]  <TASK>
[  576.274195][T12521]  dump_stack_lvl+0x241/0x360
[  576.278887][T12521]  ? __pfx_dump_stack_lvl+0x10/0x10
[  576.284089][T12521]  ? __pfx__printk+0x10/0x10
[  576.288949][T12521]  ? __pfx___might_resched+0x10/0x10
[  576.294554][T12521]  should_fail_ex+0x3b0/0x4e0
[  576.299287][T12521]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  576.305016][T12521]  should_failslab+0x9/0x20
[  576.309522][T12521]  __kmalloc_noprof+0xd8/0x400
[  576.314347][T12521]  ? kfree+0x4e/0x360
[  576.318320][T12521]  tomoyo_realpath_from_path+0xcf/0x5e0
[  576.323867][T12521]  tomoyo_path_number_perm+0x23a/0x880
[  576.329328][T12521]  ? tomoyo_path_number_perm+0x208/0x880
[  576.334952][T12521]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  576.340948][T12521]  ? __fget_files+0x29/0x470
[  576.345536][T12521]  ? __fget_files+0x3f6/0x470
[  576.350218][T12521]  ? __fget_files+0x29/0x470
[  576.354807][T12521]  security_file_ioctl+0x75/0xb0
[  576.359741][T12521]  __se_sys_ioctl+0x47/0x170
[  576.364329][T12521]  do_syscall_64+0xf3/0x230
[  576.368830][T12521]  ? clear_bhb_loop+0x35/0x90
[  576.373498][T12521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.379394][T12521] RIP: 0033:0x7f1ad2175b59
[  576.383803][T12521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  576.403403][T12521] RSP: 002b:00007f1ad2ef4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  576.411813][T12521] RAX: ffffffffffffffda RBX: 00007f1ad2305f60 RCX: 00007f1ad2175b59
[  576.419869][T12521] RDX: 00000000200002c0 RSI: 00000000c02064b9 RDI: 0000000000000003
[  576.428009][T12521] RBP: 00007f1ad2ef40a0 R08: 0000000000000000 R09: 0000000000000000
[  576.435980][T12521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  576.443956][T12521] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  576.452026][T12521]  </TASK>
[  576.456115][T11979] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  576.464988][T12521] ERROR: Out of memory at tomoyo_realpath_from_path.
[  576.475336][T10031] usb 2-1: Using ep0 maxpacket: 16
[  576.492435][T10031] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  576.531784][T10031] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.562777][T10031] usb 2-1: Product: syz
[  576.575900][T10031] usb 2-1: Manufacturer: syz
[  576.588154][T10031] usb 2-1: SerialNumber: syz
[  576.596476][T10031] r8152-cfgselector 2-1: Unknown version 0x0000
[  576.611640][T10031] r8152-cfgselector 2-1: config 0 descriptor??
[  576.649413][T11979] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping
[  576.660072][T11979] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  576.671404][T11979] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  576.685653][T11979] usb 1-1: New USB device found, idVendor=0403, idProduct=ff00, bcdDevice=5c.04
[  576.698354][T11979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.716549][T11979] usb 1-1: config 0 descriptor??
[  576.731865][T11979] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  576.743831][T11979] ftdi_sio ttyUSB0: unknown device type: 0x5c04
[  576.839281][T12502] netlink: 'syz.1.1960': attribute type 25 has an invalid length.
[  576.847435][T12502] netlink: 'syz.1.1960': attribute type 7 has an invalid length.
[  576.873823][T10031] r8152-cfgselector 2-1: Unknown version 0x0000
[  576.887217][T10031] r8152-cfgselector 2-1: bad CDC descriptors
[  576.887706][ T5141] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  576.949624][T10031] r8152-cfgselector 2-1: USB disconnect, device number 36
[  576.958354][ T5191] usb 1-1: USB disconnect, device number 34
[  576.965586][ T5191] ftdi_sio 1-1:0.0: device disconnected
[  577.100626][ T5141] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  577.125308][ T5141] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  577.160672][ T5141] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  577.184379][ T5141] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.497278][T12536] overlayfs: missing 'workdir'
[  577.574621][T12538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.606497][T12538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  577.651577][T12527] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  577.826519][T12546] overlayfs: missing 'lowerdir'
[  577.917644][T10031] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  578.117721][T10031] usb 4-1: Using ep0 maxpacket: 32
[  578.154624][T10031] usb 4-1: New USB device found, idVendor=07c4, idProduct=a103, bcdDevice=21.23
[  578.164017][T10031] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.173644][T10031] usb 4-1: Product: syz
[  578.190217][T10031] usb 4-1: Manufacturer: syz
[  578.195599][T10031] usb 4-1: SerialNumber: syz
[  578.223466][T10031] usb 4-1: config 0 descriptor??
[  578.236957][T10031] ums-sddr55 4-1:0.0: USB Mass Storage device detected
[  578.262694][T10031] ums-sddr55 4-1:0.0: Quirks match for vid 07c4 pid a103: 8
[  578.417646][T12554] netlink: 276 bytes leftover after parsing attributes in process `syz.2.1979'.
[  579.902513][ T5141] usb 5-1: USB disconnect, device number 38
[  579.954647][T12564] bond_slave_0: entered promiscuous mode
[  579.960478][T12564] bond_slave_1: entered promiscuous mode
[  579.991962][T12562] bond_slave_0: left promiscuous mode
[  579.997541][T12562] bond_slave_1: left promiscuous mode
[  580.478160][ T5141] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  580.519136][T12581] overlayfs: missing 'workdir'
[  580.677575][ T5141] usb 5-1: Using ep0 maxpacket: 16
[  580.687496][T10031] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  580.700278][ T5141] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  580.715222][ T5141] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.723876][ T5141] usb 5-1: Product: syz
[  580.728422][ T5141] usb 5-1: Manufacturer: syz
[  580.733249][ T5141] usb 5-1: SerialNumber: syz
[  580.747500][ T5141] r8152-cfgselector 5-1: Unknown version 0x0000
[  580.756099][ T5141] r8152-cfgselector 5-1: config 0 descriptor??
[  580.869814][T10031] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping
[  580.880337][T10031] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  580.891844][T10031] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  580.906300][T10031] usb 1-1: New USB device found, idVendor=0403, idProduct=ff00, bcdDevice=5c.04
[  580.918894][T10031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.950102][T10031] usb 1-1: config 0 descriptor??
[  580.963177][T10031] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  580.973375][T10031] ftdi_sio ttyUSB0: unknown device type: 0x5c04
[  580.977693][T12576] netlink: 'syz.4.1984': attribute type 25 has an invalid length.
[  580.997435][T12576] netlink: 'syz.4.1984': attribute type 7 has an invalid length.
[  581.013822][ T5141] r8152-cfgselector 5-1: Unknown version 0x0000
[  581.029737][ T5141] r8152-cfgselector 5-1: bad CDC descriptors
[  581.044926][ T5141] r8152-cfgselector 5-1: USB disconnect, device number 39
[  581.218533][ T5191] usb 1-1: USB disconnect, device number 35
[  581.236606][ T5191] ftdi_sio 1-1:0.0: device disconnected
[  581.546275][T12589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.595179][ T5138] usb 4-1: USB disconnect, device number 43
[  581.618313][T12589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.891961][T12601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.910772][T12601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.998484][ T5094] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  582.147427][ T5191] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  582.213570][T12609] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  582.223011][T12609] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  582.352169][ T5191] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  582.386413][ T5191] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  582.402850][ T5191] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  582.412136][ T5191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.863603][T12598] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  582.899178][ T5191] usb 4-1: USB disconnect, device number 44
[  583.818430][ T5141] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  584.017767][ T5094] Bluetooth: hci0: command tx timeout
[  584.027587][ T5141] usb 4-1: Using ep0 maxpacket: 16
[  584.118733][ T5141] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  584.127994][   T46] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  584.135868][ T5141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.144042][ T5141] usb 4-1: Product: syz
[  584.148350][ T5141] usb 4-1: Manufacturer: syz
[  584.157634][ T5141] usb 4-1: SerialNumber: syz
[  584.184574][ T5141] r8152-cfgselector 4-1: Unknown version 0x0000
[  584.190976][ T5141] r8152-cfgselector 4-1: config 0 descriptor??
