last executing test programs:

16.224345859s ago: executing program 2 (id=530):
mkdir(&(0x7f00000000c0)='./bus\x00', 0x49)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r1 = socket$netlink(0x10, 0x3, 0x0)
preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/4, 0x4}], 0x3e8, 0x0, 0x0) (async)
r2 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async)
recvmsg$kcm(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/12, 0xc}, {&(0x7f00000003c0)=""/19, 0x13}, {&(0x7f0000000400)=""/37, 0x25}, {&(0x7f0000000480)=""/88, 0x58}, {&(0x7f0000000500)=""/118, 0x76}, {&(0x7f0000000580)=""/119, 0x77}, {&(0x7f0000000600)=""/157, 0x9d}, {&(0x7f00000006c0)=""/192, 0xc0}, {&(0x7f0000000780)=""/91, 0x5b}, {&(0x7f0000000800)=""/8, 0x8}], 0xa, &(0x7f0000000900)=""/157, 0x9d}, 0x2101) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) (async)
r4 = getpid() (async)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r7}, 0x18) (async)
mprotect(&(0x7f0000565000/0x2000)=nil, 0x2000, 0x5) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x4040, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]})

15.253732592s ago: executing program 2 (id=532):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = socket(0x1000000000000010, 0x80802, 0x0)
bind$netlink(r4, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472e98c9a412199ce7976bee5eaf40e60cb3fbe8b92dae5008e92d17d05ce74ffffe74ae71d5b8bd43a4e0bf0390335aa489689f5e3a4ac5adca96caab658b43cd499d95d3876c220d147ad1d0e626621d88f1370982f663793cac52ea0d14e595ff1f56427a0a813bb3b84d31d021eeea8faeff25bb66f5940d08a5509a66fc43962bcb2f7415bc38e355e80ec935aa6fe2d74bd475d89449fb46320fee40faff2fd005549fe6a042bd95decfde5e166971935f4cfd9c9e5bfd2d803644f4e5b7e6dc1a7a35df7134e2fad79269bf24bea4eb0213068e3054d9e4a8d1a9eb032cb390e2016d0ce10549728cb4732dc5adab16fa19ac70780b29e079be27c95d3dd2bd91a584c46d84d430fc6ea31ce0ba62fa27be9f6bc435203da7c3a5d68bf4dd4f81cbfaa1c87a15b9272853c9837db930952dca667194b71815a9eb49b495360dcdf31e0e560857d0541a916d6b5469ac1b36babc5a91e1d58925f20d9d5f8a0da3c30711b0d101cabceffbe072be69613ea0003c6e9bb5cd2413c8ddc17cfa319cf7aaeed0ffb07a08f8fb439f709dfe0732fe42192819870bdd87d5f612ade03540a28be446095269d9ea5a60bba1f2462f9921f2a731dbcf1d03964ea1e4f79514914d37877f57617b60fa2b58aa694fcb023024653c4b73efb12a57ffc6f8943262b77be933051e12bd4d768a422ea652d45b04a9c43b5c97fc3edea7002d51a0a74889334ee"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x29}, 0x48)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f00000010c0)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={r6, 0x8, 0x9, 0x1}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={r6, 0x4}, &(0x7f00000000c0)=0x8)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000180)={0xc, <r9=>0x0})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_IOAS_COPY(r8, 0x3b83, &(0x7f0000000240)={0x28, 0x0, r9, r10, 0x5, 0x23b, 0x82})
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000002c0)={0x54, r0, 0x801, 0x200004, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abe00000000ee398d162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0x7}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}]}]}, 0x54}}, 0x0)

13.395395382s ago: executing program 2 (id=536):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xe9b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2, 0x2, 0x73)
r1 = socket$inet6(0xa, 0x3, 0x2c)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x558, 0x320, 0xffffff80, 0x178, 0x0, 0x178, 0x488, 0x22b, 0x258, 0x488, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x300, 0x320, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{0x94}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'geneve1\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x8, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7030000850000000c000000b7000000000000008520000013000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')

13.06616093s ago: executing program 2 (id=539):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYRES64=0x0, @ANYRES8], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200"], 0x48)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x19)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000080)={0x56, 0x5, 0x9, 0xa, 0x2, "00120dd608f500001e20000080c90a008000"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xa)
r2 = landlock_create_ruleset(&(0x7f00000002c0)={0x0, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
setns(r4, 0x24020000)
umount2(&(0x7f0000000040)='.\x00', 0x8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38)
r6 = socket$igmp(0x2, 0x3, 0x2)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000040)=""/53, 0x2457a0be381e3a04)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
r8 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f0000000040)={0x9, 0x6, 0x1, {0x9, @sliced={0x4, [0x8, 0x80, 0x7f, 0x8403, 0x1, 0xe, 0x81, 0x3, 0x7, 0x7, 0x9, 0x7, 0x3f1, 0x698, 0x5d99, 0x9, 0xf, 0x1, 0x7, 0x2, 0x9, 0x6, 0x3ff, 0x8010, 0x0, 0x6, 0x2, 0xf84, 0x4, 0x8, 0x1, 0xf, 0x3, 0x35, 0x0, 0x9, 0x5857, 0x8001, 0x6, 0x400, 0x8, 0x1, 0x1, 0x7, 0x5, 0xb, 0x5, 0x8], 0x3}}, 0x800})
ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000300)={0x1, @raw_data="b740085ebfd3f6817ed4dc7dde8bbc07b2e30d590dd837cc1a9c053fe1ba9a231622c899cffa1d1eacd88ab51ec4bde784ec61ccfa2226d287d208e4008db7d578160aa9a7080fc7e9d9b65c029215a93eb066050211eef5baa66e3a367ddeff84652089d705524524a63c3c17fc77627b568851e4af84bf3170f1cc7aafed9bed3f278720b8ed511da4c8085f95d49ceddc912db11e26f426b9caa704543d478eecf3f4134f980d069ba21d273c71656cec1fd94701c7e662a9353b5d76ca175ac732c8989e2928"})
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800117fe365d6febb825fda0335dd00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10)

12.485679302s ago: executing program 3 (id=540):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'bond0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x60, 0x24, 0xf0b, 0x70bd2b, 0x4000, {0x0, 0x0, 0x12, r1, {0x0, 0x11}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8, 0x8, 0xfffffffd}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x8, 0x1, 0x2, 0x0, 0x8, 0x4}}, {0x4}}]}]}, 0x60}}, 0x0)

12.197160594s ago: executing program 0 (id=542):
fsopen(&(0x7f00000000c0)='autofs\x00', 0x1)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setreuid(0xffffffffffffffff, 0xee01)
write$tcp_mem(r0, 0x0, 0x0)
io_getevents(0x0, 0x4, 0x0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = dup(r1)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000040)={0x57, 0x1, 0xb})
io_destroy(0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180800000000000000000000000000002d000000000000009500b2e1000000000000"], &(0x7f0000000000)='GPL\x00', 0x6}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='quota,grpquota_inode_hardlimit=3,noswap'])
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000740)={<r4=>0x0})
io_uring_setup(0xaae, 0x0)
r5 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f00000014c0)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r4})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000003c0)={<r7=>0x0})
syz_open_dev$vim2m(&(0x7f0000000140), 0x8000000000000000, 0x2)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x7, &(0x7f0000000180)=[{0x7, 0x9, 0x8, 0x7}, {0x5, 0x9, 0x0, 0x3ff}, {0x1, 0x67, 0x3, 0x9}, {0x81, 0x3, 0xb, 0x3}, {0x2, 0x8, 0x5, 0x5}, {0x6, 0x3, 0xff, 0x1}, {0x1, 0x10, 0x9, 0xc45c}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r8, 0x40182103, &(0x7f0000000080)={r7, 0x3, r2, 0x8000006, 0x80000})

11.863536061s ago: executing program 0 (id=543):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x53)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f0000000180)={0x28, 0x1000000, 0x0, 0x0, 0x0})
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r6, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}}, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8)
close(r1)

10.514159667s ago: executing program 0 (id=544):
syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x100)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0xfffffffffffffffe, 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usbip_server_init(0x3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3f, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10.373743212s ago: executing program 1 (id=546):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="e000000010000b0500000007000000006f6d8864d22a3f2ffaa46c88bca90000002b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44ecff2d5f28732c2d"], 0xe0}], 0x1}, 0x0)

10.263954798s ago: executing program 2 (id=547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/bus/input/handlers\x00', 0x0, 0x0)
readv(r0, &(0x7f0000001680)=[{&(0x7f0000000100)=""/29, 0x1d}, {&(0x7f0000001240)=""/186, 0xba}], 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x2c, 0x3, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000004780))
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtaction={0x68, 0x30, 0xcac229faa96ee7df, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ife={0x50, 0x3ffd, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}, 0x1}}, @TCA_IFE_TYPE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x500}, 0x0)
keyctl$setperm(0x5, 0x0, 0x10000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r7)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="08000500060000000c001780040007"], 0x30}}, 0x0)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r7, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB='|\x00kG\x00\x00', @ANYRES16=r8, @ANYBLOB="00082abd7000ffdbdf254c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00580052000000000000000c0058007a000000000000000c00580032000000000000000c00580080000000000000000c00580069000000000000000c0058001a000000000000000c0058007a000000000000000c0058005c00000000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004090)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x2, @local}, 0x1c)
socket$netlink(0x10, 0x3, 0x6)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
writev(r10, &(0x7f0000000240)=[{&(0x7f0000000080)='y', 0x1}], 0x1)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x34d3542e, 0xfffffffe, 0x80000})
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)

9.260299657s ago: executing program 1 (id=548):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x15, 0xe, 0x79, &(0x7f0000000d00)})
syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58)
write$uinput_user_dev(r2, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
io_uring_setup(0x4f04, &(0x7f00000002c0)={0x0, 0x48c7, 0x400, 0x0, 0xffffffff})
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000b80)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000260608000104004e4507000003000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000000000001f1bd182bd43cb58074e0816289328452c0880fe4b3af9c97925711095cc7d3ebcd8418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f575306ebb2c2890a4fa79303101a652776cc2fb4f01e79cd10215d917a116350d60f27fdc244bdab56ee3ad8f5fdf82027a1215bc54045d6b9f30bdebcf053aa120397695ffd0f6e5fe24ce4b9143a3d8419fb51331ca5fef"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000340)="b64424", &(0x7f0000000240)=@udp6=r3, 0x1}, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000040000900fffffffffddbdf250200040080000000000000000000000000005c9019ca377441f7cfc91c9cfafc25e90e3f6a415704ce18cef50725af3f9ec0f44f2e31ca"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000400), &(0x7f0000000480)=0xe)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="03000000040000000400005c8978fac8", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="03000000010000000200"/28], 0x50)
r5 = syz_open_procfs(0x0, &(0x7f0000001380))
getdents(r5, &(0x7f0000002000)=""/4096, 0x1000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001740)=@newtaction={0x74, 0x30, 0xb, 0x5, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd0af4adf700102c00fe800000000000000000000000000000ff0200000000000000000000000000013c"], 0x0)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)

9.019001522s ago: executing program 4 (id=549):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000c5b000/0x3000)=nil)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r6, 0x0, 0x10840)
socket$caif_seqpacket(0x25, 0x5, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r8)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r10=>0x0})
r11 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r11, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x84, @local, 0x4}, {0xa, 0x0, 0x3, @mcast1}, 0x0, {[0x2, 0x8, 0xa, 0x0, 0x0, 0x0, 0x7ff, 0x4]}}, 0x5c)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r9, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0)

8.646269s ago: executing program 3 (id=550):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x2400c040)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x81, 0xe, 0x198b, 0x100, 0x4})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000cc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000ec0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x101010}, 0xc, &(0x7f0000000e00)={&(0x7f0000000f00)=ANY=[@ANYBLOB="f8000000eb37a62b1a8c75dfe0e42a7661a066688c82ca717c39a1b467ac7455ed17498f0941034c7147f87ab0f46e25ec7fea92cd4014bdaf439077ba4ae1cffda4d2afff9fcea38023513463d753a311a16018f8cd55529c42f5b24d93171c656aa8f9677c8e37a2f005f843c4403cce4a132f4223b2d0511f53db68beb17e1137140700317ee1c4", @ANYRES16=r4, @ANYBLOB="00012bbd7000ffdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00810000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0002000000080001007063690011000200303030303a30303a31302e300000000008000b0000100000080001007063690011000200303030303a30303a31302e300000000008000b0002000000080001007063690011000200303030303a30303a31302e300000000008000b0024ba0000"], 0xf8}}, 0x8000)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="0a000600080211003147b53eab0b0000004017db"], 0x30}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0xc4)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000300)=0xe)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000000002010400000000000000000a0000000400bb100300fc0000000000000000000000000000201400040000000000000000000000feff"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0)
sendmsg$rds(r7, &(0x7f0000000c80)={&(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000340)=""/145, 0x91}, {&(0x7f0000000280)=""/114, 0x72}, {&(0x7f0000000440)=""/191, 0xbf}], 0x3, &(0x7f0000000b00)=[@rdma_dest={0x18, 0x114, 0x2, {0x7, 0x100}}, @fadd={0x58, 0x114, 0x6, {{0xf}, &(0x7f0000000540)=0x2, &(0x7f0000000580)=0x10, 0x9, 0xe, 0x20, 0x7b, 0x72, 0x8}}, @mask_fadd={0x58, 0x114, 0x8, {{0xcb2, 0x96}, &(0x7f00000005c0)=0x6, &(0x7f0000000600)=0x1e12, 0x240000000, 0x88, 0x6, 0x7fffffff, 0x4, 0x7f}}, @rdma_args={0x48, 0x114, 0x1, {{0x7, 0x2}, {&(0x7f0000000640)=""/128, 0x80}, &(0x7f0000000a00)=[{&(0x7f00000006c0)=""/13, 0xd}, {&(0x7f0000000700)=""/101, 0x65}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/134, 0x86}, {&(0x7f0000000880)=""/126, 0x7e}, {&(0x7f0000000900)=""/118, 0x76}, {&(0x7f0000000980)=""/77, 0x4d}], 0x7, 0x1, 0x4}}, @mask_fadd={0x58, 0x114, 0x8, {{0x6, 0x3}, &(0x7f0000000a80)=0x5, &(0x7f0000000ac0)=0x4, 0xfff, 0x9, 0x1, 0x6, 0x63, 0x6}}], 0x168, 0x8000}, 0x4000010)
sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x2)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r0, @ANYRES8=r0, @ANYRES8=r1, @ANYRESDEC=r6, @ANYRESHEX=r1, @ANYRES32=r1, @ANYRESHEX=r1, @ANYRESOCT=r0], 0x64}}, 0x0)

8.423331275s ago: executing program 2 (id=551):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x401c5820, &(0x7f0000000080)={'dvmrp0\x00', @random="b75e22bfaf78"})
r3 = socket(0x5, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0xc0044dff, &(0x7f0000004000))
sendmsg$nl_route(r4, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x4, {0x2, 0x0, 0x0, 0x0, 0x0, 0x8}, [@NDA_DST_IPV4={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x20000080)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r6, 0x0, 0x40, 0x0, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'gretap0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0xffffffffffffffff}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0)
recvmmsg(r1, &(0x7f0000009500)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001a40)=""/4096}], 0x56}, 0x80001}], 0x1, 0x2100, 0x0)

7.050116915s ago: executing program 0 (id=552):
socket$nl_route(0x10, 0x3, 0x0)
listen(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000680), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r2, r1, &(0x7f00000000c0)=0x58, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$loop(0x0, 0x7, 0x2480)
ioctl$HDIO_GETGEO(r3, 0x301, &(0x7f0000000180))
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000040)={'veth1_vlan\x00', 0x8})

7.049104921s ago: executing program 1 (id=553):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001900010000000007000000001c140000fe00000100000000050005"], 0x24}}, 0x0)

7.044337569s ago: executing program 3 (id=554):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
io_setup(0x8, &(0x7f0000000000))
write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d66642c7266106e6f3d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYRESOCT=r2])

7.0420913s ago: executing program 4 (id=555):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000040)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)

6.388578851s ago: executing program 1 (id=556):
r0 = syz_open_dev$sndpcmp(0x0, 0x3, 0x5f3100)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r0, 0x40084149, &(0x7f00000002c0)=0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x740, 0x120, 0x2f8, 0x440, 0x510, 0x2f8, 0x670, 0x670, 0x670, 0x670, 0x670, 0x6, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xff000000, 0xffffff00, 0x0, 0xffffff00], 'vlan1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x0, 0x3, 0x3, 0x14}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x6, 0x7}}}, {{@ipv6={@remote, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11, 0x0, 0x0, 0x4}, 0x0, 0x198, 0x1d8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [], @ipv6=@private1, [0xffffffff, 0xff000000, 0xffffffff], @ipv4=@multicast2, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@empty, [0x0, 0x0, 0xff000000, 0xff], 0x0, 0x0, 0x42, 0x4e22, 0x4e24, 0x4e20, 0x4e24, 0x0, 0x23ccf3e9fd2b5143}, 0x0, 0x80, 0x0, 0x4e20, 0x4e24, 0x4e23}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private2, 0x0, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@dst={{0x48}, {0x0, 0x0, 0x0, [0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x2]}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7a0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000003c0)={0x1, @pix_mp={0x9, 0x9, 0x32314247, 0x9, 0x9, [{0x4, 0x1}, {0x1, 0x80000000}, {0x8001, 0x5}, {0x1, 0x7}, {0x6, 0x40}, {0xd}, {0xd, 0x9}, {0xc8b, 0x73d5}], 0x6, 0xff, 0x7, 0x2}})
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x80b, 0x6)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000300)={r3, 0x8001, 0x8, 0xf801, 0x247, 0x0, 0x78f0, 0x3, {0x0, @in={{0x2, 0x4e22, @multicast2}}, 0xfffffffe, 0x81, 0x6, 0x8, 0xa2f3}}, &(0x7f00000003c0)=0xb0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)="0bc3ff", 0xd}, {&(0x7f0000000000)='G', 0x1}, {&(0x7f0000000240)="d336bd75243cb9a6418e", 0xa}], 0x1000000000000041)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x501042)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000640)={0x7, @win={{0xc, 0x1004100, 0x0, 0x400006}, 0x3, 0x26c8, &(0x7f00000004c0)={{0x2, 0x2000005, 0x8, 0xfbfffffe}, &(0x7f0000000540)={{0x80000002, 0x7, 0x1, 0x1ff}, &(0x7f00000000c0)={{0xe410, 0x1, 0x6, 0x1}}}}, 0xb5d, 0x0, 0x2}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSNLIST(r6, 0x8010640b, &(0x7f0000000000)={0x0, 0x0})
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYRES16=r2, @ANYRESDEC=0x0, @ANYRES64=r2], 0x14}, 0x1, 0x0, 0x0, 0x8050}, 0x20008005)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x3ff, 0x1000}}, 0x30)
getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0)

6.315494044s ago: executing program 4 (id=557):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
epoll_create1(0x80000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x60600, 0x0)
write(r1, &(0x7f0000000280)="410adc721b1ca19aa997f2bc0795ac01e9424d6c2d95aa117256a66b49e885fb54260d5be52b7a8836807f69ad98c20b285746369a2296055a5012bb7582c9d313f5439a606ca9634c0de29a6da2546747d3c51bb63474f5ab5e1a94bf626499085301377c0cc1c2d30869127798facd493a3486978bf74d7177ee993b6407aad4fe87a31b98d6c21a49b3f4858354020d915fe14f059dafefe7281c4303f578cebcacad91f757e8c9339a", 0xab)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x64, 0x6, 0x600, 0x310, 0x1d0, 0x440, 0x310, 0x0, 0x530, 0x530, 0x530, 0x530, 0x530, 0x6, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [], 'vcan0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x7a00000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'syzkaller1\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private0}}}, {{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [0xffffff00], 'veth1_to_batadv\x00', 'vlan1\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @common=@ipv6header={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty}}}, {{@ipv6={@private0, @mcast2, [], [], 'veth1_to_team\x00', 'veth0_macvtap\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe760]}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@remote}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2f}, @mcast2, [0xff, 0x0, 0x7f, 0xff], [0xffffffff, 0xff, 0xffffffff, 0xff], 'veth1_to_batadv\x00', 'rose0\x00', {}, {0xff}, 0x29, 0x4c, 0x2, 0x65}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x660)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r4, &(0x7f0000000040)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x47)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0)
r5 = io_uring_setup(0x4bea, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.202431208s ago: executing program 3 (id=558):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_elf32(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000e00200060007000000ba03000038000000fd2600000180ffff0600200001000200040006000000000003"], 0x58)
close(r1)
ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000340)='syz0\x00')
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000080)=0x3, 0x4)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r4 = socket$kcm(0x2, 0xa, 0x2)
r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x9e6, 0x210002)
ioctl$USBDEVFS_RESETEP(r5, 0x80045503, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'nr0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r6, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e22, 0x2000041d, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000180)}, 0x4c040)
ioctl$BTRFS_IOC_BALANCE_CTL(r6, 0x40049421, 0x0)
sendmmsg(r2, 0x0, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f00000000c0), 0x4)
writev(r7, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

5.473866989s ago: executing program 4 (id=559):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x4, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x4, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1e, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0xb4}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x18) (async)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000c"], 0x48) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000c"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='rxrpc_peer\x00', r5}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='rxrpc_peer\x00', r5}, 0x18)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xf, &(0x7f0000000900)=ANY=[@ANYBLOB="180000001000000000000000e5f3000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000040b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{}, &(0x7f00000004c0), &(0x7f0000000500)='%pK    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)='%pK    \x00'}, 0x20)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00', 0x0, 0x1c}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r9, r10, 0x5, 0x0, @void}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r11=>r1, {0x800000, 0x3}}, './file0\x00'})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000900)={{0x1, <r12=>0xffffffffffffffff}, &(0x7f0000000880), &(0x7f00000008c0)='%-010d \x00'}, 0x20)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000940)={0x1b, 0x0, 0x0, 0xcfb, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x4}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x15, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@exit, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x1}, @ldst={0x3, 0x3, 0x2, 0x2, 0x1, 0x32, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x9, 0xe2, &(0x7f00000003c0)=""/226, 0x41100, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x9, 0x2, 0x4}, 0x10, 0x2fea, r5, 0x0, &(0x7f00000009c0)=[r6, r7, r8, r10, 0xffffffffffffffff, r11, r12, 0xffffffffffffffff, r13], 0x0, 0x10, 0x8}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0xf000, 0x100, 0x1ff, 0x6, 0x0, [{0x4, 0xbd, 0x5, '\x00', 0x81}, {0x3, 0x71, 0x5, '\x00', 0xc7}, {0x95, 0xc4, 0x6, '\x00', 0x68}, {0x9, 0xf9, 0x4, '\x00', 0x72}, {0x9, 0xfc, 0x10, '\x00', 0x81}, {0xd, 0x8, 0x3, '\x00', 0x8}, {0x9, 0x20, 0x10, '\x00', 0xed}, {0x0, 0x4, 0x5, '\x00', 0xa1}, {0x3, 0x2, 0x7, '\x00', 0x8}, {0x8, 0xe1, 0x7f, '\x00', 0x8}, {0x1, 0xff, 0x2, '\x00', 0x2}, {0xfa, 0x6, 0x10, '\x00', 0xca}, {0x6, 0xe, 0xc, '\x00', 0x7}, {0x3, 0x5, 0x1, '\x00', 0xf2}, {0x7, 0x7, 0xfa, '\x00', 0x9}, {0xff, 0x8, 0x5, '\x00', 0x8f}, {0x80, 0x9, 0x2, '\x00', 0x8}, {0x6, 0x7, 0x8, '\x00', 0x1}, {0x8, 0x3, 0x9, '\x00', 0x7}, {0x5, 0xd, 0xa2, '\x00', 0x3}, {0x1, 0x0, 0x8, '\x00', 0x2}, {0x2, 0x0, 0x7, '\x00', 0xd}, {0x10, 0xf7, 0x8, '\x00', 0x7f}, {0x5, 0x80, 0x8d, '\x00', 0x8}]}})
ioctl$KVM_SET_REGS(r14, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x1, 0xfffffffffffffffe, 0x5, 0x0, 0xbdb], 0x1, 0x3c4210})
ioctl$KVM_RUN(r14, 0xae80, 0x0)

4.653709189s ago: executing program 4 (id=560):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioprio_set$pid(0x2, 0x0, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
syz_open_dev$sndpcmp(0x0, 0x18000000000000, 0x90181)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000000)=0x6, 0x4)
connect$inet6(r3, &(0x7f0000000400)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c)
sendto$inet6(r3, &(0x7f0000000540)="54c21b2c7f5318499c6a5eac38b57dd63e746670820ddbba86c0df7a4cb05f89c51f842326af29a17f0d7c7b61d420e2033c2c4f3d801a713dd4c3f1f1de1809f9dbc97379764af14fd2e7d711aafce74b399ceea93abfeac9f3d2c89e3bcc80f549950eb7b74de0fb5f2ea85621a35c3f3c4ea52958a84b643e0ee918e8faeac2d447bbfd0b9753855ada23d5b63dcf4a2983fee0cd72f4e5d00a500de5a4db562a2d34da1fcfb62405e0f686f2ccbd112d2d8c3a5594c083104745ea4ebbf83ae8232ba734739c9f434979ea21194cdc44529f900e49f26b5b0807f800410a0f33bbf4f7f03bc9077f64eea32fc9700584298579", 0xf5, 0x0, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r4, 0x84, 0x7f, &(0x7f0000000140)="0200000009800089", 0x8)
recvmmsg(r3, &(0x7f0000005300)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001aa40)=""/102400, 0x19000)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.477550167s ago: executing program 3 (id=561):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x8103}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001300)=""/193, 0xc1}, {&(0x7f0000000440)=""/246, 0xf6}, {&(0x7f0000000100)=""/91, 0x5b}, {&(0x7f0000006080)=""/4097, 0x1001}, {&(0x7f0000000000)=""/204, 0xcc}], 0x5}, 0x8}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x5, 0x20, 0x0)

3.40798579s ago: executing program 4 (id=562):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x470b923, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x81}}}]}, 0x3c}}, 0x4008000)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000a80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r10, 0x0, 0xd}, 0x18)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x14}}, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
connect$unix(r7, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, <r11=>0x0})
ptrace(0x11, r11)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[], 0x0)

3.182881687s ago: executing program 0 (id=563):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}})
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x2804cdc, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (fail_nth: 16)

3.156589085s ago: executing program 1 (id=564):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x15, 0xe, 0x79, &(0x7f0000000d00)})
syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58)
write$uinput_user_dev(r2, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
io_uring_setup(0x4f04, &(0x7f00000002c0)={0x0, 0x48c7, 0x400, 0x0, 0xffffffff})
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000b80)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000260608000104004e4507000003000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000000000001f1bd182bd43cb58074e0816289328452c0880fe4b3af9c97925711095cc7d3ebcd8418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f575306ebb2c2890a4fa79303101a652776cc2fb4f01e79cd10215d917a116350d60f27fdc244bdab56ee3ad8f5fdf82027a1215bc54045d6b9f30bdebcf053aa120397695ffd0f6e5fe24ce4b9143a3d8419fb51331ca5fef"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000340)="b64424", &(0x7f0000000240)=@udp6=r3, 0x1}, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000040000900fffffffffddbdf250200040080000000000000000000000000005c9019ca377441f7cfc91c9cfafc25e90e3f6a415704ce18cef50725af3f9ec0f44f2e31ca"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000400), &(0x7f0000000480)=0xe)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="03000000040000000400005c8978fac8", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="03000000010000000200"/28], 0x50)
r5 = syz_open_procfs(0x0, &(0x7f0000001380))
getdents(r5, &(0x7f0000002000)=""/4096, 0x1000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001740)=@newtaction={0x74, 0x30, 0xb, 0x5, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd0af4adf700102c00fe800000000000000000000000000000ff0200000000000000000000000000013c"], 0x0)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)

3.082672324s ago: executing program 3 (id=565):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001540)=ANY=[@ANYBLOB="280000001e0001000000", @ANYRES32, @ANYBLOB="000004000a00"], 0x28}}, 0x0)
syz_usb_connect(0x3, 0x34, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9b, 0xbd, 0x8b, 0x8, 0x4e8, 0xff30, 0xa6d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x29, 0xfd, 0xdd, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "94ef6333ef"}]}}]}}]}}]}}, 0x0)

2.529585566s ago: executing program 0 (id=566):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x10000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
r4 = syz_io_uring_complete(0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3}, './file0/file0\x00'})
r5 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000000c0)="438dc77642449e6e17", 0xfffffd51}], 0x1, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB="740000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800c0001006d6163766c616e003c00028008000100100000001c0005800a000400aaaaaaaaaabb000002000400d8928afb7028000008000300030000000a000400aaaaaaaaaabb000008000500", @ANYRES32=r7], 0x74}}, 0x2044890)

0s ago: executing program 1 (id=567):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0xc0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000380)={0x28, r7, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000)
sendmsg$NL80211_CMD_START_NAN(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r3, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x5, 0x23}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x20008000)
sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="f89ac6c9bf5ceaa60000000000080000040003000000000000000000000000000000000000000000feffffffffffffff050006006c0000000a00000000000002000000000000fe000000000000000004000400ffffffff07000000000000000000000000000000000000000000000002000100000000000000fe03010000e005000500000000000a004e2000000000ff010000000000000000000000000022783cf16b34c994010000000000000000"], 0xb0}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00'}, 0x90)
r10 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x400040, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r10, 0xf501, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$NFT_MSG_GETTABLE(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="00010000010a0101"], 0x100}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)

kernel console output (not intermixed with test programs):