[  584.244973][T12642] FAULT_INJECTION: forcing a failure.
[  584.244973][T12642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.258797][T12642] CPU: 0 PID: 12642 Comm: syz.0.2005 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  584.268678][T12642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  584.278943][T12642] Call Trace:
[  584.282238][T12642]  <TASK>
[  584.285167][T12642]  dump_stack_lvl+0x241/0x360
[  584.289849][T12642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.295136][T12642]  ? __pfx__printk+0x10/0x10
[  584.299773][T12642]  ? __pfx_lock_release+0x10/0x10
[  584.304833][T12642]  should_fail_ex+0x3b0/0x4e0
[  584.309542][T12642]  _copy_from_user+0x2f/0xe0
[  584.314178][T12642]  do_tcp_setsockopt+0x29e/0x2540
[  584.319317][T12642]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  584.324826][T12642]  ? __pfx_lock_acquire+0x10/0x10
[  584.329863][T12642]  ? __fget_files+0x29/0x470
[  584.334459][T12642]  ? __mutex_unlock_slowpath+0x21d/0x750
[  584.340108][T12642]  ? tcp_setsockopt+0x3e/0xf0
[  584.344854][T12642]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  584.350856][T12642]  do_sock_setsockopt+0x3af/0x720
[  584.355999][T12642]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  584.359469][   T46] usb 5-1: config 0 has an invalid interface descriptor of length 2, skipping
[  584.361531][T12642]  ? __fget_files+0x29/0x470
[  584.361566][T12642]  ? __fget_files+0x3f6/0x470
[  584.361599][T12642]  __sys_setsockopt+0x1ae/0x250
[  584.370850][   T46] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  584.375008][T12642]  __x64_sys_setsockopt+0xb5/0xd0
[  584.375044][T12642]  do_syscall_64+0xf3/0x230
[  584.375065][T12642]  ? clear_bhb_loop+0x35/0x90
[  584.380059][   T46] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  584.384650][T12642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.384679][T12642] RIP: 0033:0x7f274e975b59
[  584.384703][T12642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.395664][   T46] usb 5-1: New USB device found, idVendor=0403, idProduct=ff00, bcdDevice=5c.04
[  584.400435][T12642] RSP: 002b:00007f274f6c8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  584.400461][T12642] RAX: ffffffffffffffda RBX: 00007f274eb05f60 RCX: 00007f274e975b59
[  584.400474][T12642] RDX: 000000000000000c RSI: 0000000000000006 RDI: 0000000000000003
[  584.400485][T12642] RBP: 00007f274f6c80a0 R08: 0000000000000004 R09: 0000000000000000
[  584.400496][T12642] R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000001
[  584.400508][T12642] R13: 000000000000000b R14: 00007f274eb05f60 R15: 00007fffaee1d898
[  584.400534][T12642]  </TASK>
[  584.412099][T12630] netlink: 'syz.3.2000': attribute type 25 has an invalid length.
[  584.507150][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.606309][T12630] netlink: 'syz.3.2000': attribute type 7 has an invalid length.
[  584.640933][   T46] usb 5-1: config 0 descriptor??
[  584.648738][   T46] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  584.658025][ T5141] r8152-cfgselector 4-1: Unknown version 0x0000
[  584.661482][T12648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  584.664505][ T5141] r8152-cfgselector 4-1: bad CDC descriptors
[  584.684681][   T46] ftdi_sio ttyUSB0: unknown device type: 0x5c04
[  584.696079][ T5141] r8152-cfgselector 4-1: USB disconnect, device number 45
[  584.728494][T12648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  584.740409][T12650] FAULT_INJECTION: forcing a failure.
[  584.740409][T12650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.754954][T12650] CPU: 0 PID: 12650 Comm: syz.0.2009 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  584.764789][T12650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  584.774939][T12650] Call Trace:
[  584.778228][T12650]  <TASK>
[  584.781173][T12650]  dump_stack_lvl+0x241/0x360
[  584.785886][T12650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.791102][T12650]  ? __pfx__printk+0x10/0x10
[  584.795720][T12650]  ? validate_chain+0x11e/0x5900
[  584.800673][T12650]  ? __pfx_lock_release+0x10/0x10
[  584.805732][T12650]  should_fail_ex+0x3b0/0x4e0
[  584.810425][T12650]  _copy_from_user+0x2f/0xe0
[  584.815032][T12650]  do_sys_poll+0x23a/0x1300
[  584.819546][T12650]  ? __lock_acquire+0x137a/0x2040
[  584.824588][T12650]  ? _parse_integer_limit+0x1b5/0x200
[  584.829963][T12650]  ? mark_lock+0x9a/0x350
[  584.834305][T12650]  ? __pfx_do_sys_poll+0x10/0x10
[  584.839253][T12650]  ? __lock_acquire+0x137a/0x2040
[  584.844316][T12650]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  584.850304][T12650]  ? ksys_write+0x23e/0x2c0
[  584.854915][T12650]  ? __pfx_lock_release+0x10/0x10
[  584.859990][T12650]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  584.866009][T12650]  ? __pfx_set_user_sigmask+0x10/0x10
[  584.871401][T12650]  ? __fget_files+0x3f6/0x470
[  584.876267][T12650]  __se_sys_ppoll+0x2a0/0x330
[  584.880947][T12650]  ? __pfx___se_sys_ppoll+0x10/0x10
[  584.886235][T12650]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  584.892574][T12650]  ? do_syscall_64+0x100/0x230
[  584.897341][T12650]  ? __x64_sys_ppoll+0x20/0xc0
[  584.902118][T12650]  do_syscall_64+0xf3/0x230
[  584.906615][T12650]  ? clear_bhb_loop+0x35/0x90
[  584.911290][T12650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.917177][T12650] RIP: 0033:0x7f274e975b59
[  584.921615][T12650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.941222][T12650] RSP: 002b:00007f274f6c8048 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  584.949640][T12650] RAX: ffffffffffffffda RBX: 00007f274eb05f60 RCX: 00007f274e975b59
[  584.957610][T12650] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020000100
[  584.965579][T12650] RBP: 00007f274f6c80a0 R08: 0000000000000000 R09: 0000000000000000
[  584.973561][T12650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.981719][T12650] R13: 000000000000000b R14: 00007f274eb05f60 R15: 00007fffaee1d898
[  584.989708][T12650]  </TASK>
[  585.038926][ T5138] usb 5-1: USB disconnect, device number 40
[  585.045528][ T5138] ftdi_sio 5-1:0.0: device disconnected
[  585.417451][T10031] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  585.629390][T10031] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  585.644077][T10031] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  585.674463][T10031] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  585.696719][T10031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.708432][T12660] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2013'.
[  585.743380][T12660] Bluetooth: hci3: invalid length 0, exp 2 for type 8
[  585.877459][ T5137] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  586.149107][ T5137] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  586.316745][ T5137] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  586.403803][ T5137] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  586.509791][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.614522][T12654] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  586.630436][T10031] usb 1-1: USB disconnect, device number 36
[  586.683626][T12672] tunl0: entered promiscuous mode
[  586.703681][T12672] netlink: 'syz.2.2017': attribute type 1 has an invalid length.
[  586.716833][T12672] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2017'.
[  586.958907][T12656] x_tables: ip6_tables: NFQUEUE.2 target: invalid size 8 (kernel) != (user) 0
[  587.192620][ T5137] usb 4-1: USB disconnect, device number 46
[  588.136501][T12687] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  588.148425][T12687] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  588.497596][ T5137] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  588.567434][   T46] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  588.787617][ T5137] usb 2-1: Using ep0 maxpacket: 16
[  588.814477][ T5137] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  588.897766][   T46] usb 1-1: Using ep0 maxpacket: 16
[  588.923566][   T46] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  588.933287][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.956419][   T46] usb 1-1: Product: syz
[  589.105232][   T46] usb 1-1: Manufacturer: syz
[  589.115857][   T46] usb 1-1: SerialNumber: syz
[  589.528095][   T46] r8152-cfgselector 1-1: Unknown version 0x0000
[  589.534410][   T46] r8152-cfgselector 1-1: config 0 descriptor??
[  589.547659][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.555732][ T5137] usb 2-1: Product: syz
[  589.586694][ T5137] usb 2-1: Manufacturer: syz
[  589.596555][ T5137] usb 2-1: SerialNumber: syz
[  589.628121][ T5137] r8152-cfgselector 2-1: Unknown version 0x0000
[  589.634426][ T5137] r8152-cfgselector 2-1: config 0 descriptor??
[  589.661521][T12700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2026'.
[  589.763833][T12692] netlink: 'syz.0.2022': attribute type 25 has an invalid length.
[  590.018714][T12692] netlink: 'syz.0.2022': attribute type 7 has an invalid length.
[  590.105767][T12707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.159619][T12707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.430403][T12689] netlink: 'syz.1.2021': attribute type 25 has an invalid length.
[  590.515456][T12689] netlink: 'syz.1.2021': attribute type 7 has an invalid length.
[  590.716846][ T5137] r8152-cfgselector 2-1: Unknown version 0x0000
[  590.758047][   T46] r8152-cfgselector 1-1: Unknown version 0x0000
[  590.767069][   T46] r8152-cfgselector 1-1: bad CDC descriptors
[  590.798677][   T46] r8152-cfgselector 1-1: USB disconnect, device number 37
[  590.864733][ T5137] r8152-cfgselector 2-1: bad CDC descriptors
[  590.956466][ T5137] r8152-cfgselector 2-1: USB disconnect, device number 37
[  591.618256][T12718] FAULT_INJECTION: forcing a failure.
[  591.618256][T12718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.643955][T12718] CPU: 0 PID: 12718 Comm: syz.1.2030 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  591.653825][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  591.663994][T12718] Call Trace:
[  591.667375][T12718]  <TASK>
[  591.670323][T12718]  dump_stack_lvl+0x241/0x360
[  591.675025][T12718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  591.680338][T12718]  ? __pfx__printk+0x10/0x10
[  591.684969][T12718]  ? __pfx_lock_release+0x10/0x10
[  591.690008][T12718]  should_fail_ex+0x3b0/0x4e0
[  591.694710][T12718]  _copy_from_user+0x2f/0xe0
[  591.699334][T12718]  sctp_getsockopt_local_addrs+0x128/0xec0
[  591.705236][T12718]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  591.711599][T12718]  ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10
[  591.717963][T12718]  ? __local_bh_enable_ip+0x168/0x200
[  591.723368][T12718]  ? lockdep_hardirqs_on+0x99/0x150
[  591.728604][T12718]  ? __local_bh_enable_ip+0x168/0x200
[  591.734011][T12718]  ? sctp_getsockopt+0x13a/0xbb0
[  591.738992][T12718]  sctp_getsockopt+0x6ad/0xbb0
[  591.743875][T12718]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  591.749882][T12718]  do_sock_getsockopt+0x373/0x850
[  591.754943][T12718]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  591.760528][T12718]  ? __fget_files+0x3f6/0x470
[  591.765253][T12718]  __sys_getsockopt+0x271/0x330
[  591.770153][T12718]  ? __pfx___sys_getsockopt+0x10/0x10
[  591.775555][T12718]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  591.781948][T12718]  ? do_syscall_64+0x100/0x230
[  591.786746][T12718]  __x64_sys_getsockopt+0xb5/0xd0
[  591.791781][T12718]  do_syscall_64+0xf3/0x230
[  591.796289][T12718]  ? clear_bhb_loop+0x35/0x90
[  591.800975][T12718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.806969][T12718] RIP: 0033:0x7f2277b75b59
[  591.811396][T12718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  591.831126][T12718] RSP: 002b:00007f2278970048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  591.839562][T12718] RAX: ffffffffffffffda RBX: 00007f2277d06038 RCX: 00007f2277b75b59
[  591.847557][T12718] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003
[  591.855636][T12718] RBP: 00007f22789700a0 R08: 0000000020000300 R09: 0000000000000000
[  591.863720][T12718] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001
[  591.871712][T12718] R13: 000000000000006e R14: 00007f2277d06038 R15: 00007fff0b17da78
[  591.879809][T12718]  </TASK>
[  591.886493][ T5137] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  591.923648][T12731] bond_slave_0: entered promiscuous mode
[  591.929687][T12731] bond_slave_1: entered promiscuous mode
[  591.943410][T12719] bond_slave_0: left promiscuous mode
[  591.949180][T12719] bond_slave_1: left promiscuous mode
[  592.078988][ T5137] usb 4-1: Using ep0 maxpacket: 8
[  592.090328][ T5137] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  592.101131][ T5137] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.124772][ T5137] usb 4-1: Product: syz
[  592.130891][ T5137] usb 4-1: Manufacturer: syz
[  592.135657][ T5137] usb 4-1: SerialNumber: syz
[  592.152303][ T5137] usb 4-1: config 0 descriptor??
[  592.881063][ T5137] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  593.130128][T12747] bond_slave_0: entered promiscuous mode
[  593.135888][T12747] bond_slave_1: entered promiscuous mode
[  593.155611][T12740] bond_slave_0: left promiscuous mode
[  593.161152][T12740] bond_slave_1: left promiscuous mode
[  593.295950][T12756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  593.354964][T12756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  593.783256][T12714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.806077][T12714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.823945][ T5137] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  593.836445][ T5137] usb 4-1: USB disconnect, device number 47
[  593.847661][ T5191] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  594.028705][ T5191] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  594.037060][ T5191] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  594.047462][ T5191] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  594.061639][ T5191] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  594.070832][ T5191] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  594.078918][ T5191] usb 3-1: Manufacturer: syz
[  594.083639][ T5141] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  594.093410][ T5191] usb 3-1: config 0 descriptor??
[  594.106558][ T5191] igorplugusb 3-1:0.0: incorrect number of endpoints
[  594.277402][ T5141] usb 2-1: Using ep0 maxpacket: 16
[  594.287205][ T5141] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  594.296474][ T5141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.304595][ T5141] usb 2-1: Product: syz
[  594.308843][ T5141] usb 2-1: Manufacturer: syz
[  594.313456][ T5141] usb 2-1: SerialNumber: syz
[  594.379493][    C1] eth0: bad gso: type: 1, size: 1408
[  594.412293][ T5141] r8152-cfgselector 2-1: Unknown version 0x0000
[  594.425007][ T5141] r8152-cfgselector 2-1: config 0 descriptor??
[  594.460388][ T5137] usb 3-1: USB disconnect, device number 40
[  594.665105][T12758] netlink: 'syz.1.2041': attribute type 25 has an invalid length.
[  594.673315][T12758] netlink: 'syz.1.2041': attribute type 7 has an invalid length.
[  594.684542][ T5141] r8152-cfgselector 2-1: Unknown version 0x0000
[  594.693397][ T5141] r8152-cfgselector 2-1: bad CDC descriptors
[  594.703437][ T5141] r8152-cfgselector 2-1: USB disconnect, device number 38
[  594.787464][ T5191] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  594.866900][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2044'.
[  594.967503][ T5191] usb 1-1: Using ep0 maxpacket: 16
[  594.979933][ T5191] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  594.989396][ T5191] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.999662][ T5191] usb 1-1: Product: syz
[  595.005798][ T5191] usb 1-1: Manufacturer: syz
[  595.011686][ T5191] usb 1-1: SerialNumber: syz
[  595.027479][ T5191] r8152-cfgselector 1-1: Unknown version 0x0000
[  595.037447][ T5191] r8152-cfgselector 1-1: config 0 descriptor??
[  595.049926][T12775] bond_slave_0: entered promiscuous mode
[  595.055694][T12775] bond_slave_1: entered promiscuous mode
[  595.080549][T12777] FAULT_INJECTION: forcing a failure.