.541284][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  116.547768][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  116.666990][ T6120] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  118.171896][ T6158] loop6: detected capacity change from 0 to 63
[  118.774790][ T6161] netlink: 32 bytes leftover after parsing attributes in process `syz.3.51'.
[  119.178778][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.54'.
[  119.377396][   T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  119.676568][ T6177] xt_bpf: check failed: parse error
[  120.263233][   T24] usb 1-1: device descriptor read/64, error -71
[  121.377615][ T6181] overlayfs: failed to resolve './file1/file0': -2
[  121.924344][ T6185] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  121.946452][ T6182] netlink: 256 bytes leftover after parsing attributes in process `syz.1.57'.
[  123.091895][ T6199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.60'.
[  123.959026][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  125.221619][ T6207] xt_bpf: check failed: parse error
[  125.652805][ T6217] xt_bpf: check failed: parse error
[  126.846171][ T6220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.62'.
[  128.600298][ T6230] netlink: 'syz.0.69': attribute type 1 has an invalid length.
[  128.608360][ T6230] netlink: 'syz.0.69': attribute type 1 has an invalid length.
[  128.616034][ T6230] netlink: 216 bytes leftover after parsing attributes in process `syz.0.69'.
[  128.659055][ T6230] netlink: 12 bytes leftover after parsing attributes in process `syz.0.69'.
[  129.988239][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.72'.
[  130.995997][ T6248] loop6: detected capacity change from 0 to 524287999
[  131.100042][ T6255] netlink: 28 bytes leftover after parsing attributes in process `syz.4.75'.
[  131.973824][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.748458][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.855571][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.870962][ T6258] fuseblk: Bad value for 'user_id'
[  132.881121][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.905484][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.923448][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.928142][ T6258] fuseblk: Bad value for 'user_id'
[  132.930582][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  132.968627][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.039518][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.057331][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.078015][ T6262] netlink: 'syz.3.77': attribute type 3 has an invalid length.
[  133.085635][ T6262] netlink: 224 bytes leftover after parsing attributes in process `syz.3.77'.
[  133.101640][ T6248] ldm_validate_partition_table(): Disk read failed.
[  133.154553][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.204685][ T6248] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.264227][ T6248] Dev loop6: unable to read RDB block 0
[  133.459549][ T6248]  loop6: unable to read partition table
[  133.492958][ T6248] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  133.530191][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.79'.
[  133.582067][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  133.916973][   T10] usb 4-1: Using ep0 maxpacket: 16
[  133.941436][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.107475][ T6273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.80'.
[  134.459867][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.473558][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  134.486759][   T10] usb 4-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  134.812338][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.051070][   T10] usb 4-1: config 0 descriptor??
[  135.715576][   T10] hid-multitouch 0003:0457:07DA.0001: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.3-1/input0
[  136.716783][   T10] usb 4-1: USB disconnect, device number 3
[  136.958290][ T6298] loop9: detected capacity change from 0 to 7
[  137.227693][ T5947] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  137.238257][ T6299] fido_id[6299]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  137.406961][ T5947] usb 5-1: Using ep0 maxpacket: 16
[  137.421896][ T5947] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  137.514820][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.568196][ T5947] usb 5-1: Product: syz
[  137.572453][ T5947] usb 5-1: Manufacturer: syz
[  137.612741][ T5947] usb 5-1: SerialNumber: syz
[  137.749230][ T5947] usb 5-1: config 0 descriptor??
[  137.774961][ T5947] ums-onetouch 5-1:0.0: USB Mass Storage device detected
[  138.722598][ T6319] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.89'.
[  139.339335][ T5947] usb 5-1: USB disconnect, device number 2
[  139.460819][ T6325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.91'.
[  139.508040][ T6325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.91'.
[  141.133497][ T6347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.97'.
[  141.516451][ T5894] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  141.816240][ T5894] usb 5-1: not running at top speed; connect to a high speed hub
[  141.838477][ T5894] usb 5-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  141.907474][ T5894] usb 5-1: config 1 interface 0 has no altsetting 0
[  141.940947][ T5894] usb 5-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.40
[  141.978976][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3
[  142.184853][ T5894] usb 5-1: Product: syz
[  142.199282][ T6368] netlink: 12 bytes leftover after parsing attributes in process `syz.0.101'.
[  142.621486][ T5894] usb 5-1: Manufacturer: syz
[  142.625204][ T6367] netlink: 780 bytes leftover after parsing attributes in process `syz.2.102'.
[  142.626229][ T5894] usb 5-1: SerialNumber: syz
[  142.671887][ T6338] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  142.794714][ T6364] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.100'.
[  142.943408][ T6338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.944046][ T6338] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.024547][ T5894] usbhid 5-1:1.0: can't add hid device: -71
[  143.024637][ T5894] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  143.032734][ T5894] usb 5-1: USB disconnect, device number 3
[  143.249599][ T6380] FAULT_INJECTION: forcing a failure.
[  143.249599][ T6380] name failslab, interval 1, probability 0, space 0, times 1
[  143.249633][ T6380] CPU: 0 UID: 0 PID: 6380 Comm: syz.1.106 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  143.249666][ T6380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  143.249678][ T6380] Call Trace:
[  143.249686][ T6380]  <TASK>
[  143.249695][ T6380]  dump_stack_lvl+0x189/0x250
[  143.249721][ T6380]  ? __pfx____ratelimit+0x10/0x10
[  143.249760][ T6380]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.249787][ T6380]  ? __pfx__printk+0x10/0x10
[  143.249824][ T6380]  ? __pfx___might_resched+0x10/0x10
[  143.249845][ T6380]  ? fs_reclaim_acquire+0x7d/0x100
[  143.249874][ T6380]  should_fail_ex+0x414/0x560
[  143.249900][ T6380]  should_failslab+0xa8/0x100
[  143.249924][ T6380]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  143.249945][ T6380]  ? __alloc_skb+0x112/0x2d0
[  143.249976][ T6380]  __alloc_skb+0x112/0x2d0
[  143.250007][ T6380]  netlink_ack+0x146/0xa50
[  143.250049][ T6380]  netlink_rcv_skb+0x28c/0x470
[  143.250077][ T6380]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  143.250102][ T6380]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  143.250141][ T6380]  ? bpf_lsm_capable+0x9/0x20
[  143.250163][ T6380]  ? security_capable+0x7e/0x2e0
[  143.250195][ T6380]  nfnetlink_rcv+0x26a/0x2520
[  143.250220][ T6380]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  143.250244][ T6380]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  143.250268][ T6380]  ? __dev_queue_xmit+0x27e/0x3a70
[  143.250287][ T6380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.250320][ T6380]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  143.250342][ T6380]  ? __pfx___dev_queue_xmit+0x10/0x10
[  143.250379][ T6380]  ? ref_tracker_free+0x63a/0x7d0
[  143.250399][ T6380]  ? __copy_skb_header+0xa7/0x550
[  143.250418][ T6380]  ? __pfx_ref_tracker_free+0x10/0x10
[  143.250439][ T6380]  ? __skb_clone+0x63/0x7a0
[  143.250462][ T6380]  ? __skb_clone+0x483/0x7a0
[  143.250489][ T6380]  ? skb_clone+0x246/0x3a0
[  143.250513][ T6380]  ? __netlink_deliver_tap+0x807/0x850
[  143.250540][ T6380]  ? netlink_deliver_tap+0x2e/0x1b0
[  143.250574][ T6380]  ? netlink_deliver_tap+0x2e/0x1b0
[  143.250601][ T6380]  ? netlink_deliver_tap+0x2e/0x1b0
[  143.250635][ T6380]  netlink_unicast+0x75c/0x8e0
[  143.250681][ T6380]  netlink_sendmsg+0x805/0xb30
[  143.250720][ T6380]  ? __pfx_netlink_sendmsg+0x10/0x10
[  143.250756][ T6380]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  143.250776][ T6380]  ? __pfx_netlink_sendmsg+0x10/0x10
[  143.250805][ T6380]  __sock_sendmsg+0x21c/0x270
[  143.250832][ T6380]  ____sys_sendmsg+0x505/0x830
[  143.250869][ T6380]  ? __pfx_____sys_sendmsg+0x10/0x10
[  143.250908][ T6380]  ? import_iovec+0x74/0xa0
[  143.250941][ T6380]  ___sys_sendmsg+0x21f/0x2a0
[  143.250973][ T6380]  ? __pfx____sys_sendmsg+0x10/0x10
[  143.251043][ T6380]  ? __fget_files+0x2a/0x420
[  143.251064][ T6380]  ? __fget_files+0x3a0/0x420
[  143.251098][ T6380]  __x64_sys_sendmsg+0x19b/0x260
[  143.251131][ T6380]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  143.251171][ T6380]  ? __pfx_ksys_write+0x10/0x10
[  143.251188][ T6380]  ? rcu_is_watching+0x15/0xb0
[  143.251214][ T6380]  ? do_syscall_64+0xbe/0x3b0
[  143.251241][ T6380]  do_syscall_64+0xfa/0x3b0
[  143.251261][ T6380]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.251282][ T6380]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.251300][ T6380]  ? clear_bhb_loop+0x60/0xb0
[  143.251324][ T6380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.251342][ T6380] RIP: 0033:0x7ff9da98ebe9
[  143.251358][ T6380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.251399][ T6380] RSP: 002b:00007ff9db847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.251420][ T6380] RAX: ffffffffffffffda RBX: 00007ff9dabb5fa0 RCX: 00007ff9da98ebe9
[  143.251434][ T6380] RDX: 00000000240008c4 RSI: 0000200000000000 RDI: 0000000000000007
[  143.251447][ T6380] RBP: 00007ff9db847090 R08: 0000000000000000 R09: 0000000000000000
[  143.251459][ T6380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.251469][ T6380] R13: 00007ff9dabb6038 R14: 00007ff9dabb5fa0 R15: 00007ffed7fe45f8
[  143.251502][ T6380]  </TASK>
[  143.334869][ T6384] FAULT_INJECTION: forcing a failure.
[  143.334869][ T6384] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  143.334906][ T6384] CPU: 0 UID: 0 PID: 6384 Comm: syz.0.107 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  143.334929][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  143.334940][ T6384] Call Trace:
[  143.334948][ T6384]  <TASK>
[  143.334957][ T6384]  dump_stack_lvl+0x189/0x250
[  143.334985][ T6384]  ? __pfx____ratelimit+0x10/0x10
[  143.335007][ T6384]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.335030][ T6384]  ? __pfx__printk+0x10/0x10
[  143.335057][ T6384]  ? fs_reclaim_acquire+0x7d/0x100
[  143.335090][ T6384]  should_fail_ex+0x414/0x560
[  143.335117][ T6384]  prepare_alloc_pages+0x213/0x610
[  143.335150][ T6384]  __alloc_frozen_pages_noprof+0x123/0x370
[  143.335181][ T6384]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  143.335204][ T6384]  ? do_kimage_alloc_init+0x4e/0x2a0
[  143.335245][ T6384]  ? policy_nodemask+0x27c/0x720
[  143.335272][ T6384]  alloc_pages_mpol+0x232/0x4a0
[  143.335300][ T6384]  alloc_pages_noprof+0xa9/0x190
[  143.335323][ T6384]  kimage_alloc_pages+0xbd/0x3b0
[  143.335349][ T6384]  kimage_alloc_control_pages+0x4d0/0xba0
[  143.335392][ T6384]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[  143.335432][ T6384]  do_kexec_load+0x484/0x820
[  143.335457][ T6384]  ? __pfx_do_kexec_load+0x10/0x10
[  143.335481][ T6384]  ? _copy_from_user+0x94/0xb0
[  143.335511][ T6384]  __se_sys_kexec_load+0x134/0x160
[  143.335535][ T6384]  do_syscall_64+0xfa/0x3b0
[  143.335555][ T6384]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.335576][ T6384]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.335595][ T6384]  ? clear_bhb_loop+0x60/0xb0
[  143.335620][ T6384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.335639][ T6384] RIP: 0033:0x7f313118ebe9
[  143.335667][ T6384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.335683][ T6384] RSP: 002b:00007f3132094038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  143.335704][ T6384] RAX: ffffffffffffffda RBX: 00007f31313b6090 RCX: 00007f313118ebe9
[  143.335717][ T6384] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  143.335728][ T6384] RBP: 00007f3132094090 R08: 0000000000000000 R09: 0000000000000000
[  143.335740][ T6384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.335750][ T6384] R13: 00007f31313b6128 R14: 00007f31313b6090 R15: 00007fff653a7348
[  143.335782][ T6384]  </TASK>
[  143.335791][ T6384] kexec: Could not allocate control_code_buffer
[  143.504388][ T6389] xt_TPROXY: Can be used only with -p tcp or -p udp
[  143.738892][ T6391] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  143.966955][ T6397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.112'.
[  144.241118][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  144.466863][   T10] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  144.466897][   T10] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  144.466918][   T10] usb 4-1: config 220 has no interface number 2
[  144.466990][   T10] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  144.467018][   T10] usb 4-1: config 220 interface 0 has no altsetting 0
[  144.467038][   T10] usb 4-1: config 220 interface 76 has no altsetting 0
[  144.467057][   T10] usb 4-1: config 220 interface 1 has no altsetting 0
[  144.472369][   T10] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  144.969195][ T6406] netlink: 'syz.0.113': attribute type 4 has an invalid length.
[  145.171653][ T6397] tty tty1: ldisc open failed (-12), clearing slot 0
[  145.716143][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.726309][   T10] usb 4-1: Product: syz
[  145.735808][   T10] usb 4-1: Manufacturer: syz
[  145.740629][   T10] usb 4-1: SerialNumber: syz
[  145.757173][ T6406] netlink: 'syz.0.113': attribute type 4 has an invalid length.
[  145.856582][ T6413] xt_TPROXY: Can be used only with -p tcp or -p udp
[  146.471546][   T10] usb 4-1: selecting invalid altsetting 0
[  146.495626][   T10] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  146.524440][   T10] usb 4-1: No valid video chain found.
[  146.549586][ T6418] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.116'.
[  146.559607][ T6418] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  146.568168][ T6417] btrfs: Unknown parameter 'd��*iscard'
[  146.640305][   T10] usb 4-1: selecting invalid altsetting 0
[  146.660349][   T10] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  147.700104][   T10] usb 4-1: USB disconnect, device number 4
[  148.336971][ T5894] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  149.149612][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  149.160843][ T5894] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  149.174641][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  149.195911][ T5894] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  149.254902][ T5894] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  149.276802][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.299216][ T5894] usb 5-1: Product: syz
[  149.303478][ T5894] usb 5-1: Manufacturer: syz
[  149.319053][ T6434] xt_TPROXY: Can be used only with -p tcp or -p udp
[  149.356930][ T5894] usb 5-1: SerialNumber: syz
[  149.388160][ T5894] usb 5-1: config 0 descriptor??
[  149.416312][ T5894] ums-isd200 5-1:0.0: USB Mass Storage device detected
[  150.361389][ T6436] warning: `syz.1.122' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  150.490152][ T5894] scsi host1: usb-storage 5-1:0.0
[  150.551951][ T6450] xt_TPROXY: Can be used only with -p tcp or -p udp
[  150.734982][ T5894] usb 5-1: USB disconnect, device number 4
[  151.347450][ T6455] netlink: 12 bytes leftover after parsing attributes in process `syz.0.126'.
[  152.059550][   T30] audit: type=1326 audit(1755767741.061:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.100770][ T6465] netlink: 'syz.4.129': attribute type 4 has an invalid length.
[  152.174662][   T30] audit: type=1326 audit(1755767741.061:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.215866][ T6465] netlink: 'syz.4.129': attribute type 4 has an invalid length.
[  152.232119][   T30] audit: type=1326 audit(1755767741.061:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.291637][   T30] audit: type=1326 audit(1755767741.061:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.322943][   T30] audit: type=1326 audit(1755767741.071:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.402307][   T30] audit: type=1326 audit(1755767741.101:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.423677][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.434379][   T30] audit: type=1326 audit(1755767741.101:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.463649][   T30] audit: type=1326 audit(1755767741.101:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  152.932731][   T30] audit: type=1326 audit(1755767741.101:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  153.169653][   T30] audit: type=1326 audit(1755767741.131:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6461 comm="syz.3.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0d4f78ebe9 code=0x7ffc0000
[  154.701124][ T6476] mmap: syz.3.131 (6476): VmData 37728256 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  156.319518][ T6496] netlink: 24 bytes leftover after parsing attributes in process `syz.4.135'.
[  156.586931][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  156.935618][ T6499] xt_bpf: check failed: parse error
[  156.995019][ T6499] overlayfs: overlapping lowerdir path
[  158.334980][ T6507] netlink: 28 bytes leftover after parsing attributes in process `syz.4.139'.
[  159.593209][ T6010] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.327841][ T6519] process 'syz.4.145' launched './file1' with NULL argv: empty string added
[  160.980647][ T6010] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.916602][ T6010] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.242946][ T6010] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.246163][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  163.264861][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  163.281074][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  163.289484][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  163.302582][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  163.387242][ T1206] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  163.552679][ T1206] usb 4-1: Using ep0 maxpacket: 16
[  163.586156][ T1206] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  163.619566][ T1206] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.641210][ T1206] usb 4-1: Product: syz
[  163.645467][ T1206] usb 4-1: Manufacturer: syz
[  163.691607][ T1206] usb 4-1: SerialNumber: syz
[  163.819333][ T1206] r8152-cfgselector 4-1: Unknown version 0x0000
[  163.885591][ T1206] r8152-cfgselector 4-1: config 0 descriptor??
[  164.658796][ T6010] bridge_slave_1: left allmulticast mode
[  164.671998][ T6010] bridge_slave_1: left promiscuous mode