[  595.080549][T12777] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  595.095060][T12777] CPU: 1 PID: 12777 Comm: syz.2.2046 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  595.104907][T12777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  595.114986][T12777] Call Trace:
[  595.118374][T12777]  <TASK>
[  595.121437][T12777]  dump_stack_lvl+0x241/0x360
[  595.126132][T12777]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.131538][T12777]  ? __pfx__printk+0x10/0x10
[  595.136131][T12777]  ? __pfx_lock_release+0x10/0x10
[  595.141164][T12777]  should_fail_ex+0x3b0/0x4e0
[  595.145933][T12777]  _copy_from_user+0x2f/0xe0
[  595.150553][T12777]  snd_pcm_oss_write+0xa39/0x11f0
[  595.155585][T12777]  ? __lock_acquire+0x137a/0x2040
[  595.160619][T12777]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  595.166077][T12777]  ? bpf_lsm_file_permission+0x9/0x10
[  595.171446][T12777]  ? security_file_permission+0x7f/0xa0
[  595.176992][T12777]  ? rw_verify_area+0x1d2/0x6b0
[  595.181925][T12777]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  595.187393][T12777]  vfs_write+0x2a2/0xc90
[  595.191731][T12777]  ? __pfx_vfs_write+0x10/0x10
[  595.196673][T12777]  ? __fget_files+0x29/0x470
[  595.201355][T12777]  ? __fget_files+0x3f6/0x470
[  595.206128][T12777]  ? __fget_files+0x29/0x470
[  595.211157][T12777]  ksys_write+0x1a0/0x2c0
[  595.215940][T12777]  ? irqentry_exit+0x63/0x90
[  595.220523][T12777]  ? lockdep_hardirqs_on+0x99/0x150
[  595.225809][T12777]  ? __pfx_ksys_write+0x10/0x10
[  595.230706][T12777]  do_syscall_64+0xf3/0x230
[  595.235212][T12777]  ? clear_bhb_loop+0x35/0x90
[  595.239971][T12777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.245866][T12777] RIP: 0033:0x7f04a0375b59
[  595.250275][T12777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.270155][T12777] RSP: 002b:00007f04a11ef048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  595.278566][T12777] RAX: ffffffffffffffda RBX: 00007f04a0505f60 RCX: 00007f04a0375b59
[  595.286526][T12777] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000003
[  595.294587][T12777] RBP: 00007f04a11ef0a0 R08: 0000000000000000 R09: 0000000000000000
[  595.302557][T12777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.310547][T12777] R13: 000000000000000b R14: 00007f04a0505f60 R15: 00007ffe9d0b0b48
[  595.318535][T12777]  </TASK>
[  595.360147][T12764] netlink: 'syz.0.2043': attribute type 25 has an invalid length.
[  595.368252][T12764] netlink: 'syz.0.2043': attribute type 7 has an invalid length.
[  595.395035][ T5191] r8152-cfgselector 1-1: Unknown version 0x0000
[  595.422787][ T5191] r8152-cfgselector 1-1: bad CDC descriptors
[  595.442390][ T5191] r8152-cfgselector 1-1: USB disconnect, device number 38
[  595.507586][ T5214] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  595.709944][ T5103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  595.717721][ T5214] usb 5-1: Using ep0 maxpacket: 8
[  595.731772][ T5103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  595.747108][ T5214] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  595.754244][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  595.755957][ T5214] usb 5-1: config 179 has no interface number 0
[  595.767062][ T5103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  595.777773][ T5103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  595.781362][ T5214] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  595.786318][ T5103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  595.796237][ T5214] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  595.833616][T12769] bond_slave_0: left promiscuous mode
[  595.839360][T12769] bond_slave_1: left promiscuous mode
[  595.847118][ T5214] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  595.908372][ T5214] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  595.941664][ T5214] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  595.975276][ T5214] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  595.990685][ T5214] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.054754][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.078395][T12779] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  596.230099][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.281399][T12802] bond_slave_0: entered promiscuous mode
[  596.287434][T12802] bond_slave_1: entered promiscuous mode
[  596.543081][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.580053][T12786] chnl_net:caif_netlink_parms(): no params data found
[  596.694441][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.773771][ T5214] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input55
[  596.924945][T12792] bond_slave_0: left promiscuous mode
[  596.930636][T12792] bond_slave_1: left promiscuous mode
[  597.046095][T12786] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.074950][T12786] bridge0: port 1(bridge_slave_0) entered disabled state
[  597.119893][T12786] bridge_slave_0: entered allmulticast mode
[  597.138551][T12786] bridge_slave_0: entered promiscuous mode
[  597.152596][T12786] bridge0: port 2(bridge_slave_1) entered blocking state
[  597.160624][T12786] bridge0: port 2(bridge_slave_1) entered disabled state
[  597.168279][T12786] bridge_slave_1: entered allmulticast mode
[  597.177216][T12786] bridge_slave_1: entered promiscuous mode
[  597.283497][T12779] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2047'.
[  597.297050][T12779] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  597.326008][T12820] Driver unsupported XDP return value 0 on prog  (id 270) dev N/A, expect packet loss!
[  597.342022][T12786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  597.354253][   T25] usb 5-1: USB disconnect, device number 41
[  597.354434][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  597.368463][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  597.399936][T12786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  597.411333][   T52] bridge_slave_1: left allmulticast mode
[  597.417017][   T52] bridge_slave_1: left promiscuous mode
[  597.432048][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  597.439456][ T5191] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  597.454193][   T52] bridge_slave_0: left allmulticast mode
[  597.460341][   T52] bridge_slave_0: left promiscuous mode
[  597.466225][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  597.631527][ T5191] usb 4-1: Using ep0 maxpacket: 8
[  597.656370][ T5191] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  597.667482][ T5191] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.675617][ T5191] usb 4-1: Product: syz
[  597.680622][ T5191] usb 4-1: Manufacturer: syz
[  597.685424][ T5191] usb 4-1: SerialNumber: syz
[  597.699582][ T5191] usb 4-1: config 0 descriptor??
[  597.707459][T10031] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  597.858786][ T5103] Bluetooth: hci1: command tx timeout
[  597.913234][T10031] usb 1-1: Using ep0 maxpacket: 8
[  597.926939][ T5191] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  597.934189][T10031] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  597.957466][T10031] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  597.966619][T10031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  597.975096][T10031] usb 1-1: SerialNumber: syz
[  597.987044][T10031] usb 1-1: config 0 descriptor??
[  598.161967][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  598.176392][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  598.228457][T10031] usb 1-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  598.238443][   T52] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  598.247057][T10031] usb 1-1: No valid video chain found.
[  598.257075][T10031] usb 1-1: USB disconnect, device number 39
[  598.270285][   T52] bond0 (unregistering): Released all slaves
[  598.376765][   T52] tipc: Disabling bearer <udp:syz1>
[  598.393270][   T52] tipc: Left network mode
[  598.406259][T12786] team0: Port device team_slave_0 added
[  598.432195][T12786] team0: Port device team_slave_1 added
[  598.552375][T12818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.573629][T12818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.630205][ T5191] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  598.652488][T12786] batman_adv: batadv0: Adding interface: batadv_slave_0
[  598.663233][ T5191] usb 4-1: USB disconnect, device number 48
[  598.669541][T12786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.700428][T12786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  598.719778][T12786] batman_adv: batadv0: Adding interface: batadv_slave_1
[  598.726995][T12786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.757066][T12786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  598.847525][T10031] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  598.918628][   T52] hsr_slave_0: left promiscuous mode
[  598.938751][   T52] hsr_slave_1: left promiscuous mode
[  598.955246][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  598.967472][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  598.990459][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  598.998297][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  599.031210][   T52] veth0_macvtap: left promiscuous mode
[  599.042954][   T52] veth1_vlan: left promiscuous mode
[  599.048989][   T52] veth0_vlan: left promiscuous mode
[  599.055783][T10031] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  599.068802][T10031] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  599.097648][T10031] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  599.106845][T10031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.139420][T10031] usb 1-1: config 0 descriptor??