[  164.691425][ T6010] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.074097][ T6010] bridge_slave_0: left allmulticast mode
[  165.178644][ T6010] bridge_slave_0: left promiscuous mode
[  165.304741][ T6010] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.397165][   T51] Bluetooth: hci4: command tx timeout
[  166.393291][   T10] r8152-cfgselector 4-1: USB disconnect, device number 5
[  166.814343][ T6562] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  167.468489][   T51] Bluetooth: hci4: command tx timeout
[  167.872286][ T6010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  167.903693][ T6010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  167.914483][ T6010] bond0 (unregistering): Released all slaves
[  167.958493][ T5894] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  168.022157][ T6572] syzkaller0: entered promiscuous mode
[  168.034738][ T6572] syzkaller0: entered allmulticast mode
[  168.123495][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  168.177913][ T5894] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  168.243390][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  168.292826][ T5894] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  168.311777][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.320376][ T5894] usb 2-1: Product: syz
[  168.324660][ T5894] usb 2-1: Manufacturer: syz
[  168.332681][ T5894] usb 2-1: SerialNumber: syz
[  168.372022][ T5894] usb 2-1: config 0 descriptor??
[  168.404990][ T6566] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  168.420373][ T6566] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  168.483213][ T5894] usb 2-1: ucan: probing device on interface #0
[  168.978081][ T6538] chnl_net:caif_netlink_parms(): no params data found
[  169.104010][ T5894] usb 2-1: ucan: device reported invalid device info
[  169.138264][ T5894] usb 2-1: ucan: probe failed; try to update the device firmware
[  169.549791][   T51] Bluetooth: hci4: command tx timeout
[  170.020150][ T6010] hsr_slave_0: left promiscuous mode
[  170.029730][ T6010] hsr_slave_1: left promiscuous mode
[  170.047269][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  170.054904][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_0
[  170.129569][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.156796][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.269319][ T6604] xt_TPROXY: Can be used only with -p tcp or -p udp
[  170.412786][ T6010] veth1_macvtap: left promiscuous mode
[  170.472214][ T6010] veth0_macvtap: left promiscuous mode
[  170.508700][ T6010] veth1_vlan: left promiscuous mode
[  170.547749][ T6010] veth0_vlan: left promiscuous mode
[  170.928105][ T1206] usb 2-1: USB disconnect, device number 3
[  171.118372][ T6611] netlink: 15 bytes leftover after parsing attributes in process `syz.0.165'.
[  171.627862][   T51] Bluetooth: hci4: command tx timeout
[  171.783302][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  171.793502][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  171.802831][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  171.811526][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  171.820246][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  171.840602][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.894455][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.919675][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.937315][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.958140][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.965710][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  171.984630][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.012256][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.059558][ T6621] FAULT_INJECTION: forcing a failure.
[  172.059558][ T6621] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  172.075594][ T6621] CPU: 0 UID: 0 PID: 6621 Comm: syz.0.167 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  172.075616][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  172.075625][ T6621] Call Trace:
[  172.075631][ T6621]  <TASK>
[  172.075638][ T6621]  dump_stack_lvl+0x189/0x250
[  172.075661][ T6621]  ? __pfx____ratelimit+0x10/0x10
[  172.075679][ T6621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.075696][ T6621]  ? __pfx__printk+0x10/0x10
[  172.075714][ T6621]  ? lock_acquire+0x175/0x360
[  172.075741][ T6621]  should_fail_ex+0x414/0x560
[  172.075762][ T6621]  _copy_from_user+0x2d/0xb0
[  172.075784][ T6621]  ___sys_sendmsg+0x158/0x2a0
[  172.075810][ T6621]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.075865][ T6621]  ? __fget_files+0x2a/0x420
[  172.075882][ T6621]  ? __fget_files+0x3a0/0x420
[  172.075908][ T6621]  __x64_sys_sendmsg+0x19b/0x260
[  172.075933][ T6621]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  172.075964][ T6621]  ? __pfx_ksys_write+0x10/0x10
[  172.075977][ T6621]  ? rcu_is_watching+0x15/0xb0
[  172.075999][ T6621]  ? do_syscall_64+0xbe/0x3b0
[  172.076019][ T6621]  do_syscall_64+0xfa/0x3b0
[  172.076036][ T6621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.076051][ T6621]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  172.076065][ T6621]  ? clear_bhb_loop+0x60/0xb0
[  172.076084][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.076111][ T6621] RIP: 0033:0x7f313118ebe9
[  172.076125][ T6621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.076138][ T6621] RSP: 002b:00007f3132073038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  172.076155][ T6621] RAX: ffffffffffffffda RBX: 00007f31313b6180 RCX: 00007f313118ebe9
[  172.076166][ T6621] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000008
[  172.076176][ T6621] RBP: 00007f3132073090 R08: 0000000000000000 R09: 0000000000000000
[  172.076185][ T6621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.076194][ T6621] R13: 00007f31313b6218 R14: 00007f31313b6180 R15: 00007fff653a7348
[  172.076219][ T6621]  </TASK>
[  172.715097][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.723483][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.731474][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.739656][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.750847][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.758744][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.766311][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.774487][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.782476][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.790446][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.834954][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.855941][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.890835][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.899716][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.912825][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.922396][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.930525][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.938566][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.946119][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.954187][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.961748][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.970483][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  172.978936][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.009789][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.017866][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.155409][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.184779][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.199319][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.241630][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.278728][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.311979][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.355162][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.392351][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.429309][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.455099][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.491710][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.533437][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.570674][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.608371][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.646542][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.674948][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.686552][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.698990][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.706841][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.719978][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.734973][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.742840][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.758352][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.765824][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.779266][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.792506][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.836942][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.845399][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.865134][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.886810][ T5156] Bluetooth: hci3: command tx timeout
[  173.898169][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.905674][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.913558][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.922399][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.933433][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.941982][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.950506][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.958109][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.965657][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.973512][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.981225][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.989157][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  173.996667][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.007322][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.015098][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.022788][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.034377][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.042305][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.049902][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.057688][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.065357][ T5947] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  174.080510][ T5947] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  174.505451][ T6631] fido_id[6631]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  174.634490][ T6633] usb usb9: usbfs: process 6633 (syz.1.171) did not claim interface 0 before use
[  174.681017][ T6010] team0 (unregistering): Port device team_slave_1 removed
[  174.731782][ T6010] team0 (unregistering): Port device team_slave_0 removed
[  175.345383][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.379571][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.388750][ T6538] bridge_slave_0: entered allmulticast mode
[  175.402302][ T6538] bridge_slave_0: entered promiscuous mode
[  175.459982][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.604112][ T6641] xt_bpf: check failed: parse error
[  175.670548][ T6641] overlayfs: overlapping lowerdir path
[  175.947280][ T5156] Bluetooth: hci3: command tx timeout
[  176.511797][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.540526][ T6538] bridge_slave_1: entered allmulticast mode
[  176.548183][ T6538] bridge_slave_1: entered promiscuous mode
[  176.670449][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.174'.
[  176.835315][ T6538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.858721][ T6538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.112874][ T6538] team0: Port device team_slave_0 added
[  177.144116][ T6538] team0: Port device team_slave_1 added
[  177.933490][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.943793][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.039071][ T5156] Bluetooth: hci3: command tx timeout
[  178.498623][ T6538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.512878][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.519978][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.566216][ T6538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  179.072619][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  179.082156][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  179.092417][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  179.103681][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  179.130838][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  179.645428][ T6538] hsr_slave_0: entered promiscuous mode
[  179.794053][ T6538] hsr_slave_1: entered promiscuous mode
[  179.928159][ T6538] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  180.023110][ T6538] Cannot create hsr debugfs directory
[  180.283250][ T5156] Bluetooth: hci3: command tx timeout
[  180.923155][ T6010] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.083429][ T6616] chnl_net:caif_netlink_parms(): no params data found
[  181.788699][ T6010] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.806858][ T5156] Bluetooth: hci2: command tx timeout
[  183.025762][ T6010] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.302773][ T6010] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.866844][ T5156] Bluetooth: hci2: command tx timeout
[  184.373970][ T6670] chnl_net:caif_netlink_parms(): no params data found
[  184.450080][ T6616] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.463050][ T6616] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.494713][ T6616] bridge_slave_0: entered allmulticast mode
[  184.537471][ T6616] bridge_slave_0: entered promiscuous mode
[  184.892288][ T6616] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.907032][ T6616] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.914337][ T6616] bridge_slave_1: entered allmulticast mode
[  184.945231][ T6616] bridge_slave_1: entered promiscuous mode
[  185.921631][ T6616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.968352][ T6616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.983800][ T5156] Bluetooth: hci2: command tx timeout
[  187.004994][ T6748] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.190' sets config #-1
[  187.575733][ T6616] team0: Port device team_slave_0 added
[  187.639666][ T6616] team0: Port device team_slave_1 added
[  187.689966][ T6670] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.707194][ T6670] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.715120][ T6670] bridge_slave_0: entered allmulticast mode
[  187.725033][ T6670] bridge_slave_0: entered promiscuous mode
[  187.738476][ T6670] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.746563][ T6670] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.755698][ T6670] bridge_slave_1: entered allmulticast mode
[  187.765449][ T6670] bridge_slave_1: entered promiscuous mode
[  187.914313][ T6010] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.034348][ T5156] Bluetooth: hci2: command tx timeout
[  189.320519][ T6010] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.372402][ T6670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.444591][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.465295][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.556872][ T6616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.689246][ T6010] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.732210][ T6670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.750838][ T6616] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.762447][ T6616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.820741][ T6616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.102853][ T6768] xt_bpf: check failed: parse error
[  190.156340][ T6768] overlayfs: failed to resolve './file1/file0': -2
[  191.229848][ T6010] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.423588][ T6538] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  191.570648][ T6538] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  192.481378][ T6670] team0: Port device team_slave_0 added
[  192.493794][ T6670] team0: Port device team_slave_1 added
[  192.557759][ T6538] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  192.659710][ T6781] input: syz1 as /devices/virtual/input/input5
[  192.847916][ T6616] hsr_slave_0: entered promiscuous mode
[  192.855139][ T6616] hsr_slave_1: entered promiscuous mode
[  192.872683][ T6616] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  192.893468][ T6616] Cannot create hsr debugfs directory
[  192.910449][ T6538] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  193.007583][ T6670] batman_adv: batadv0: Adding interface: batadv_slave_0
[  193.015802][ T6670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.043421][ T6670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  193.044713][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  193.227305][   T24] usb 2-1: Using ep0 maxpacket: 32
[  193.255047][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 255, changing to 11
[  193.305965][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 59391, setting to 1024
[  193.379327][   T24] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  193.414377][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.456479][   T24] usb 2-1: Product: syz
[  193.499522][   T24] usb 2-1: Manufacturer: syz
[  193.504415][   T24] usb 2-1: SerialNumber: syz
[  193.628624][   T24] usb 2-1: config 0 descriptor??
[  193.634898][ T6670] batman_adv: batadv0: Adding interface: batadv_slave_1
[  193.642545][ T6783] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  193.668441][ T6670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.726389][   T24] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  193.743764][ T6670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  193.910061][ T6796] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.199' sets config #-1
[  194.368619][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.375209][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.749323][   T49] usb 2-1: Failed to submit usb control message: -110
[  194.749571][ T6670] hsr_slave_0: entered promiscuous mode
[  194.765676][   T49] usb 2-1: unable to send the bmi data to the device: -110
[  194.766623][ T6670] hsr_slave_1: entered promiscuous mode
[  194.780641][   T49] usb 2-1: unable to get target info from device
[  194.781646][ T6670] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  194.789559][   T49] usb 2-1: could not get target info (-110)
[  194.795525][ T6670] Cannot create hsr debugfs directory
[  194.805356][   T49] usb 2-1: could not probe fw (-110)
[  195.588974][ T5947] usb 2-1: USB disconnect, device number 4
[  195.590139][ T6010] bridge_slave_1: left promiscuous mode
[  195.602263][ T6010] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.643259][ T6010] bridge_slave_0: left allmulticast mode
[  195.658175][ T6010] bridge_slave_0: left promiscuous mode
[  195.666147][ T6010] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.725562][ T6010] bridge_slave_1: left allmulticast mode
[  195.732314][ T6010] bridge_slave_1: left promiscuous mode
[  195.740557][ T6010] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.854544][ T6010] bridge_slave_0: left allmulticast mode
[  195.865427][ T6010] bridge_slave_0: left promiscuous mode
[  195.884458][ T6010] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.971162][ T6809] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.201' sets config #-1
[  198.246011][ T6010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  198.259540][ T6010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  198.280416][ T6010] bond0 (unregistering): Released all slaves
[  199.335004][ T6010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  199.384123][ T6010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  199.396650][ T6010] bond0 (unregistering): Released all slaves
[  200.103552][ T6010] tipc: Left network mode
[  202.185343][ T5926] hid-generic 0005:16C0:5505.0003: item fetching failed at offset 0/1
[  202.202595][ T5926] hid-generic 0005:16C0:5505.0003: probe with driver hid-generic failed with error -22
[  202.729404][ T6850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.210'.
[  202.900609][ T6538] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.881431][ T6538] 8021q: adding VLAN 0 to HW filter on device team0
[  204.013354][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.020630][ T5989] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.075122][ T6010] hsr_slave_0: left promiscuous mode
[  204.084663][ T6882] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.213' sets config #-1
[  204.097750][ T6010] hsr_slave_1: left promiscuous mode
[  204.104092][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.115590][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.305811][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.316811][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.639166][ T6010] hsr_slave_0: left promiscuous mode
[  204.645253][ T6010] hsr_slave_1: left promiscuous mode
[  204.653470][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.665857][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.681469][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.689311][ T6010] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.719968][ T6010] veth1_macvtap: left promiscuous mode
[  204.725772][ T6010] veth0_macvtap: left promiscuous mode
[  204.732542][ T6010] veth1_vlan: left promiscuous mode
[  204.738327][ T6010] veth0_vlan: left promiscuous mode
[  204.746442][ T6010] veth1_macvtap: left promiscuous mode
[  204.753106][ T6010] veth0_macvtap: left promiscuous mode
[  204.759016][ T6010] veth1_vlan: left promiscuous mode
[  204.764767][ T6010] veth0_vlan: left promiscuous mode
[  204.870025][ T6890] netlink: 'syz.1.215': attribute type 1 has an invalid length.
[  205.400466][ T6010] team0 (unregistering): Port device team_slave_1 removed
[  205.444836][ T6010] team0 (unregistering): Port device team_slave_0 removed
[  206.246063][ T6010] team0 (unregistering): Port device team_slave_1 removed
[  206.289582][ T6010] team0 (unregistering): Port device team_slave_0 removed
[  206.743167][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.750508][ T5989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.819194][ T6890] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  206.821377][ T6891] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  209.108910][ T6913] xt_TPROXY: Can be used only with -p tcp or -p udp
[  209.205133][ T6670] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  209.624155][ T6670] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  209.740608][ T6670] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  210.233167][ T6925] netlink: 28 bytes leftover after parsing attributes in process `syz.0.220'.
[  210.998750][ T6926] xt_TPROXY: Can be used only with -p tcp or -p udp
[  211.024812][ T6670] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  211.806919][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  212.545772][ T6940] xt_TPROXY: Can be used only with -p tcp or -p udp
[  212.659300][ T6538] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.703729][ T6616] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  213.121211][ T6616] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  213.215699][ T6616] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  213.322744][ T6616] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  214.149020][ T6538] veth0_vlan: entered promiscuous mode
[  214.234108][ T6538] veth1_vlan: entered promiscuous mode
[  214.755259][ T6538] veth0_macvtap: entered promiscuous mode
[  214.851036][ T6538] veth1_macvtap: entered promiscuous mode
[  214.894060][ T6670] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.086362][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.125392][ T6670] 8021q: adding VLAN 0 to HW filter on device team0
[  215.156180][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.316853][ T6616] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.389117][ T6538] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.327548][ T6538] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.336447][ T6538] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.352352][ T6538] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.496244][ T6010] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.503722][ T6010] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.564120][ T6010] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.571698][ T6010] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.630188][ T6616] 8021q: adding VLAN 0 to HW filter on device team0
[  216.789170][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.796419][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.420416][ T6038] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.427660][ T6038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.667000][ T6670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  217.697134][ T6038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.745225][ T6038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.783959][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.796064][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.243051][ T7012] xt_TPROXY: Can be used only with -p tcp or -p udp
[  220.196168][ T6670] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.282618][ T7030] netlink: 'syz.2.231': attribute type 10 has an invalid length.
[  220.419581][ T7030] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  220.742808][ T6616] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.870982][ T6670] veth0_vlan: entered promiscuous mode
[  220.947129][ T6670] veth1_vlan: entered promiscuous mode
[  221.105070][ T6670] veth0_macvtap: entered promiscuous mode
[  221.140621][ T6670] veth1_macvtap: entered promiscuous mode
[  221.146926][ T5894] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  221.191415][ T6670] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.243241][ T6670] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.291283][ T6670] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.326806][ T6670] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.346965][ T5894] usb 2-1: Using ep0 maxpacket: 8
[  221.362437][ T6670] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.368864][ T5894] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.388959][ T6670] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.392775][ T7049] xt_TPROXY: Can be used only with -p tcp or -p udp
[  221.421868][ T5894] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 10
[  221.445992][ T5894] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  221.492710][ T5894] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  221.512965][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.574453][ T5894] usb 2-1: Product: syz
[  221.586785][ T5894] usb 2-1: Manufacturer: syz
[  221.591684][ T5894] usb 2-1: SerialNumber: syz
[  221.674531][ T5894] usb 2-1: config 0 descriptor??
[  221.709231][ T5894] cdc_ncm 2-1:0.0: CDC Union missing and no IAD found
[  221.743768][ T5894] cdc_ncm 2-1:0.0: bind() failure
[  221.749028][ T6010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.749051][ T6010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.928633][ T5894] usb 2-1: USB disconnect, device number 5
[  222.011019][ T6038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.032006][ T6038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.065208][ T6616] veth0_vlan: entered promiscuous mode
[  222.130591][ T6616] veth1_vlan: entered promiscuous mode
[  222.268046][ T6616] veth0_macvtap: entered promiscuous mode
[  222.305169][ T6616] veth1_macvtap: entered promiscuous mode
[  222.381872][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.429932][ T6616] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.010258][ T6616] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.067727][ T6616] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.076520][ T6616] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.126956][ T6616] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.570670][ T3003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.634472][ T3003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.796879][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.814790][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.921025][ T7089] lo: entered allmulticast mode
[  226.985482][ T7089] netlink: 'syz.3.240': attribute type 1 has an invalid length.
[  227.025237][ T7089] netlink: 'syz.3.240': attribute type 1 has an invalid length.
[  227.033353][ T7089] netlink: 216 bytes leftover after parsing attributes in process `syz.3.240'.
[  227.116825][ T5901] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  227.307431][ T5901] usb 1-1: Using ep0 maxpacket: 16
[  227.348071][ T5901] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.389354][ T5901] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.429100][ T7112] netlink: 'syz.4.161': attribute type 4 has an invalid length.
[  227.445919][ T5901] usb 1-1: config 0 interface 0 has no altsetting 0
[  227.485666][ T5901] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  227.499872][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.524419][ T7112] netlink: 'syz.4.161': attribute type 4 has an invalid length.
[  227.531258][ T5901] usb 1-1: config 0 descriptor??
[  227.667834][ T7120] xt_TPROXY: Can be used only with -p tcp or -p udp
[  228.010529][ T5901] usbhid 1-1:0.0: can't add hid device: -71
[  228.062826][ T5901] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  228.151073][ T5901] usb 1-1: USB disconnect, device number 6
[  229.726798][ T1206] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  230.029095][ T1206] usb 4-1: config index 0 descriptor too short (expected 32786, got 18)
[  230.551116][ T1206] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  230.612569][ T1206] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=0
[  230.775913][ T1206] usb 4-1: Manufacturer: syz
[  230.914011][ T1206] usb 4-1: config 0 descriptor??
[  231.374799][ T1206] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  231.388143][ T1206] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  231.540732][ T7170] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.256' sets config #-1
[  233.191287][ T7186] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.258' sets config #-1
[  233.267752][ T7190] netlink: 'syz.0.259': attribute type 4 has an invalid length.
[  233.279339][ T7190] netlink: 'syz.0.259': attribute type 4 has an invalid length.
[  233.954241][ T7195] xt_bpf: check failed: parse error
[  233.973221][ T7195] overlayfs: failed to resolve './file1/file0': -2
[  235.037795][   T24] usb 4-1: USB disconnect, device number 6
[  235.045910][   T24] ftdi_sio 4-1:0.0: device disconnected
[  235.475093][ T7215] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.265' sets config #-1
[  235.788362][ T5901] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  236.256810][ T5901] usb 3-1: Using ep0 maxpacket: 32
[  236.272738][ T5901] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  236.310672][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.370875][ T5901] usb 3-1: config 0 descriptor??
[  236.423976][ T5901] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  236.725088][ T7231] xt_TPROXY: Can be used only with -p tcp or -p udp
[  237.010740][ T7236] xt_bpf: check failed: parse error
[  237.052413][ T7236] overlayfs: failed to resolve './file1/file0': -2
[  238.055539][ T7246] netlink: 'syz.1.274': attribute type 4 has an invalid length.
[  238.156211][ T7246] netlink: 'syz.1.274': attribute type 4 has an invalid length.
[  238.377116][ T5901] gspca_vc032x: reg_w err -71
[  238.382030][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.388911][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.394433][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.428247][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.433743][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.480760][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.504926][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.517725][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.523098][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.529174][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.534514][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.552725][ T7255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.277'.
[  238.562163][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.568491][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.574285][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.580878][ T7255] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  238.589456][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.682803][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  238.688844][ T7255] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  238.699645][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  239.557827][ T5901] gspca_vc032x: I2c Bus Busy Wait 00
[  239.567599][ T5901] gspca_vc032x: Unknown sensor...
[  239.572794][ T5901] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  239.587321][ T5901] usb 3-1: USB disconnect, device number 2
[  239.752894][ T7265] bridge_slave_0: left allmulticast mode
[  239.813907][ T7265] bridge_slave_0: left promiscuous mode
[  239.826886][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  239.848778][ T7265] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.912986][ T7265] bridge_slave_1: left allmulticast mode
[  239.936634][ T7265] bridge_slave_1: left promiscuous mode
[  239.957147][ T7265] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.983821][ T7265] bond0: (slave bond_slave_0): Releasing backup interface
[  240.000980][   T24] usb 4-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[  240.010808][ T7265] bond0: (slave bond_slave_1): Releasing backup interface
[  240.035373][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.114021][   T24] usb 4-1: config 0 descriptor??
[  240.122783][ T7265] team0: Port device team_slave_0 removed
[  240.212154][ T7265] team0: Port device team_slave_1 removed
[  240.237594][ T7265] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.277328][ T7265] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.308555][ T7265] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.322524][ T7265] batman_adv: batadv0: Removing interface: batadv_slave_1
[  240.375960][ T7265] bond0: (slave netdevsim0): Releasing backup interface
[  240.401985][ T7276] xt_TPROXY: Can be used only with -p tcp or -p udp
[  240.465179][ T7265] syz.2.279 (7265) used greatest stack depth: 19464 bytes left
[  240.510375][ T5901] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  240.588911][   T24] waltop 0003:172F:0032.0004: item fetching failed at offset 3/5
[  240.639059][   T24] waltop 0003:172F:0032.0004: probe with driver waltop failed with error -22
[  240.725461][ T5901] usb 2-1: Using ep0 maxpacket: 16
[  240.750415][ T5901] usb 2-1: config 0 has an invalid interface number: 210 but max is 0
[  240.770686][ T5901] usb 2-1: config 0 has no interface number 0
[  240.797938][ T5901] usb 2-1: New USB device found, idVendor=0572, idProduct=1328, bcdDevice=a5.4f
[  240.818041][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.837097][ T5901] usb 2-1: Product: syz
[  240.841525][ T5901] usb 2-1: Manufacturer: syz
[  240.846262][ T5901] usb 2-1: SerialNumber: syz
[  240.855254][ T5901] usb 2-1: config 0 descriptor??
[  241.070007][ T7274] netlink: 'syz.1.281': attribute type 1 has an invalid length.
[  241.161315][ T7274] 8021q: adding VLAN 0 to HW filter on device bond1
[  241.208365][ T7284] bond1: (slave ip6erspan0): making interface the new active one
[  241.223523][ T7284] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  241.239929][ T5901] usb 2-1: USB disconnect, device number 6
[  242.252547][   T24] usb 4-1: USB disconnect, device number 7
[  242.383403][ T7292] xt_bpf: check failed: parse error
[  242.396441][ T7292] overlayfs: failed to resolve './file1/file0': -2
[  243.415684][ T7295] xt_TPROXY: Can be used only with -p tcp or -p udp
[  244.577557][ T7305] xt_TPROXY: Can be used only with -p tcp or -p udp
[  244.806800][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  245.076817][   T24] usb 1-1: Using ep0 maxpacket: 32
[  245.115424][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.137805][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.179483][ T7312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.292'.
[  245.987696][   T24] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  246.020157][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.202827][   T24] usb 1-1: config 0 descriptor??
[  246.720663][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  246.812286][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  246.941324][   T24] usb 1-1: USB disconnect, device number 7
[  247.183279][ T5894] hid-generic 0005:16C0:5505.0005: item fetching failed at offset 0/1
[  247.206003][ T5894] hid-generic 0005:16C0:5505.0005: probe with driver hid-generic failed with error -22
[  247.207866][ T5947] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  247.768875][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  247.819284][ T5947] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  247.870998][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  247.909716][ T7334] xt_bpf: check failed: parse error
[  247.922460][ T7334] overlayfs: failed to resolve './file1/file0': -2
[  248.892027][ T5947] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  248.901434][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.909947][ T5947] usb 2-1: Product: syz
[  248.914412][ T5947] usb 2-1: Manufacturer: syz
[  248.919565][ T5947] usb 2-1: SerialNumber: syz
[  248.996904][ T5947] usb 2-1: config 0 descriptor??
[  249.024705][ T7328] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  249.046101][ T7328] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  249.198376][ T5947] usb 2-1: ucan: probing device on interface #0
[  249.342825][ T5947] usb 2-1: ucan: could not read protocol version, ret=0
[  249.375921][ T5947] usb 2-1: ucan: probe failed; try to update the device firmware
[  250.684429][ T5926] usb 2-1: USB disconnect, device number 7
[  251.119154][ T7353] netlink: 28 bytes leftover after parsing attributes in process `syz.0.304'.
[  253.206820][ T5884] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  253.388704][ T5884] usb 2-1: Using ep0 maxpacket: 8
[  254.214436][ T5884] usb 2-1: config 0 has an invalid interface number: 38 but max is 0
[  254.226192][ T5884] usb 2-1: config 0 has no interface number 0
[  254.232876][ T5884] usb 2-1: config 0 interface 38 has no altsetting 0
[  254.247929][ T5884] usb 2-1: New USB device found, idVendor=04e6, idProduct=0009, bcdDevice= 2.00
[  254.267128][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.275236][ T5884] usb 2-1: Product: syz
[  254.290255][ T5884] usb 2-1: Manufacturer: syz
[  254.294977][ T5884] usb 2-1: SerialNumber: syz