[  599.664555][T12840] syz.4.2061: attempt to access beyond end of device
[  599.664555][T12840] loop4: rw=0, sector=2, nr_sectors = 2 limit=0
[  599.703135][T12840] syz.4.2061: attempt to access beyond end of device
[  599.703135][T12840] loop4: rw=0, sector=0, nr_sectors = 2 limit=0
[  599.761730][T12840] syz.4.2061: attempt to access beyond end of device
[  599.761730][T12840] loop4: rw=0, sector=0, nr_sectors = 2 limit=0
[  599.775544][T12840] syz.4.2061: attempt to access beyond end of device
[  599.775544][T12840] loop4: rw=0, sector=18, nr_sectors = 2 limit=0
[  599.826873][T12840] syz.4.2061: attempt to access beyond end of device
[  599.826873][T12840] loop4: rw=0, sector=30, nr_sectors = 2 limit=0
[  599.849936][T12840] syz.4.2061: attempt to access beyond end of device
[  599.849936][T12840] loop4: rw=0, sector=36, nr_sectors = 2 limit=0
[  599.876103][T12840] VFS: unable to find oldfs superblock on device loop4
[  599.947633][ T5103] Bluetooth: hci1: command tx timeout
[  600.496274][T12857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.509101][T12857] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.761370][   T52] team0 (unregistering): Port device team_slave_1 removed
[  601.108084][   T52] team0 (unregistering): Port device team_slave_0 removed
[  601.949984][T12786] hsr_slave_0: entered promiscuous mode
[  601.956634][T12786] hsr_slave_1: entered promiscuous mode
[  601.964792][T12786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  601.972472][T12786] Cannot create hsr debugfs directory
[  602.017533][ T5103] Bluetooth: hci1: command tx timeout
[  602.018734][T12822] bridge_slave_1: left allmulticast mode
[  602.041706][T12822] bridge_slave_1: left promiscuous mode
[  602.049403][T12822] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.061885][T12822] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  602.078757][T12856] bond_slave_0: entered promiscuous mode
[  602.084492][T12856] bond_slave_1: entered promiscuous mode
[  602.097755][T12856] bond_slave_0: left promiscuous mode
[  602.103371][T12856] bond_slave_1: left promiscuous mode
[  602.137518][T10031] usbhid 1-1:0.0: can't add hid device: -71
[  602.167654][T10031] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  602.191304][T10031] usb 1-1: USB disconnect, device number 40
[  602.376265][T12875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  602.470257][T12875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  602.525934][T12876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2069'.
[  602.794969][T12881] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns
[  602.843183][T12881] kvm: pic: non byte write
[  602.961589][T12890] FAULT_INJECTION: forcing a failure.
[  602.961589][T12890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  603.019643][T12890] CPU: 1 PID: 12890 Comm: syz.3.2073 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  603.029487][T12890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  603.039648][T12890] Call Trace:
[  603.042937][T12890]  <TASK>
[  603.045933][T12890]  dump_stack_lvl+0x241/0x360
[  603.050618][T12890]  ? __pfx_dump_stack_lvl+0x10/0x10
[  603.055833][T12890]  ? __pfx__printk+0x10/0x10
[  603.060418][T12890]  ? snprintf+0xda/0x120
[  603.064647][T12890]  should_fail_ex+0x3b0/0x4e0
[  603.069314][T12890]  _copy_to_user+0x2f/0xb0
[  603.073720][T12890]  simple_read_from_buffer+0xca/0x150
[  603.079349][T12890]  proc_fail_nth_read+0x1e9/0x250
[  603.084365][T12890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  603.089898][T12890]  ? rw_verify_area+0x520/0x6b0
[  603.094732][T12890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  603.100263][T12890]  vfs_read+0x204/0xbc0
[  603.104402][T12890]  ? __pfx_lock_release+0x10/0x10
[  603.109413][T12890]  ? __pfx_vfs_read+0x10/0x10
[  603.114098][T12890]  ? __fget_files+0x29/0x470
[  603.118678][T12890]  ? __fget_files+0x3f6/0x470
[  603.123357][T12890]  ksys_read+0x1a0/0x2c0
[  603.127618][T12890]  ? __pfx_ksys_read+0x10/0x10
[  603.132385][T12890]  ? do_syscall_64+0x100/0x230
[  603.137165][T12890]  ? do_syscall_64+0xb6/0x230
[  603.141868][T12890]  do_syscall_64+0xf3/0x230
[  603.146358][T12890]  ? clear_bhb_loop+0x35/0x90
[  603.151032][T12890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.156915][T12890] RIP: 0033:0x7fd04017463c
[  603.161316][T12890] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  603.181087][T12890] RSP: 002b:00007fd03fbff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  603.189572][T12890] RAX: ffffffffffffffda RBX: 00007fd040306038 RCX: 00007fd04017463c
[  603.197613][T12890] RDX: 000000000000000f RSI: 00007fd03fbff0b0 RDI: 0000000000000004
[  603.205565][T12890] RBP: 00007fd03fbff0a0 R08: 0000000000000000 R09: 0000000000000000
[  603.213691][T12890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  603.221732][T12890] R13: 000000000000006e R14: 00007fd040306038 R15: 00007fff67f5ac58
[  603.229786][T12890]  </TASK>
[  603.312146][T12786] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  603.549500][T12786] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  603.560022][T12786] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  603.578339][T12786] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  603.585438][ T5191] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  603.867414][ T5191] usb 2-1: Using ep0 maxpacket: 8
[  603.875034][ T5191] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.887147][ T5191] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  603.896682][ T5191] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  603.905153][ T5191] usb 2-1: SerialNumber: syz
[  603.911539][ T5191] usb 2-1: config 0 descriptor??
[  604.015957][T12902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.033455][T12902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.097717][ T5103] Bluetooth: hci1: command tx timeout
[  604.135211][ T5191] usb 2-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  604.153783][ T5191] usb 2-1: No valid video chain found.
[  604.163644][ T5191] usb 2-1: USB disconnect, device number 39
[  604.176402][T12786] 8021q: adding VLAN 0 to HW filter on device bond0
[  604.225916][T12786] 8021q: adding VLAN 0 to HW filter on device team0
[  604.287212][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state
[  604.294457][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  604.342903][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state
[  604.350172][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  604.421966][T12786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  604.515816][T12913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2081'.
[  605.017834][ T5141] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  605.187006][T12786] 8021q: adding VLAN 0 to HW filter on device batadv0
[  605.220252][ T5141] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  605.239627][ T5141] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  605.249743][ T5141] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  605.267549][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.333057][ T5141] usb 2-1: config 0 descriptor??
[  605.447857][T12786] veth0_vlan: entered promiscuous mode
[  605.495572][T12786] veth1_vlan: entered promiscuous mode
[  605.604084][T12786] veth0_macvtap: entered promiscuous mode
[  605.623372][T12786] veth1_macvtap: entered promiscuous mode
[  605.643851][ T5103] Bluetooth: hci2: Ignoring HCI_Sync_Conn_Complete event for existing connection
[  605.661101][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.671728][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.684353][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.697834][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.707777][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.718803][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.729041][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.740099][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.750198][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.761450][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.771389][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.788840][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.821351][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  605.860836][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.885787][T12786] batman_adv: batadv0: Interface activated: batadv_slave_0
[  605.920234][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.953534][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.967405][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.994976][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.020385][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  606.040540][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.056903][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  606.086149][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.100842][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  606.113409][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.124132][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  606.135541][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.156602][T12786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  606.182561][T12786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  606.209932][T12786] batman_adv: batadv0: Interface activated: batadv_slave_1
[  606.224468][T12942] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  606.252355][T12942] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  606.268641][T12786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  606.279079][T12786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  606.288399][T12786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  606.298216][T12786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  606.513926][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.532586][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.543140][T12895] bridge_slave_1: left allmulticast mode
[  606.556815][T12895] bridge_slave_1: left promiscuous mode
[  606.564159][T12895] bridge0: port 2(bridge_slave_1) entered disabled state
[  606.588822][T12895] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  606.599843][T12947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.645182][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.654450][T12947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.657644][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.849338][ T5141] usbhid 2-1:0.0: can't add hid device: -71
[  606.862457][ T5141] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  606.891106][ T5141] usb 2-1: USB disconnect, device number 40
[  606.921499][ T5103] Bluetooth: hci2: unexpected event 0x09 length: 17 > 3
[  607.697541][ T5103] Bluetooth: hci2: command 0x0406 tx timeout
[  609.217811][ T5191] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  609.249420][T12972] bond_slave_0: entered promiscuous mode
[  609.255185][T12972] bond_slave_1: entered promiscuous mode
[  609.407551][ T5191] usb 3-1: Using ep0 maxpacket: 8
[  609.423908][ T5191] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  609.457205][ T5191] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.496394][ T5191] usb 3-1: Product: syz
[  609.508675][ T5191] usb 3-1: Manufacturer: syz
[  609.526008][ T5191] usb 3-1: SerialNumber: syz
[  609.546583][ T5191] usb 3-1: config 0 descriptor??