[  254.332723][ T5884] usb 2-1: config 0 descriptor??
[  254.354681][ T5884] usb-storage 2-1:0.38: USB Mass Storage device detected
[  254.672202][ T7390] FAULT_INJECTION: forcing a failure.
[  254.672202][ T7390] name failslab, interval 1, probability 0, space 0, times 0
[  254.685356][ T7390] CPU: 0 UID: 0 PID: 7390 Comm: syz.3.309 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  254.685382][ T7390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  254.685406][ T7390] Call Trace:
[  254.685414][ T7390]  <TASK>
[  254.685422][ T7390]  dump_stack_lvl+0x189/0x250
[  254.685450][ T7390]  ? __pfx____ratelimit+0x10/0x10
[  254.685472][ T7390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.685494][ T7390]  ? __pfx__printk+0x10/0x10
[  254.685527][ T7390]  ? __pfx___might_resched+0x10/0x10
[  254.685547][ T7390]  ? fs_reclaim_acquire+0x7d/0x100
[  254.685578][ T7390]  should_fail_ex+0x414/0x560
[  254.685606][ T7390]  should_failslab+0xa8/0x100
[  254.685629][ T7390]  __kmalloc_cache_noprof+0x70/0x3d0
[  254.685648][ T7390]  ? netlbl_catmap_setbit+0x1d8/0x440
[  254.685673][ T7390]  netlbl_catmap_setbit+0x1d8/0x440
[  254.685700][ T7390]  smk_netlbl_mls+0x153/0x580
[  254.685736][ T7390]  smk_import_entry+0x118/0x1d0
[  254.685766][ T7390]  smk_fill_rule+0xb6/0x630
[  254.685802][ T7390]  smk_parse_long_rule+0xbc3/0xee0
[  254.685841][ T7390]  ? __pfx_smk_parse_long_rule+0x10/0x10
[  254.685889][ T7390]  smk_write_rules_list+0x239/0x370
[  254.685925][ T7390]  ? __pfx_smk_write_change_rule+0x10/0x10
[  254.685950][ T7390]  vfs_write+0x27e/0xa90
[  254.685981][ T7390]  ? __pfx_vfs_write+0x10/0x10
[  254.686001][ T7390]  ? __fget_files+0x2a/0x420
[  254.686030][ T7390]  ? __fget_files+0x3a0/0x420
[  254.686050][ T7390]  ? __fget_files+0x2a/0x420
[  254.686083][ T7390]  ksys_write+0x145/0x250
[  254.686105][ T7390]  ? __pfx_ksys_write+0x10/0x10
[  254.686120][ T7390]  ? rcu_is_watching+0x15/0xb0
[  254.686148][ T7390]  ? do_syscall_64+0xbe/0x3b0
[  254.686175][ T7390]  do_syscall_64+0xfa/0x3b0
[  254.686194][ T7390]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.686215][ T7390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.686233][ T7390]  ? clear_bhb_loop+0x60/0xb0
[  254.686258][ T7390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.686277][ T7390] RIP: 0033:0x7fa08a38ebe9
[  254.686295][ T7390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.686311][ T7390] RSP: 002b:00007fa08b13f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  254.686331][ T7390] RAX: ffffffffffffffda RBX: 00007fa08a5b6180 RCX: 00007fa08a38ebe9
[  254.686345][ T7390] RDX: 00000000000000e4 RSI: 0000200000000280 RDI: 0000000000000008
[  254.686357][ T7390] RBP: 00007fa08b13f090 R08: 0000000000000000 R09: 0000000000000000
[  254.686368][ T7390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  254.686380][ T7390] R13: 00007fa08a5b6218 R14: 00007fa08a5b6180 R15: 00007ffe5f21d618
[  254.686424][ T7390]  </TASK>
[  254.960025][ T7390] netlink: 'syz.3.309': attribute type 8 has an invalid length.
[  255.349427][ T7355] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  256.380390][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  256.812374][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  257.534656][ T5884] usb 2-1: USB disconnect, device number 8
[  258.045162][ T7406] netlink: 'syz.1.314': attribute type 1 has an invalid length.
[  258.846445][ T7406] 8021q: adding VLAN 0 to HW filter on device bond2
[  258.866448][ T7412] bond2: (slave geneve2): making interface the new active one
[  258.885757][ T7412] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  260.265488][ T7421] netlink: 'syz.1.316': attribute type 8 has an invalid length.
[  261.548734][ T7425] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.319' sets config #-1
[  262.900933][ T7442] loop9: detected capacity change from 0 to 7
[  262.918907][ T7442] buffer_io_error: 7 callbacks suppressed
[  262.918926][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  262.938290][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  262.951774][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  262.962943][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  262.978613][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  262.988639][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  263.000372][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  263.071102][ T7442] ldm_validate_partition_table(): Disk read failed.
[  263.082454][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  263.114443][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  263.230905][ T7442] Buffer I/O error on dev loop9, logical block 0, async page read
[  263.301483][ T5926] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  263.301850][ T7442] Dev loop9: unable to read RDB block 0
[  263.416418][ T7442]  loop9: unable to read partition table
[  263.463396][ T7442] loop9: partition table beyond EOD, truncated
[  263.505024][ T7442] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  263.505024][ T7442] 
) failed (rc=-5)
[  264.529602][ T7451] netlink: 16 bytes leftover after parsing attributes in process `syz.3.326'.
[  264.586943][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  264.608624][ T5926] usb 2-1: config 0 has an invalid interface number: 37 but max is 0
[  264.626853][ T5926] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.644178][ T7453] netlink: 'syz.4.324': attribute type 4 has an invalid length.
[  264.665992][ T7453] netlink: 'syz.4.324': attribute type 4 has an invalid length.
[  264.899434][ T5926] usb 2-1: config 0 has no interface number 0
[  264.910548][ T5926] usb 2-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3
[  264.924447][ T7455] kvm: pic: non byte write
[  264.929229][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.937664][ T5926] usb 2-1: Product: syz
[  264.941863][ T5926] usb 2-1: Manufacturer: syz
[  264.946526][ T5926] usb 2-1: SerialNumber: syz
[  264.954138][ T5926] usb 2-1: config 0 descriptor??
[  264.963025][ T5926] usb 2-1: bad CDC descriptors
[  265.365188][ T7437] Bluetooth: MGMT ver 1.23
[  265.602392][ T1206] usb 2-1: USB disconnect, device number 9
[  265.807663][ T5947] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  266.320743][ T5947] usb 1-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00
[  266.338340][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.346586][ T5947] usb 1-1: Product: syz
[  266.354859][ T5947] usb 1-1: Manufacturer: syz
[  266.379740][ T5947] usb 1-1: SerialNumber: syz
[  267.413436][ T5947] usb 1-1: config 0 descriptor??
[  267.696193][ T7465] netlink: 56 bytes leftover after parsing attributes in process `syz.4.328'.
[  267.713944][ T5947] usb 1-1: USB disconnect, device number 8
[  268.063952][ T7495] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.332'.
[  268.467249][ T5894] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  268.727199][ T5894] usb 5-1: Using ep0 maxpacket: 32
[  268.737529][ T5894] usb 5-1: unable to get BOS descriptor or descriptor too short
[  268.756154][ T5894] usb 5-1: config 249 has an invalid descriptor of length 111, skipping remainder of the config
[  268.772042][ T5894] usb 5-1: config 249 has no interfaces?
[  268.781654][ T5894] usb 5-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  268.794492][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.813446][ T5894] usb 5-1: Product: syz
[  268.818415][ T5894] usb 5-1: Manufacturer: syz
[  268.824088][ T5894] usb 5-1: SerialNumber: syz
[  268.868006][ T7506] sg_write: process 323 (syz.1.337) changed security contexts after opening file descriptor, this is not allowed.
[  268.938083][ T5894] usb 5-1: can't set config #249, error -71
[  268.990115][ T5894] usb 5-1: USB disconnect, device number 5
[  269.124372][ T7511] netlink: 'syz.1.338': attribute type 4 has an invalid length.
[  269.175917][ T7512] netlink: 'syz.1.338': attribute type 4 has an invalid length.
[  270.352529][ T7518] netlink: 'syz.2.341': attribute type 10 has an invalid length.
[  270.393891][ T7518] team0: Port device dummy0 added
[  270.584387][ T7519] netlink: 'syz.4.340': attribute type 178 has an invalid length.
[  271.748949][ T7533] overlayfs: failed to resolve './file1/file0': -2
[  273.983182][ T7553] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'.
[  274.484928][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  274.796763][   T10] usb 5-1: Using ep0 maxpacket: 8
[  274.816550][   T10] usb 5-1: too many configurations: 48, using maximum allowed: 8
[  274.838784][   T10] usb 5-1: unable to read config index 0 descriptor/start: -61
[  274.846459][   T10] usb 5-1: can't read configurations, error -61
[  275.068425][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  275.740702][ T7568] xt_TPROXY: Can be used only with -p tcp or -p udp
[  275.857030][   T10] usb 5-1: Using ep0 maxpacket: 8
[  276.044149][   T10] usb 5-1: too many configurations: 48, using maximum allowed: 8
[  276.068226][   T10] usb 5-1: unable to read config index 0 descriptor/start: -61
[  276.077560][   T10] usb 5-1: can't read configurations, error -61
[  276.084663][   T10] usb usb5-port1: attempt power cycle
[  276.157210][ T7571] netlink: 'syz.2.354': attribute type 4 has an invalid length.
[  276.854867][ T7571] netlink: 'syz.2.354': attribute type 4 has an invalid length.
[  277.900007][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  277.900026][   T30] audit: type=1326 audit(1755767866.912:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.4.357" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc7f518ebe9 code=0x0
[  278.547156][ T7588] netlink: 76 bytes leftover after parsing attributes in process `syz.3.358'.
[  278.957444][ T7593] FAULT_INJECTION: forcing a failure.
[  278.957444][ T7593] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.003589][ T7588] netlink: 'syz.3.358': attribute type 10 has an invalid length.
[  279.067453][ T7593] CPU: 0 UID: 0 PID: 7593 Comm: syz.1.359 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  279.067485][ T7593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  279.067497][ T7593] Call Trace:
[  279.067506][ T7593]  <TASK>
[  279.067515][ T7593]  dump_stack_lvl+0x189/0x250
[  279.067547][ T7593]  ? __pfx____ratelimit+0x10/0x10
[  279.067570][ T7593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.067599][ T7593]  ? __pfx__printk+0x10/0x10
[  279.067626][ T7593]  ? __might_fault+0xb0/0x130
[  279.067663][ T7593]  should_fail_ex+0x414/0x560
[  279.067692][ T7593]  _copy_from_user+0x2d/0xb0
[  279.067722][ T7593]  kstrtouint_from_user+0xc4/0x170
[  279.067751][ T7593]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  279.067794][ T7593]  proc_fail_nth_write+0x88/0x240
[  279.067821][ T7593]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  279.067853][ T7593]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  279.067880][ T7593]  vfs_write+0x27e/0xa90
[  279.067922][ T7593]  ? __pfx_vfs_write+0x10/0x10
[  279.067945][ T7593]  ? __fget_files+0x2a/0x420
[  279.067975][ T7593]  ? __fget_files+0x3a0/0x420
[  279.067995][ T7593]  ? __fget_files+0x2a/0x420
[  279.068027][ T7593]  ksys_write+0x145/0x250
[  279.068051][ T7593]  ? __pfx_ksys_write+0x10/0x10
[  279.068067][ T7593]  ? rcu_is_watching+0x15/0xb0
[  279.068098][ T7593]  ? do_syscall_64+0xbe/0x3b0
[  279.068127][ T7593]  do_syscall_64+0xfa/0x3b0
[  279.068150][ T7593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.068168][ T7593]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  279.068187][ T7593]  ? clear_bhb_loop+0x60/0xb0
[  279.068213][ T7593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.068232][ T7593] RIP: 0033:0x7ff9da98d69f
[  279.068251][ T7593] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  279.068267][ T7593] RSP: 002b:00007ff9db826030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  279.068290][ T7593] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff9da98d69f
[  279.068305][ T7593] RDX: 0000000000000001 RSI: 00007ff9db8260a0 RDI: 0000000000000004
[  279.068317][ T7593] RBP: 00007ff9db826090 R08: 0000000000000000 R09: 0000000000000000
[  279.068329][ T7593] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  279.068341][ T7593] R13: 00007ff9dabb6128 R14: 00007ff9dabb6090 R15: 00007ffed7fe45f8
[  279.068378][ T7593]  </TASK>
[  279.876741][ T7601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.361'.
[  279.997827][ T7588] veth0_vlan: left promiscuous mode
[  280.015374][ T7588] veth0_vlan: entered promiscuous mode
[  280.031968][ T7588] team0: Device veth0_vlan failed to register rx_handler
[  280.473968][ T7604] netlink: 'syz.2.362': attribute type 2 has an invalid length.
[  280.776789][ T7609] netlink: 12 bytes leftover after parsing attributes in process `syz.4.363'.
[  280.886185][ T7588] syz.3.358 (7588) used greatest stack depth: 19256 bytes left
[  281.349992][ T7615] xt_bpf: check failed: parse error
[  281.390610][ T7615] overlayfs: failed to resolve './file1/file0': -2
[  284.873206][ T7632] netlink: 'syz.2.369': attribute type 4 has an invalid length.
[  284.913635][ T7632] netlink: 'syz.2.369': attribute type 4 has an invalid length.
[  284.922003][ T5947] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  285.016475][ T7636] xt_TPROXY: Can be used only with -p tcp or -p udp
[  285.099587][ T5947] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  285.124131][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.156504][ T5947] usb 1-1: config 0 descriptor??
[  285.176250][ T5947] gspca_main: spca508-2.14.0 probing 8086:0110
[  285.400754][ T5947] gspca_spca508: reg_read err -71
[  285.437201][ T5947] gspca_spca508: reg_read err -71
[  285.458017][ T5947] gspca_spca508: reg_read err -71
[  285.473397][ T5947] gspca_spca508: reg_read err -71
[  285.495093][ T5947] gspca_spca508: reg_read err -71
[  285.512427][ T5947] gspca_spca508: reg write: error -71
[  285.579912][ T5947] spca508 1-1:0.0: probe with driver spca508 failed with error -71
[  285.764608][ T7646] netlink: 28 bytes leftover after parsing attributes in process `syz.3.373'.
[  286.101215][ T5947] usb 1-1: USB disconnect, device number 9
[  286.676714][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.374'.
[  287.328524][ T7654] xt_TPROXY: Can be used only with -p tcp or -p udp
[  287.734187][ T7667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.378'.
[  288.193760][ T7668] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  288.272943][ T7668] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  288.586898][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  290.542997][ T7698] netlink: 'syz.2.387': attribute type 6 has an invalid length.
[  290.657187][ T7698] netlink: 'syz.2.387': attribute type 30 has an invalid length.
[  291.061899][ T7702] Driver unsupported XDP return value 0 on prog  (id 103) dev N/A, expect packet loss!
[  292.088828][ T7718] xt_TPROXY: Can be used only with -p tcp or -p udp
[  292.980568][ T7722] tipc: Started in network mode
[  292.985758][ T7722] tipc: Node identity 4a54c601c698, cluster identity 4711
[  292.997224][ T7722] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  293.015041][ T7722] syzkaller0: entered promiscuous mode
[  293.655665][ T7722] syzkaller0: entered allmulticast mode
[  294.031086][   T51] Bluetooth: hci2: command 0x0405 tx timeout
[  294.118345][ T5894] tipc: Node number set to 2362230273
[  294.555979][ T7729] syzkaller0: mtu greater than device maximum
[  294.762276][ T7721] tipc: Resetting bearer <eth:syzkaller0>
[  295.039101][ T7721] tipc: Disabling bearer <eth:syzkaller0>
[  295.356396][ T7739] mkiss: ax0: crc mode is auto.
[  296.035340][ T7750] FAULT_INJECTION: forcing a failure.
[  296.035340][ T7750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.049052][ T7750] CPU: 0 UID: 0 PID: 7750 Comm: syz.1.400 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  296.049079][ T7750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.049090][ T7750] Call Trace:
[  296.049100][ T7750]  <TASK>
[  296.049107][ T7750]  dump_stack_lvl+0x189/0x250
[  296.049128][ T7750]  ? __pfx____ratelimit+0x10/0x10
[  296.049143][ T7750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.049159][ T7750]  ? __pfx__printk+0x10/0x10
[  296.049182][ T7750]  should_fail_ex+0x414/0x560
[  296.049199][ T7750]  _copy_to_user+0x31/0xb0
[  296.049217][ T7750]  simple_read_from_buffer+0xe1/0x170
[  296.049234][ T7750]  proc_fail_nth_read+0x1df/0x250
[  296.049250][ T7750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.049267][ T7750]  ? rw_verify_area+0x258/0x650
[  296.049285][ T7750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.049300][ T7750]  vfs_read+0x200/0x980
[  296.049322][ T7750]  ? __pfx___mutex_lock+0x10/0x10
[  296.049336][ T7750]  ? __pfx_vfs_read+0x10/0x10
[  296.049354][ T7750]  ? __fget_files+0x2a/0x420
[  296.049371][ T7750]  ? __fget_files+0x3a0/0x420
[  296.049383][ T7750]  ? __fget_files+0x2a/0x420
[  296.049402][ T7750]  ksys_read+0x145/0x250
[  296.049415][ T7750]  ? __pfx_ksys_read+0x10/0x10
[  296.049429][ T7750]  ? do_syscall_64+0xbe/0x3b0
[  296.049446][ T7750]  do_syscall_64+0xfa/0x3b0
[  296.049460][ T7750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.049471][ T7750]  ? asm_sysvec_call_function_single+0x1a/0x20
[  296.049483][ T7750]  ? clear_bhb_loop+0x60/0xb0
[  296.049497][ T7750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.049509][ T7750] RIP: 0033:0x7ff9da98d5fc
[  296.049522][ T7750] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  296.049532][ T7750] RSP: 002b:00007ff9db805030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  296.049545][ T7750] RAX: ffffffffffffffda RBX: 00007ff9dabb6180 RCX: 00007ff9da98d5fc
[  296.049554][ T7750] RDX: 000000000000000f RSI: 00007ff9db8050a0 RDI: 0000000000000005
[  296.049561][ T7750] RBP: 00007ff9db805090 R08: 0000000000000000 R09: 0000000000000000
[  296.049568][ T7750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.049575][ T7750] R13: 00007ff9dabb6218 R14: 00007ff9dabb6180 R15: 00007ffed7fe45f8
[  296.049595][ T7750]  </TASK>
[  296.861451][ T7754] netlink: 112 bytes leftover after parsing attributes in process `syz.1.402'.
[  297.554139][ T5847] Bluetooth: hci2: command 0x0405 tx timeout
[  297.781065][ T7765] netlink: 12 bytes leftover after parsing attributes in process `syz.4.405'.
[  298.826836][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  300.485641][ T7784] xt_TPROXY: Can be used only with -p tcp or -p udp
[  301.265549][ T7793] Cannot find add_set index 0 as target
[  302.899420][ T7801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.416'.
[  303.163714][ T5901] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  304.193148][ T5901] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  304.237154][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.278086][ T5901] usb 1-1: config 0 descriptor??
[  304.317585][ T5901] gspca_main: cpia1-2.14.0 probing 0813:0001
[  304.658125][ T7826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.422'.
[  304.729795][ T5901] gspca_cpia1: usb_control_msg 05, error -71
[  304.760473][ T5901] gspca_cpia1: usb_control_msg 01, error -71
[  304.789926][ T5901] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  304.833473][ T5901] usb 1-1: USB disconnect, device number 10
[  306.550421][ T1206] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  306.716874][ T1206] usb 5-1: Using ep0 maxpacket: 8
[  306.733706][ T1206] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  306.746804][ T1206] usb 5-1: config 179 has no interface number 0
[  306.763637][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  307.738539][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  307.976365][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  307.988084][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  308.003693][ T1206] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  308.017487][ T1206] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  308.026570][ T1206] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.048968][ T7844] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  308.321791][ T7862] netlink: 12 bytes leftover after parsing attributes in process `syz.2.432'.
[  308.540234][ T5947] libceph: connect (1)[c::]:6789 error -101
[  308.552883][ T5947] libceph: mon0 (1)[c::]:6789 connect error
[  308.859000][ T5947] libceph: connect (1)[c::]:6789 error -101
[  309.025032][ T7861] ceph: No mds server is up or the cluster is laggy
[  309.082910][ T5947] libceph: mon0 (1)[c::]:6789 connect error
[  309.137183][   T10] usb 5-1: USB disconnect, device number 9
[  309.137186][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  309.137326][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  309.307589][ T1206] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input6
[  309.689847][ T7868] binder: Bad value for 'max'
[  309.800470][ T5901] libceph: connect (1)[c::]:6789 error -101
[  309.826741][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[  309.930776][ T7869] netlink: 40 bytes leftover after parsing attributes in process `syz.0.434'.
[  309.991489][ T7869] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.034678][ T7869] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.055828][ T7873] FAULT_INJECTION: forcing a failure.
[  310.055828][ T7873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  310.219625][ T7873] CPU: 1 UID: 0 PID: 7873 Comm: syz.2.435 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  310.219657][ T7873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  310.219669][ T7873] Call Trace:
[  310.219678][ T7873]  <TASK>
[  310.219688][ T7873]  dump_stack_lvl+0x189/0x250
[  310.219717][ T7873]  ? __pfx____ratelimit+0x10/0x10
[  310.219740][ T7873]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.219763][ T7873]  ? __pfx__printk+0x10/0x10
[  310.219807][ T7873]  should_fail_ex+0x414/0x560
[  310.219846][ T7873]  _copy_to_iter+0x575/0x16f0
[  310.219887][ T7873]  ? __pfx__copy_to_iter+0x10/0x10
[  310.219909][ T7873]  ? __skb_try_recv_from_queue+0x58f/0x730
[  310.219940][ T7873]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  310.219970][ T7873]  __skb_datagram_iter+0xf8/0x990
[  310.219994][ T7873]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  310.220027][ T7873]  skb_copy_datagram_iter+0xc5/0x230
[  310.220055][ T7873]  netlink_recvmsg+0x2ab/0xa30
[  310.220096][ T7873]  ? __pfx_netlink_recvmsg+0x10/0x10
[  310.220130][ T7873]  ? __lock_acquire+0xab9/0xd20
[  310.220153][ T7873]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  310.220175][ T7873]  ? __pfx_netlink_recvmsg+0x10/0x10
[  310.220206][ T7873]  sock_recvmsg_nosec+0x183/0x1c0
[  310.220236][ T7873]  ____sys_recvmsg+0x3aa/0x460
[  310.220267][ T7873]  ? __pfx_____sys_recvmsg+0x10/0x10
[  310.220307][ T7873]  ? import_iovec+0x74/0xa0
[  310.220340][ T7873]  ___sys_recvmsg+0x1b5/0x510
[  310.220367][ T7873]  ? __pfx____sys_recvmsg+0x10/0x10
[  310.220426][ T7873]  ? __might_fault+0xb0/0x130
[  310.220453][ T7873]  do_recvmmsg+0x307/0x770
[  310.220484][ T7873]  ? __pfx_do_recvmmsg+0x10/0x10
[  310.220520][ T7873]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  310.220565][ T7873]  __x64_sys_recvmmsg+0x190/0x240
[  310.220590][ T7873]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  310.220608][ T7873]  ? rcu_is_watching+0x15/0xb0
[  310.220636][ T7873]  ? do_syscall_64+0xbe/0x3b0
[  310.220664][ T7873]  do_syscall_64+0xfa/0x3b0
[  310.220685][ T7873]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.220706][ T7873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.220726][ T7873]  ? clear_bhb_loop+0x60/0xb0
[  310.220753][ T7873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.220772][ T7873] RIP: 0033:0x7fe66cf8ebe9
[  310.220791][ T7873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.220807][ T7873] RSP: 002b:00007fe66dec2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  310.220837][ T7873] RAX: ffffffffffffffda RBX: 00007fe66d1b5fa0 RCX: 00007fe66cf8ebe9
[  310.220852][ T7873] RDX: 0000000000000009 RSI: 0000200000000dc0 RDI: 0000000000000003
[  310.220865][ T7873] RBP: 00007fe66dec2090 R08: 0000000000000000 R09: 0000000000000000
[  310.220877][ T7873] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002
[  310.220889][ T7873] R13: 00007fe66d1b6038 R14: 00007fe66d1b5fa0 R15: 00007fffc8e84768
[  310.220924][ T7873]  </TASK>
[  310.592679][ T7877] netlink: 28 bytes leftover after parsing attributes in process `syz.3.436'.
[  312.927859][ T7902] xt_TPROXY: Can be used only with -p tcp or -p udp
[  313.362036][ T7901] xt_bpf: check failed: parse error
[  313.382447][ T7901] overlayfs: failed to resolve './file1/file0': -2
[  314.730874][ T7898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.444'.
[  314.871580][ T7915] xt_bpf: check failed: parse error
[  314.895497][ T7916] xt_bpf: check failed: parse error
[  314.904276][ T7915] overlayfs: failed to resolve './file1/file0': -2
[  315.064312][ T7916] overlayfs: failed to resolve './file1/file0': -2
[  316.154222][ T7925] FAULT_INJECTION: forcing a failure.
[  316.154222][ T7925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  316.172999][ T7925] CPU: 0 UID: 0 PID: 7925 Comm: syz.4.448 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  316.173027][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  316.173038][ T7925] Call Trace:
[  316.173046][ T7925]  <TASK>
[  316.173052][ T7925]  dump_stack_lvl+0x189/0x250
[  316.173070][ T7925]  ? __pfx____ratelimit+0x10/0x10
[  316.173084][ T7925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.173098][ T7925]  ? __pfx__printk+0x10/0x10
[  316.173114][ T7925]  ? __might_fault+0xb0/0x130
[  316.173133][ T7925]  should_fail_ex+0x414/0x560
[  316.173150][ T7925]  _copy_from_user+0x2d/0xb0
[  316.173167][ T7925]  kstrtouint_from_user+0xc4/0x170
[  316.173179][ T7925]  ? trace_irq_disable+0x37/0x110
[  316.173198][ T7925]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  316.173216][ T7925]  ? irqentry_exit+0x74/0x90
[  316.173229][ T7925]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.173245][ T7925]  proc_fail_nth_write+0x88/0x240
[  316.173260][ T7925]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  316.173272][ T7925]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  316.173285][ T7925]  ? vfs_write+0x211/0xa90
[  316.173296][ T7925]  ? vfs_write+0x261/0xa90
[  316.173308][ T7925]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  316.173323][ T7925]  vfs_write+0x27e/0xa90
[  316.173341][ T7925]  ? __pfx_vfs_write+0x10/0x10
[  316.173353][ T7925]  ? __fget_files+0x2a/0x420
[  316.173370][ T7925]  ? __fget_files+0x3a0/0x420
[  316.173382][ T7925]  ? __fget_files+0x2a/0x420
[  316.173401][ T7925]  ksys_write+0x145/0x250
[  316.173414][ T7925]  ? __pfx_ksys_write+0x10/0x10
[  316.173434][ T7925]  do_syscall_64+0xfa/0x3b0
[  316.173447][ T7925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.173459][ T7925]  ? asm_sysvec_call_function_single+0x1a/0x20
[  316.173471][ T7925]  ? clear_bhb_loop+0x60/0xb0
[  316.173485][ T7925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.173497][ T7925] RIP: 0033:0x7fc7f518d69f
[  316.173510][ T7925] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  316.173520][ T7925] RSP: 002b:00007fc7f6067030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  316.173537][ T7925] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc7f518d69f
[  316.173546][ T7925] RDX: 0000000000000001 RSI: 00007fc7f60670a0 RDI: 0000000000000004
[  316.173554][ T7925] RBP: 00007fc7f6067090 R08: 0000000000000000 R09: 0000000000000000
[  316.173561][ T7925] R10: 00000000000000cb R11: 0000000000000293 R12: 0000000000000001
[  316.173568][ T7925] R13: 00007fc7f53b6218 R14: 00007fc7f53b6180 R15: 00007ffe89dabc98
[  316.173588][ T7925]  </TASK>
[  317.137228][ T7929] netlink: 28 bytes leftover after parsing attributes in process `syz.3.451'.
[  317.241821][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.260223][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  317.408883][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.1.452'.
[  317.518200][ T7939] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  317.549243][ T7939] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  317.577482][ T7939] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  317.647517][ T7939] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  317.653656][ T7939] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  318.301478][ T7939] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  318.448630][ T7939] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  318.676474][ T7939] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  318.725887][ T7939] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  319.004814][ T7939] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  319.634002][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[  319.706865][ T5156] Bluetooth: hci4: command 0x0406 tx timeout
[  319.754296][ T1206] kernel write not supported for file /cpu/0/msr (pid: 1206 comm: kworker/1:2)
[  319.801750][ T7958] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.458' sets config #-1
[  319.887321][ T7964] xt_bpf: check failed: parse error
[  319.909185][ T7964] overlayfs: failed to resolve './file1/file0': -2
[  320.346765][ T5156] Bluetooth: hci3: command 0x0406 tx timeout
[  320.747012][ T5156] Bluetooth: hci2: command 0x0405 tx timeout
[  321.019285][ T7975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.463'.
[  321.707317][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[  321.787263][ T5156] Bluetooth: hci4: command 0x0406 tx timeout
[  322.430740][ T5156] Bluetooth: hci3: command 0x0406 tx timeout
[  322.827044][ T5156] Bluetooth: hci2: command 0x0405 tx timeout
[  324.917255][ T5156] Bluetooth: hci2: command 0x0405 tx timeout
[  327.129434][   T24] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  327.318918][ T8005] FAULT_INJECTION: forcing a failure.
[  327.318918][ T8005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.340952][   T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  327.376758][   T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  327.392339][ T8005] CPU: 1 UID: 0 PID: 8005 Comm: syz.2.471 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  327.392367][ T8005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  327.392379][ T8005] Call Trace:
[  327.392386][ T8005]  <TASK>
[  327.392394][ T8005]  dump_stack_lvl+0x189/0x250
[  327.392422][ T8005]  ? __pfx____ratelimit+0x10/0x10
[  327.392443][ T8005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.392464][ T8005]  ? __pfx__printk+0x10/0x10
[  327.392488][ T8005]  ? __might_fault+0xb0/0x130
[  327.392518][ T8005]  should_fail_ex+0x414/0x560
[  327.392545][ T8005]  _copy_from_user+0x2d/0xb0
[  327.392574][ T8005]  rfkill_fop_write+0x136/0x570
[  327.392598][ T8005]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  327.392637][ T8005]  ? __pfx_rfkill_fop_write+0x10/0x10
[  327.392660][ T8005]  ? security_file_permission+0x70/0x290
[  327.392684][ T8005]  ? rw_verify_area+0x258/0x650
[  327.392723][ T8005]  ? __pfx_rfkill_fop_write+0x10/0x10
[  327.392748][ T8005]  vfs_write+0x27e/0xa90
[  327.392778][ T8005]  ? __pfx_vfs_write+0x10/0x10
[  327.392800][ T8005]  ? __fget_files+0x2a/0x420
[  327.392825][ T8005]  ? __fget_files+0x2a/0x420
[  327.392845][ T8005]  ? __fget_files+0x3a0/0x420
[  327.392866][ T8005]  ? __fget_files+0x2a/0x420
[  327.392898][ T8005]  ksys_write+0x145/0x250
[  327.392921][ T8005]  ? __pfx_ksys_write+0x10/0x10
[  327.392937][ T8005]  ? rcu_is_watching+0x15/0xb0
[  327.392965][ T8005]  ? do_syscall_64+0xbe/0x3b0
[  327.392993][ T8005]  do_syscall_64+0xfa/0x3b0
[  327.393013][ T8005]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.393034][ T8005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.393054][ T8005]  ? clear_bhb_loop+0x60/0xb0
[  327.393079][ T8005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.393098][ T8005] RIP: 0033:0x7fe66cf8ebe9
[  327.393117][ T8005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.393135][ T8005] RSP: 002b:00007fe66dec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  327.393157][ T8005] RAX: ffffffffffffffda RBX: 00007fe66d1b5fa0 RCX: 00007fe66cf8ebe9
[  327.393171][ T8005] RDX: 0000000000000008 RSI: 0000200000000340 RDI: 0000000000000003
[  327.393184][ T8005] RBP: 00007fe66dec2090 R08: 0000000000000000 R09: 0000000000000000
[  327.393196][ T8005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.393207][ T8005] R13: 00007fe66d1b6038 R14: 00007fe66d1b5fa0 R15: 00007fffc8e84768
[  327.393242][ T8005]  </TASK>
[  327.655391][   T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  327.664611][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.880217][ T8007] Device name cannot be null; rc = [-22]
[  328.111900][   T24] usb 4-1: usb_control_msg returned -32
[  328.118204][   T24] usbtmc 4-1:16.0: can't read capabilities
[  329.848202][ T8020] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  333.602013][ T8031] xt_bpf: check failed: parse error
[  333.609312][ T8031] overlayfs: failed to resolve './file1/file0': -2
[  333.651929][ T5894] usb 4-1: USB disconnect, device number 8
[  334.517073][ T8048] comedi comedi3: comedi_config --init_data is deprecated
[  334.556735][ T5985] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  334.697187][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  334.727099][ T5985] usb 3-1: Using ep0 maxpacket: 32
[  334.748222][ T5985] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  334.767845][ T5985] usb 3-1: config 0 has no interface number 0
[  334.786516][ T5985] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  334.807909][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.831507][ T5985] usb 3-1: Product: syz
[  334.848118][ T5985] usb 3-1: Manufacturer: syz
[  334.866728][   T10] usb 1-1: device descriptor read/64, error -71
[  334.875412][ T5985] usb 3-1: SerialNumber: syz
[  334.905055][ T5985] usb 3-1: config 0 descriptor??
[  334.915820][ T5985] smsc95xx v2.0.0
[  335.136752][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  335.266810][   T10] usb 1-1: device descriptor read/64, error -71
[  335.317876][ T8044] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  335.327956][ T5985] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  335.358953][ T5985] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  335.393491][   T10] usb usb1-port1: attempt power cycle
[  335.420515][ T5985] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  335.434332][ T5985] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  335.457596][ T5985] usb 3-1: USB disconnect, device number 3
[  335.712518][ T8065] netlink: 20 bytes leftover after parsing attributes in process `syz.1.488'.
[  335.740430][   T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  335.817576][   T10] usb 1-1: device descriptor read/8, error -71
[  337.106808][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  337.159752][   T10] usb 1-1: device descriptor read/8, error -71
[  337.287768][   T10] usb usb1-port1: unable to enumerate USB device
[  337.499358][ T8074] xt_bpf: check failed: parse error
[  337.507601][ T8074] overlayfs: failed to resolve './file1/file0': -2
[  338.006160][ T8081] fuse: Unknown parameter '�դ](�?_B5�0@ep}�!*�D�:�5CKR��w����-������[HwG�!5~y'
[  338.555870][ T8091] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  338.568273][ T8091] Cannot find set identified by id 0 to match
[  338.837530][   T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  338.866206][ T8097] overlayfs: statfs failed on './file0'
[  338.987111][   T10] usb 1-1: device descriptor read/64, error -71
[  339.132358][ T8100] xt_TPROXY: Can be used only with -p tcp or -p udp
[  339.299732][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  339.442195][ T8103] loop2: detected capacity change from 0 to 7
[  339.489810][   T10] usb 1-1: device descriptor read/64, error -71
[  339.512675][ T8103] Dev loop2: unable to read RDB block 7
[  339.536819][ T8103]  loop2: unable to read partition table
[  339.542792][ T8103] loop2: partition table beyond EOD, truncated
[  339.552906][ T8103] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  339.666146][   T10] usb usb1-port1: attempt power cycle
[  340.687818][ T8110] xt_bpf: check failed: parse error
[  340.694915][ T8110] overlayfs: failed to resolve './file1/file0': -2
[  340.718531][   T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  340.770183][   T10] usb 1-1: device descriptor read/8, error -71
[  340.801440][ T8112] ieee802154 phy0 wpan0: encryption failed: -22
[  341.016896][   T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  341.132122][ T8118] netlink: 12 bytes leftover after parsing attributes in process `syz.4.507'.
[  341.615024][   T10] usb 1-1: device descriptor read/8, error -71
[  341.795085][   T10] usb usb1-port1: unable to enumerate USB device
[  342.516102][ T5901] psmouse serio2: Failed to reset mouse on : -5
[  344.154828][ T8124] Set syz1 is full, maxelem 65536 reached
[  347.046730][ T5947] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  347.206877][ T5947] usb 4-1: Using ep0 maxpacket: 8
[  347.295378][ T5947] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  347.314083][ T5947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  347.350849][ T5947] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  347.364201][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.463440][ T5947] usb 4-1: Product: syz
[  347.468074][ T5947] usb 4-1: Manufacturer: syz
[  347.474083][ T5947] usb 4-1: SerialNumber: syz
[  347.492900][ T5947] usb 4-1: config 0 descriptor??
[  348.116976][ T5901] misc userio: Buffer overflowed, userio client isn't keeping up
[  348.263551][ T8152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.274923][ T8152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  348.309546][ T8152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.321290][ T8152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.349373][ T8158] FAULT_INJECTION: forcing a failure.
[  349.349373][ T8158] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.363227][ T8158] CPU: 0 UID: 0 PID: 8158 Comm: syz.1.518 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  349.363255][ T8158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  349.363267][ T8158] Call Trace:
[  349.363275][ T8158]  <TASK>
[  349.363284][ T8158]  dump_stack_lvl+0x189/0x250
[  349.363314][ T8158]  ? __pfx____ratelimit+0x10/0x10
[  349.363337][ T8158]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.363361][ T8158]  ? __pfx__printk+0x10/0x10
[  349.363387][ T8158]  ? __might_fault+0xb0/0x130
[  349.363422][ T8158]  should_fail_ex+0x414/0x560
[  349.363451][ T8158]  _copy_from_user+0x2d/0xb0
[  349.363481][ T8158]  __se_sys_mount+0x18a/0x410
[  349.363513][ T8158]  ? __pfx___se_sys_mount+0x10/0x10
[  349.363540][ T8158]  ? __x64_sys_mount+0x2f/0xc0
[  349.363564][ T8158]  ? __x64_sys_mount+0x20/0xc0
[  349.363589][ T8158]  do_syscall_64+0xfa/0x3b0
[  349.363612][ T8158]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.363633][ T8158]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.363653][ T8158]  ? clear_bhb_loop+0x60/0xb0
[  349.363678][ T8158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.363699][ T8158] RIP: 0033:0x7ff9da98ebe9
[  349.363717][ T8158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.363735][ T8158] RSP: 002b:00007ff9db826038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  349.363759][ T8158] RAX: ffffffffffffffda RBX: 00007ff9dabb6090 RCX: 00007ff9da98ebe9