[  609.783153][ T5191] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  609.838825][T12963] bond_slave_0: left promiscuous mode
[  609.844371][T12963] bond_slave_1: left promiscuous mode
[  610.013771][T12990] FAULT_INJECTION: forcing a failure.
[  610.013771][T12990] name failslab, interval 1, probability 0, space 0, times 0
[  610.030829][T12990] CPU: 0 PID: 12990 Comm: syz.4.2102 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  610.040685][T12990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  610.050938][T12990] Call Trace:
[  610.054233][T12990]  <TASK>
[  610.057175][T12990]  dump_stack_lvl+0x241/0x360
[  610.061884][T12990]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.067103][T12990]  ? __pfx__printk+0x10/0x10
[  610.071995][T12990]  should_fail_ex+0x3b0/0x4e0
[  610.076708][T12990]  ? dst_alloc+0x12b/0x190
[  610.081151][T12990]  should_failslab+0x9/0x20
[  610.085692][T12990]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  610.091081][T12990]  ? __pfx_ip6_dst_gc+0x10/0x10
[  610.095942][T12990]  dst_alloc+0x12b/0x190
[  610.100199][T12990]  ip6_rt_cache_alloc+0x451/0xb40
[  610.105261][T12990]  ? __pfx_ip6_rt_cache_alloc+0x10/0x10
[  610.110824][T12990]  ip6_pol_route+0x12dc/0x15d0
[  610.115589][T12990]  ? ip6_pol_route+0x198/0x15d0
[  610.120439][T12990]  ? __pfx_ip6_pol_route+0x10/0x10
[  610.125564][T12990]  fib6_rule_lookup+0x286/0x790
[  610.130435][T12990]  ? __pfx_validate_chain+0x10/0x10
[  610.135632][T12990]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  610.142222][T12990]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  610.147595][T12990]  ? mark_lock+0x9a/0x350
[  610.151931][T12990]  ? dev_get_by_index_rcu+0xef/0x110
[  610.157213][T12990]  ? ip6_route_output_flags+0x30/0x610
[  610.162679][T12990]  ? l3mdev_link_scope_lookup+0x112/0x1c0
[  610.168418][T12990]  ? ip6_route_output_flags+0x30/0x610
[  610.173875][T12990]  ip6_route_output_flags+0x38e/0x610
[  610.179260][T12990]  ip6_dst_lookup_tail+0x290/0x14f0
[  610.184472][T12990]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  610.190097][T12990]  ? __pfx_lock_release+0x10/0x10
[  610.195132][T12990]  ip6_dst_lookup_flow+0xb9/0x180
[  610.200589][T12990]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[  610.206315][T12990]  ? rawv6_sendmsg+0xfe9/0x23c0
[  610.211343][T12990]  rawv6_sendmsg+0x1283/0x23c0
[  610.216123][T12990]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  610.221237][T12990]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  610.227475][T12990]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[  610.233913][T12990]  ? inet_sendmsg+0x330/0x390
[  610.238591][T12990]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  610.243871][T12990]  ? security_socket_sendmsg+0x87/0xb0
[  610.249331][T12990]  __sock_sendmsg+0x1a6/0x270
[  610.254008][T12990]  sock_write_iter+0x2dd/0x400
[  610.258774][T12990]  ? __pfx_sock_write_iter+0x10/0x10
[  610.264154][T12990]  ? bpf_lsm_file_permission+0x9/0x10
[  610.269525][T12990]  ? security_file_permission+0x7f/0xa0
[  610.275077][T12990]  vfs_write+0xa72/0xc90
[  610.279321][T12990]  ? __pfx_sock_write_iter+0x10/0x10
[  610.284604][T12990]  ? __pfx_vfs_write+0x10/0x10
[  610.289452][T12990]  ksys_write+0x1a0/0x2c0
[  610.293787][T12990]  ? __pfx_ksys_write+0x10/0x10
[  610.298636][T12990]  ? do_syscall_64+0x100/0x230
[  610.303519][T12990]  ? do_syscall_64+0xb6/0x230
[  610.308293][T12990]  do_syscall_64+0xf3/0x230
[  610.312894][T12990]  ? clear_bhb_loop+0x35/0x90
[  610.317575][T12990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.323549][T12990] RIP: 0033:0x7f1ad2175b59
[  610.327959][T12990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.347560][T12990] RSP: 002b:00007f1ad2ef4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  610.356152][T12990] RAX: ffffffffffffffda RBX: 00007f1ad2305f60 RCX: 00007f1ad2175b59
[  610.364116][T12990] RDX: 0000000000000028 RSI: 00000000200034c0 RDI: 0000000000000003
[  610.372083][T12990] RBP: 00007f1ad2ef40a0 R08: 0000000000000000 R09: 0000000000000000
[  610.380053][T12990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  610.388137][T12990] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  610.396122][T12990]  </TASK>
[  610.717977][T13005] bond_slave_0: entered promiscuous mode
[  610.723938][T13005] bond_slave_1: entered promiscuous mode
[  610.729999][T12959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.770672][T12959] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.841188][ T5191] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  610.858424][ T5191] usb 3-1: USB disconnect, device number 41
[  611.126354][T13018] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  611.135365][T13018] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  611.372939][T12996] bond_slave_0: left promiscuous mode
[  611.378534][T12996] bond_slave_1: left promiscuous mode
[  611.405579][T13023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  611.795650][T13032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  611.885148][T13032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  613.091159][ T5103] Bluetooth: hci2: command 0x0406 tx timeout
[  614.102758][T13079] bond_slave_0: entered promiscuous mode
[  614.108541][T13079] bond_slave_1: entered promiscuous mode
[  614.115721][T13078] syz.0.2120: attempt to access beyond end of device
[  614.115721][T13078] loop0: rw=0, sector=2, nr_sectors = 2 limit=0
[  614.129262][T13078] syz.0.2120: attempt to access beyond end of device
[  614.129262][T13078] loop0: rw=0, sector=0, nr_sectors = 2 limit=0
[  614.145496][T13078] syz.0.2120: attempt to access beyond end of device
[  614.145496][T13078] loop0: rw=0, sector=0, nr_sectors = 2 limit=0
[  614.165096][T13078] syz.0.2120: attempt to access beyond end of device
[  614.165096][T13078] loop0: rw=0, sector=18, nr_sectors = 2 limit=0
[  614.185314][T13078] syz.0.2120: attempt to access beyond end of device
[  614.185314][T13078] loop0: rw=0, sector=30, nr_sectors = 2 limit=0
[  614.201175][T13078] syz.0.2120: attempt to access beyond end of device
[  614.201175][T13078] loop0: rw=0, sector=36, nr_sectors = 2 limit=0
[  614.214452][T13078] VFS: unable to find oldfs superblock on device loop0
[  614.465540][T13085] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  614.477462][T13085] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  614.735664][T13061] bond_slave_0: left promiscuous mode
[  614.741288][T13061] bond_slave_1: left promiscuous mode
[  614.904782][T13093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  615.023831][T13093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  616.337571][ T5103] Bluetooth: hci0: command tx timeout
[  616.658188][ T5103] Bluetooth: hci1: command tx timeout
[  617.069428][T13133] bond_slave_0: entered promiscuous mode
[  617.075282][T13133] bond_slave_1: entered promiscuous mode
[  617.751225][T13126] bond_slave_0: left promiscuous mode
[  617.756824][T13126] bond_slave_1: left promiscuous mode
[  617.986160][T13143] netlink: 'syz.0.2141': attribute type 10 has an invalid length.
[  618.103565][T13143] team0: Port device wlan1 added
[  618.806848][T13156] 9pnet_fd: Insufficient options for proto=fd
[  619.052133][T13162] FAULT_INJECTION: forcing a failure.
[  619.052133][T13162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  619.068644][T13162] CPU: 1 PID: 13162 Comm: syz.4.2148 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  619.078510][T13162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  619.088843][T13162] Call Trace:
[  619.092134][T13162]  <TASK>
[  619.095085][T13162]  dump_stack_lvl+0x241/0x360
[  619.099789][T13162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  619.105101][T13162]  ? __pfx__printk+0x10/0x10
[  619.109715][T13162]  ? __pfx_lock_release+0x10/0x10
[  619.114770][T13162]  should_fail_ex+0x3b0/0x4e0
[  619.119645][T13162]  _copy_from_user+0x2f/0xe0
[  619.124259][T13162]  copy_msghdr_from_user+0xae/0x680
[  619.129479][T13162]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  619.135285][T13162]  __sys_sendmsg+0x23d/0x3a0
[  619.139884][T13162]  ? __pfx___sys_sendmsg+0x10/0x10
[  619.144995][T13162]  ? vfs_write+0x7c4/0xc90
[  619.149440][T13162]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  619.155762][T13162]  ? do_syscall_64+0x100/0x230
[  619.160522][T13162]  ? do_syscall_64+0xb6/0x230
[  619.165208][T13162]  do_syscall_64+0xf3/0x230
[  619.169717][T13162]  ? clear_bhb_loop+0x35/0x90
[  619.174394][T13162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.180288][T13162] RIP: 0033:0x7f1ad2175b59
[  619.184691][T13162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.204387][T13162] RSP: 002b:00007f1ad2ef4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  619.212891][T13162] RAX: ffffffffffffffda RBX: 00007f1ad2305f60 RCX: 00007f1ad2175b59
[  619.220974][T13162] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000006
[  619.228946][T13162] RBP: 00007f1ad2ef40a0 R08: 0000000000000000 R09: 0000000000000000
[  619.237095][T13162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.245068][T13162] R13: 000000000000000b R14: 00007f1ad2305f60 R15: 00007ffe6a3db878
[  619.253055][T13162]  </TASK>
[  619.911563][T13184] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2156'.
[  620.594620][T13192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.768307][T13205] usb usb9: usbfs: process 13205 (syz.0.2163) did not claim interface 0 before use
[  620.835261][   T29] audit: type=1804 audit(1721625307.930:150): pid=13209 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.2166" name="/newroot/82/bus/file0" dev="overlay" ino=509 res=1 errno=0
[  620.957737][   T25] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  621.143326][   T25] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  621.167404][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.176930][   T25] usb 3-1: Product: syz
[  621.183764][   T25] usb 3-1: Manufacturer: syz
[  621.189761][   T25] usb 3-1: SerialNumber: syz
[  621.192850][T13220] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2170'.
[  621.200125][   T25] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  621.318745][ T5137] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  621.341964][ T5191] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  621.532717][ T5137] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  621.567331][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.596464][ T5137] usb 2-1: Product: syz
[  621.602571][ T5137] usb 2-1: Manufacturer: syz
[  621.607216][ T5137] usb 2-1: SerialNumber: syz
[  621.629909][ T5137] usb 2-1: config 0 descriptor??
[  621.646640][ T5103] Bluetooth: hci3: urb ffff88807ee5c500 submission failed (2)
[  621.899664][T13197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  621.928188][T13197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  622.357536][    C0] ------------[ cut here ]------------
[  622.363781][    C0] WARNING: CPU: 0 PID: 5137 at net/sched/sch_cake.c:2094 cake_dequeue+0x2af1/0x4690
[  622.373293][    C0] Modules linked in:
[  622.377225][    C0] CPU: 0 PID: 5137 Comm: kworker/0:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  622.387092][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  622.397230][    C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries
[  622.404772][    C0] RIP: 0010:cake_dequeue+0x2af1/0x4690
[  622.410329][    C0] Code: 74 08 4c 89 f7 e8 af d7 6b f8 4d 89 26 eb 05 e8 75 e1 08 f8 45 31 f6 4c 8b a4 24 08 01 00 00 e9 d4 de ff ff e8 60 e1 08 f8 90 <0f> 0b 90 48 8b 94 24 f0 00 00 00 48 89 d0 48 c1 e8 03 42 0f b6 04
[  622.430002][    C0] RSP: 0018:ffffc900000079c0 EFLAGS: 00010246
[  622.436102][    C0] RAX: ffffffff898a6160 RBX: 000000000000ffff RCX: ffff888029100000
[  622.444144][    C0] RDX: 0000000080000102 RSI: 000000000000ffff RDI: 0000000000000400
[  622.452269][    C0] RBP: ffffc90000007c28 R08: ffffffff898a5f7c R09: ffffffff898a69e5
[  622.460315][    C0] R10: 0000000000000003 R11: ffff888029100000 R12: ffff888049800010
[  622.468352][    C0] R13: dffffc0000000000 R14: 000000000000ffff R15: ffff888049800000
[  622.476350][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  622.485346][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  622.492031][    C0] CR2: 00007fe9ca85724f CR3: 000000005b28e000 CR4: 00000000003506f0
[  622.500052][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  622.508160][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  622.516149][    C0] Call Trace:
[  622.519471][    C0]  <IRQ>
[  622.522333][    C0]  ? __warn+0x163/0x4e0
[  622.526596][    C0]  ? cake_dequeue+0x2af1/0x4690
[  622.531499][    C0]  ? report_bug+0x2b3/0x500
[  622.536198][    C0]  ? cake_dequeue+0x2af1/0x4690
[  622.541108][    C0]  ? handle_bug+0x3e/0x70
[  622.545458][    C0]  ? exc_invalid_op+0x1a/0x50
[  622.550195][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[  622.555251][    C0]  ? cake_dequeue+0x3375/0x4690
[  622.560151][    C0]  ? cake_dequeue+0x290c/0x4690
[  622.565031][    C0]  ? cake_dequeue+0x2af0/0x4690
[  622.569930][    C0]  ? cake_dequeue+0x2af1/0x4690
[  622.574835][    C0]  ? mark_lock+0x9a/0x350
[  622.579342][    C0]  ? __pfx_cake_dequeue+0x10/0x10
[  622.580814][ T5191] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  622.584431][    C0]  __qdisc_run+0x272/0x2170
[  622.584577][    C0]  qdisc_run+0xda/0x270
[  622.584611][    C0]  net_tx_action+0x89c/0xa50
[  622.584633][    C0]  ? net_tx_action+0x708/0xa50
[  622.584658][    C0]  ? __pfx_net_tx_action+0x10/0x10
[  622.584681][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  622.584724][    C0]  handle_softirqs+0x2c4/0x970
[  622.584757][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[  622.584790][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  622.584821][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[  622.584856][    C0]  __irq_exit_rcu+0xf4/0x1c0
[  622.584882][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  622.584919][    C0]  irq_exit_rcu+0x9/0x30
[  622.584943][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  622.584976][    C0]  </IRQ>
[  622.584987][    C0]  <TASK>
[  622.584998][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  622.585026][    C0] RIP: 0010:lock_acquire+0x264/0x550
[  622.585056][    C0] Code: 2b 00 74 08 4c 89 f7 e8 1a cb 86 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  622.585077][    C0] RSP: 0018:ffffc90003e179e0 EFLAGS: 00000206
[  622.585101][    C0] RAX: 0000000000000001 RBX: 1ffff920007c2f48 RCX: 78a3097f134c2b00
[  622.585120][    C0] RDX: dffffc0000000000 RSI: ffffffff8bcadea0 RDI: ffffffff8c1fa440
[  622.585138][    C0] RBP: ffffc90003e17b40 R08: ffffffff92fd06df R09: 1ffffffff25fa0db
[  622.585157][    C0] R10: dffffc0000000000 R11: fffffbfff25fa0dc R12: 1ffff920007c2f44
[  622.585175][    C0] R13: dffffc0000000000 R14: ffffc90003e17a40 R15: 0000000000000246
[  622.585219][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  622.585252][    C0]  ? wg_ratelimiter_gc_entries+0x3ab/0x470
[  622.585283][    C0]  ? __pfx___might_resched+0x10/0x10
[  622.585329][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  622.585361][    C0]  _raw_spin_lock+0x2e/0x40
[  622.585385][    C0]  ? wg_ratelimiter_gc_entries+0x60/0x470
[  622.585413][    C0]  wg_ratelimiter_gc_entries+0x60/0x470
[  622.585447][    C0]  ? process_scheduled_works+0x945/0x1830
[  622.585475][    C0]  process_scheduled_works+0xa2c/0x1830
[  622.585534][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  622.585571][    C0]  ? assign_work+0x364/0x3d0
[  622.585605][    C0]  worker_thread+0x86d/0xd40
[  622.585642][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  622.585674][    C0]  ? __kthread_parkme+0x169/0x1d0
[  622.585708][    C0]  ? __pfx_worker_thread+0x10/0x10
[  622.585736][    C0]  kthread+0x2f0/0x390
[  622.585766][    C0]  ? __pfx_worker_thread+0x10/0x10
[  622.585793][    C0]  ? __pfx_kthread+0x10/0x10
[  622.585824][    C0]  ret_from_fork+0x4b/0x80
[  622.585853][    C0]  ? __pfx_kthread+0x10/0x10
[  622.585884][    C0]  ret_from_fork_asm+0x1a/0x30
[  622.585931][    C0]  </TASK>
[  622.585954][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  622.585967][    C0] CPU: 0 PID: 5137 Comm: kworker/0:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  622.585991][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  622.586005][    C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries
[  622.586035][    C0] Call Trace:
[  622.586044][    C0]  <IRQ>
[  622.586053][    C0]  dump_stack_lvl+0x241/0x360
[  622.586079][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  622.586102][    C0]  ? __pfx__printk+0x10/0x10
[  622.586141][    C0]  ? vscnprintf+0x5d/0x90
[  622.586169][    C0]  panic+0x349/0x860
[  622.586201][    C0]  ? __warn+0x172/0x4e0
[  622.586223][    C0]  ? __pfx_panic+0x10/0x10
[  622.586264][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  622.586305][    C0]  __warn+0x346/0x4e0
[  622.586325][    C0]  ? cake_dequeue+0x2af1/0x4690
[  622.586352][    C0]  report_bug+0x2b3/0x500
[  622.586381][    C0]  ? cake_dequeue+0x2af1/0x4690
[  622.586411][    C0]  handle_bug+0x3e/0x70
[  622.586433][    C0]  exc_invalid_op+0x1a/0x50
[  622.586457][    C0]  asm_exc_invalid_op+0x1a/0x20
[  622.586480][    C0] RIP: 0010:cake_dequeue+0x2af1/0x4690
[  622.586505][    C0] Code: 74 08 4c 89 f7 e8 af d7 6b f8 4d 89 26 eb 05 e8 75 e1 08 f8 45 31 f6 4c 8b a4 24 08 01 00 00 e9 d4 de ff ff e8 60 e1 08 f8 90 <0f> 0b 90 48 8b 94 24 f0 00 00 00 48 89 d0 48 c1 e8 03 42 0f b6 04
[  622.586523][    C0] RSP: 0018:ffffc900000079c0 EFLAGS: 00010246
[  622.586541][    C0] RAX: ffffffff898a6160 RBX: 000000000000ffff RCX: ffff888029100000
[  622.586557][    C0] RDX: 0000000080000102 RSI: 000000000000ffff RDI: 0000000000000400
[  622.586572][    C0] RBP: ffffc90000007c28 R08: ffffffff898a5f7c R09: ffffffff898a69e5
[  622.586588][    C0] R10: 0000000000000003 R11: ffff888029100000 R12: ffff888049800010
[  622.586604][    C0] R13: dffffc0000000000 R14: 000000000000ffff R15: ffff888049800000
[  622.586626][    C0]  ? cake_dequeue+0x3375/0x4690
[  622.586649][    C0]  ? cake_dequeue+0x290c/0x4690
[  622.586671][    C0]  ? cake_dequeue+0x2af0/0x4690
[  622.586725][    C0]  ? mark_lock+0x9a/0x350
[  622.586778][    C0]  ? __pfx_cake_dequeue+0x10/0x10
[  622.586813][    C0]  __qdisc_run+0x272/0x2170
[  622.586857][    C0]  qdisc_run+0xda/0x270
[  622.586889][    C0]  net_tx_action+0x89c/0xa50
[  622.586909][    C0]  ? net_tx_action+0x708/0xa50
[  622.586932][    C0]  ? __pfx_net_tx_action+0x10/0x10
[  622.586953][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  622.586990][    C0]  handle_softirqs+0x2c4/0x970
[  622.587014][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[  622.587040][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  622.587067][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[  622.587095][    C0]  __irq_exit_rcu+0xf4/0x1c0
[  622.587117][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  622.587148][    C0]  irq_exit_rcu+0x9/0x30
[  622.587168][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  622.587195][    C0]  </IRQ>
[  622.587202][    C0]  <TASK>
[  622.587211][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  622.587234][    C0] RIP: 0010:lock_acquire+0x264/0x550
[  622.587257][    C0] Code: 2b 00 74 08 4c 89 f7 e8 1a cb 86 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  622.587276][    C0] RSP: 0018:ffffc90003e179e0 EFLAGS: 00000206
[  622.587297][    C0] RAX: 0000000000000001 RBX: 1ffff920007c2f48 RCX: 78a3097f134c2b00
[  622.587312][    C0] RDX: dffffc0000000000 RSI: ffffffff8bcadea0 RDI: ffffffff8c1fa440
[  622.587326][    C0] RBP: ffffc90003e17b40 R08: ffffffff92fd06df R09: 1ffffffff25fa0db
[  622.587341][    C0] R10: dffffc0000000000 R11: fffffbfff25fa0dc R12: 1ffff920007c2f44
[  622.587355][    C0] R13: dffffc0000000000 R14: ffffc90003e17a40 R15: 0000000000000246
[  622.587392][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  622.587418][    C0]  ? wg_ratelimiter_gc_entries+0x3ab/0x470
[  622.587443][    C0]  ? __pfx___might_resched+0x10/0x10
[  622.587472][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  622.587498][    C0]  _raw_spin_lock+0x2e/0x40
[  622.587518][    C0]  ? wg_ratelimiter_gc_entries+0x60/0x470
[  622.587541][    C0]  wg_ratelimiter_gc_entries+0x60/0x470
[  622.587570][    C0]  ? process_scheduled_works+0x945/0x1830
[  622.587593][    C0]  process_scheduled_works+0xa2c/0x1830
[  622.587642][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  622.587673][    C0]  ? assign_work+0x364/0x3d0
[  622.587701][    C0]  worker_thread+0x86d/0xd40
[  622.587732][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  622.587758][    C0]  ? __kthread_parkme+0x169/0x1d0
[  622.587786][    C0]  ? __pfx_worker_thread+0x10/0x10
[  622.587809][    C0]  kthread+0x2f0/0x390
[  622.587834][    C0]  ? __pfx_worker_thread+0x10/0x10
[  622.587857][    C0]  ? __pfx_kthread+0x10/0x10
[  622.587884][    C0]  ret_from_fork+0x4b/0x80
[  622.587907][    C0]  ? __pfx_kthread+0x10/0x10
[  622.587932][    C0]  ret_from_fork_asm+0x1a/0x30
[  622.587972][    C0]  </TASK>
[  622.594137][    C0] Kernel Offset: disabled