[  349.363774][ T8158] RDX: 0000200000000000 RSI: 00002000000001c0 RDI: 0000000000000000
[  349.363788][ T8158] RBP: 00007ff9db826090 R08: 0000200000000200 R09: 0000000000000000
[  349.363801][ T8158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.363814][ T8158] R13: 00007ff9dabb6128 R14: 00007ff9dabb6090 R15: 00007ffed7fe45f8
[  349.363849][ T8158]  </TASK>
[  349.990730][ T5947] usb 4-1: USB disconnect, device number 9
[  350.333628][ T5901] input: PS/2 Generic Mouse as /devices/serio2/input/input7
[  350.498233][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.519'.
[  351.063383][ T5901] psmouse serio2: Failed to enable mouse on 
[  351.112620][ T8168] netlink: 12 bytes leftover after parsing attributes in process `syz.3.520'.
[  351.803066][ T8176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.840073][ T8176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  351.863001][ T8175] binder: BINDER_SET_CONTEXT_MGR already set
[  351.879592][ T8175] binder: 8174:8175 ioctl 4018620d 200000000040 returned -16
[  352.348105][ T1206] usb 4-1: new low-speed USB device number 10 using dummy_hcd
[  352.776741][ T1206] usb 4-1: device descriptor read/64, error -71
[  353.154302][ T8194] FAULT_INJECTION: forcing a failure.
[  353.154302][ T8194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.167929][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.0.527 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  353.167956][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.167968][ T8194] Call Trace:
[  353.167976][ T8194]  <TASK>
[  353.167985][ T8194]  dump_stack_lvl+0x189/0x250
[  353.168014][ T8194]  ? __pfx____ratelimit+0x10/0x10
[  353.168037][ T8194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.168060][ T8194]  ? __pfx__printk+0x10/0x10
[  353.168097][ T8194]  ? __might_fault+0xb0/0x130
[  353.168124][ T8194]  ? lock_release+0x2b5/0x3e0
[  353.168148][ T8194]  should_fail_ex+0x414/0x560
[  353.168175][ T8194]  _copy_from_user+0x2d/0xb0
[  353.168205][ T8194]  ___sys_recvmsg+0x12e/0x510
[  353.168233][ T8194]  ? __pfx____sys_recvmsg+0x10/0x10
[  353.168284][ T8194]  ? __fget_files+0x3a0/0x420
[  353.168319][ T8194]  do_recvmmsg+0x307/0x770
[  353.168349][ T8194]  ? __pfx_do_recvmmsg+0x10/0x10
[  353.168409][ T8194]  __x64_sys_recvmmsg+0x190/0x240
[  353.168434][ T8194]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  353.168452][ T8194]  ? rcu_is_watching+0x15/0xb0
[  353.168481][ T8194]  ? do_syscall_64+0xbe/0x3b0
[  353.168509][ T8194]  do_syscall_64+0xfa/0x3b0
[  353.168533][ T8194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.168552][ T8194]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  353.168571][ T8194]  ? clear_bhb_loop+0x60/0xb0
[  353.168596][ T8194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.168616][ T8194] RIP: 0033:0x7f313118ebe9
[  353.168634][ T8194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.168652][ T8194] RSP: 002b:00007f3132073038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  353.168675][ T8194] RAX: ffffffffffffffda RBX: 00007f31313b6180 RCX: 00007f313118ebe9
[  353.168691][ T8194] RDX: 0000000000000002 RSI: 0000200000002400 RDI: 0000000000000006
[  353.168704][ T8194] RBP: 00007f3132073090 R08: 0000000000000000 R09: 0000000000000000
[  353.168717][ T8194] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  353.168730][ T8194] R13: 00007f31313b6218 R14: 00007f31313b6180 R15: 00007fff653a7348
[  353.168764][ T8194]  </TASK>
[  353.615530][ T1206] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  353.684699][ T8197] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  353.691577][ T8197] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  353.704232][ T8197] vhci_hcd vhci_hcd.0: Device attached
[  353.769453][ T1206] usb 4-1: device descriptor read/64, error -71
[  353.778203][ T8200] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  353.916810][ T8207] xt_TPROXY: Can be used only with -p tcp or -p udp
[  353.957352][ T5926] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  354.346490][ T1206] usb usb4-port1: attempt power cycle
[  354.353974][ T8209] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(15)
[  354.360643][ T8209] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  354.405993][ T8200] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(12)
[  354.412683][ T8200] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  354.420328][ T8197] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(9)
[  354.426896][ T8197] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  354.485592][ T8215] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(20)
[  354.492344][ T8215] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  354.511035][ T8197] vhci_hcd vhci_hcd.0: Device attached
[  354.521460][ T8209] vhci_hcd vhci_hcd.0: Device attached
[  354.535840][ T8200] vhci_hcd vhci_hcd.0: Device attached
[  354.584504][ T8215] vhci_hcd vhci_hcd.0: Device attached
[  354.876748][ T1206] usb 4-1: new low-speed USB device number 12 using dummy_hcd
[  354.876981][ T8197] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  354.909646][ T1206] usb 4-1: device descriptor read/8, error -71
[  355.759093][ T8212] vhci_hcd: connection closed
[  355.761785][ T8211] vhci_hcd: connection closed
[  355.768416][ T8205] vhci_hcd: connection closed
[  355.770422][   T36] vhci_hcd: stop threads
[  355.773349][ T8218] vhci_hcd: connection closed
[  355.786201][ T8198] vhci_hcd: connection reset by peer
[  355.809772][   T36] vhci_hcd: release socket
[  355.818031][   T36] vhci_hcd: disconnect device
[  355.831063][   T36] vhci_hcd: stop threads
[  355.886760][   T36] vhci_hcd: release socket
[  355.926944][   T36] vhci_hcd: disconnect device
[  356.029134][ T8233] netlink: 12 bytes leftover after parsing attributes in process `syz.3.534'.
[  356.067002][   T36] vhci_hcd: stop threads
[  356.102373][   T36] vhci_hcd: release socket
[  356.357186][   T36] vhci_hcd: disconnect device
[  356.397525][   T36] vhci_hcd: stop threads
[  356.437621][   T36] vhci_hcd: release socket
[  356.442393][   T36] vhci_hcd: disconnect device
[  356.449935][   T36] vhci_hcd: stop threads
[  356.454956][   T36] vhci_hcd: release socket
[  356.468245][   T36] vhci_hcd: disconnect device
[  356.652306][ T8237] xt_bpf: check failed: parse error
[  356.689130][ T8237] overlayfs: failed to resolve './file1/file0': -2
[  356.969996][ T8242] FAULT_INJECTION: forcing a failure.
[  356.969996][ T8242] name failslab, interval 1, probability 0, space 0, times 0
[  356.982696][ T8242] CPU: 1 UID: 0 PID: 8242 Comm: syz.3.537 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  356.982714][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  356.982721][ T8242] Call Trace:
[  356.982727][ T8242]  <TASK>
[  356.982733][ T8242]  dump_stack_lvl+0x189/0x250
[  356.982752][ T8242]  ? __pfx____ratelimit+0x10/0x10
[  356.982766][ T8242]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.982780][ T8242]  ? __pfx__printk+0x10/0x10
[  356.982799][ T8242]  ? __pfx___might_resched+0x10/0x10
[  356.982815][ T8242]  should_fail_ex+0x414/0x560
[  356.982831][ T8242]  should_failslab+0xa8/0x100
[  356.982847][ T8242]  kmem_cache_alloc_noprof+0x73/0x3c0
[  356.982859][ T8242]  ? fcntl_dirnotify+0x1d9/0x6a0
[  356.982876][ T8242]  fcntl_dirnotify+0x1d9/0x6a0
[  356.982897][ T8242]  do_fcntl+0x6d0/0x1910
[  356.982913][ T8242]  ? smack_file_fcntl+0x137/0x2f0
[  356.982927][ T8242]  ? __pfx_do_fcntl+0x10/0x10
[  356.982950][ T8242]  ? __fget_files+0x2a/0x420
[  356.982967][ T8242]  ? bpf_lsm_file_fcntl+0x9/0x20
[  356.982984][ T8242]  __se_sys_fcntl+0xc8/0x150
[  356.983001][ T8242]  do_syscall_64+0xfa/0x3b0
[  356.983014][ T8242]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.983027][ T8242]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.983046][ T8242]  ? clear_bhb_loop+0x60/0xb0
[  356.983060][ T8242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.983072][ T8242] RIP: 0033:0x7fa08a38ebe9
[  356.983084][ T8242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.983095][ T8242] RSP: 002b:00007fa08b181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  356.983109][ T8242] RAX: ffffffffffffffda RBX: 00007fa08a5b5fa0 RCX: 00007fa08a38ebe9
[  356.983118][ T8242] RDX: 000000008000003d RSI: 0000000000000402 RDI: 0000000000000003
[  356.983126][ T8242] RBP: 00007fa08b181090 R08: 0000000000000000 R09: 0000000000000000
[  356.983134][ T8242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.983141][ T8242] R13: 00007fa08a5b6038 R14: 00007fa08a5b5fa0 R15: 00007ffe5f21d618
[  356.983160][ T8242]  </TASK>
[  357.852314][ T8255] xt_TPROXY: Can be used only with -p tcp or -p udp
[  359.540288][ T5926] vhci_hcd: vhci_device speed not set
[  359.699632][ T5947] usb 1-1: new low-speed USB device number 19 using dummy_hcd
[  360.673727][ T5947] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  360.776287][ T5947] usb 1-1: config 0 has no interface number 0
[  360.819656][ T5947] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  361.047882][ T5947] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  361.175853][ T5947] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  361.193712][ T5947] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  361.205874][ T5947] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  361.324906][ T8282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.548'.
[  361.519569][ T5901] usb usb34-port1: attempt power cycle
[  361.528039][ T5947] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  361.554961][ T5947] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  361.567254][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.758529][ T5947] usb 1-1: config 0 descriptor??
[  361.793715][ T8286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.550'.
[  362.006206][ T8265] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  362.316988][ T8265] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  362.325336][ T8289] netlink: 452 bytes leftover after parsing attributes in process `syz.3.550'.
[  362.352389][ T5947] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  362.420321][ T1086] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.465662][ T8289] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  362.475387][ T8289] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  362.484389][ T8289] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  362.493186][ T8289] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  362.599975][ T5926] usb 1-1: USB disconnect, device number 19
[  362.610305][ T5926] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  362.612093][ T5901] usb usb34-port1: unable to enumerate USB device
[  362.717405][ T1086] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.849734][ T1086] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.379717][ T1086] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.755410][ T8308] xt_TPROXY: Can be used only with -p tcp or -p udp
[  364.520753][ T8317] netlink: 'syz.3.558': attribute type 4 has an invalid length.
[  364.688264][ T8319] netlink: 'syz.3.558': attribute type 4 has an invalid length.
[  364.866226][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  364.875349][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  364.883932][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  364.893455][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  364.902539][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  366.091009][ T1086] bond0 (unregistering): Released all slaves
[  366.654820][ T8350] tipc: Started in network mode
[  366.676994][ T8350] tipc: Node identity fe02ae90f1fa, cluster identity 4711
[  366.695414][ T8350] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  366.794015][ T8354] FAULT_INJECTION: forcing a failure.
[  366.794015][ T8354] name failslab, interval 1, probability 0, space 0, times 0
[  366.865680][ T8354] CPU: 1 UID: 0 PID: 8354 Comm: syz.0.563 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  366.865711][ T8354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  366.865724][ T8354] Call Trace:
[  366.865732][ T8354]  <TASK>
[  366.865742][ T8354]  dump_stack_lvl+0x189/0x250
[  366.865772][ T8354]  ? __pfx____ratelimit+0x10/0x10
[  366.865795][ T8354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  366.865818][ T8354]  ? __pfx__printk+0x10/0x10
[  366.865848][ T8354]  ? __pfx___might_resched+0x10/0x10
[  366.865871][ T8354]  ? fs_reclaim_acquire+0x7d/0x100
[  366.865911][ T8354]  should_fail_ex+0x414/0x560
[  366.865938][ T8354]  should_failslab+0xa8/0x100
[  366.865963][ T8354]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  366.865985][ T8354]  ? vfs_parse_monolithic_sep+0x21f/0x310
[  366.866016][ T8354]  kmemdup_nul+0x36/0xf0
[  366.866044][ T8354]  vfs_parse_monolithic_sep+0x21f/0x310
[  366.866067][ T8354]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  366.866092][ T8354]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  366.866121][ T8354]  ? fuse_init_fs_context+0xfd/0x210
[  366.866151][ T8354]  ? alloc_fs_context+0x665/0x7d0
[  366.866185][ T8354]  do_new_mount+0x21a/0xa40
[  366.866218][ T8354]  __se_sys_mount+0x317/0x410
[  366.866248][ T8354]  ? __pfx___se_sys_mount+0x10/0x10
[  366.866268][ T8354]  ? rcu_is_watching+0x15/0xb0
[  366.866296][ T8354]  ? do_syscall_64+0xbe/0x3b0
[  366.866316][ T8354]  ? __x64_sys_mount+0x20/0xc0
[  366.866341][ T8354]  do_syscall_64+0xfa/0x3b0
[  366.866361][ T8354]  ? lockdep_hardirqs_on+0x9c/0x150
[  366.866382][ T8354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.866402][ T8354]  ? clear_bhb_loop+0x60/0xb0
[  366.866427][ T8354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.866447][ T8354] RIP: 0033:0x7f313118ebe9
[  366.866464][ T8354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.866482][ T8354] RSP: 002b:00007f31320b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  366.866504][ T8354] RAX: ffffffffffffffda RBX: 00007f31313b5fa0 RCX: 00007f313118ebe9
[  366.866519][ T8354] RDX: 0000200000002100 RSI: 0000200000000100 RDI: 0000000000000000
[  366.866532][ T8354] RBP: 00007f31320b5090 R08: 0000200000002140 R09: 0000000000000000
[  366.866545][ T8354] R10: 0000000002804cdc R11: 0000000000000246 R12: 0000000000000002
[  366.866558][ T8354] R13: 00007f31313b6038 R14: 00007f31313b5fa0 R15: 00007fff653a7348
[  366.866593][ T8354]  </TASK>
[  367.149040][ T5156] Bluetooth: hci4: command tx timeout
[  367.247208][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.1.564'.
[  367.254455][ T8352] syzkaller0: entered promiscuous mode
[  367.264062][ T8352] syzkaller0: entered allmulticast mode
[  367.358592][ T8357] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  367.406784][ T6012] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  367.586810][ T6012] usb 4-1: Using ep0 maxpacket: 8
[  367.630162][ T6012] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  367.746355][ T6012] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  367.810643][ T5985] tipc: Node number set to 267955856
[  367.828358][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  368.060523][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  368.075864][ T6012] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  369.238324][ T5156] Bluetooth: hci4: command tx timeout
[  369.903545][ T1086] hsr_slave_0: left promiscuous mode
[  369.931666][ T6012] usb 4-1: string descriptor 0 read error: -71
[  369.938210][ T1086] hsr_slave_1: left promiscuous mode
[  369.946474][ T1086] 
[  369.948893][ T1086] ======================================================
[  369.955952][ T1086] WARNING: possible circular locking dependency detected
[  369.963020][ T1086] 6.16.0-syzkaller #0 Not tainted
[  369.968089][ T1086] ------------------------------------------------------
[  369.975157][ T1086] kworker/u8:5/1086 is trying to acquire lock:
[  369.981345][ T1086] ffff888029080e00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[  369.991419][ T1086] 
[  369.991419][ T1086] but task is already holding lock:
[  369.998820][ T1086] ffff88802a498d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2320
[  370.010468][ T1086] 
[  370.010468][ T1086] which lock already depends on the new lock.
[  370.010468][ T1086] 
[  370.020908][ T1086] 
[  370.020908][ T1086] the existing dependency chain (in reverse order) is:
[  370.029929][ T1086] 
[  370.029929][ T1086] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  370.038383][ T1086]        lock_acquire+0x120/0x360
[  370.043504][ T1086]        __mutex_lock+0x182/0xe80
[  370.048711][ T1086]        dev_set_mtu+0x10e/0x260
[  370.053662][ T1086]        team_add_slave+0x8b8/0x2840
[  370.058963][ T1086]        do_set_master+0x530/0x6d0
[  370.064082][ T1086]        do_setlink+0xcf0/0x41c0
[  370.069055][ T1086]        rtnl_newlink+0x160b/0x1c70
[  370.074265][ T1086]        rtnetlink_rcv_msg+0x7cc/0xb70
[  370.079746][ T1086]        netlink_rcv_skb+0x205/0x470
[  370.085045][ T1086]        netlink_unicast+0x75c/0x8e0
[  370.090423][ T1086]        netlink_sendmsg+0x805/0xb30
[  370.095717][ T1086]        __sock_sendmsg+0x21c/0x270
[  370.100922][ T1086]        ____sys_sendmsg+0x505/0x830
[  370.106222][ T1086]        ___sys_sendmsg+0x21f/0x2a0
[  370.111433][ T1086]        __x64_sys_sendmsg+0x19b/0x260
[  370.116912][ T1086]        do_syscall_64+0xfa/0x3b0
[  370.121944][ T1086]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.128453][ T1086] 
[  370.128453][ T1086] -> #0 (team->team_lock_key#5){+.+.}-{4:4}:
[  370.136672][ T1086]        validate_chain+0xb9b/0x2140
[  370.141989][ T1086]        __lock_acquire+0xab9/0xd20
[  370.147212][ T1086]        lock_acquire+0x120/0x360
[  370.152256][ T1086]        __mutex_lock+0x182/0xe80
[  370.157830][ T1086]        team_device_event+0x182/0xa20
[  370.163334][ T1086]        notifier_call_chain+0x1b3/0x3e0
[  370.169014][ T1086]        dev_close_many+0x29c/0x410
[  370.174278][ T1086]        unregister_netdevice_many_notify+0x619/0x2320
[  370.181165][ T1086]        default_device_exit_batch+0x819/0x890
[  370.187423][ T1086]        ops_undo_list+0x522/0x990
[  370.192548][ T1086]        cleanup_net+0x4c5/0x800
[  370.197593][ T1086]        process_scheduled_works+0xade/0x17b0
[  370.203929][ T1086]        worker_thread+0x8a0/0xda0
[  370.209061][ T1086]        kthread+0x70e/0x8a0
[  370.213753][ T1086]        ret_from_fork+0x3fc/0x770
[  370.218868][ T1086]        ret_from_fork_asm+0x1a/0x30
[  370.224166][ T1086] 
[  370.224166][ T1086] other info that might help us debug this:
[  370.224166][ T1086] 
[  370.234396][ T1086]  Possible unsafe locking scenario:
[  370.234396][ T1086] 
[  370.241873][ T1086]        CPU0                    CPU1
[  370.247254][ T1086]        ----                    ----
[  370.252625][ T1086]   lock(&dev_instance_lock_key#3);
[  370.257845][ T1086]                                lock(team->team_lock_key#5);
[  370.265344][ T1086]                                lock(&dev_instance_lock_key#3);
[  370.273149][ T1086]   lock(team->team_lock_key#5);
[  370.278123][ T1086] 
[  370.278123][ T1086]  *** DEADLOCK ***
[  370.278123][ T1086] 
[  370.286304][ T1086] 5 locks held by kworker/u8:5/1086:
[  370.291605][ T1086]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  370.302508][ T1086]  #1: ffffc90003a0fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  370.313083][ T1086]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  370.322425][ T1086]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890
[  370.332470][ T1086]  #4: ffff88802a498d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2320
[  370.344517][ T1086] 
[  370.344517][ T1086] stack backtrace:
[  370.350419][ T1086] CPU: 1 UID: 0 PID: 1086 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  370.350439][ T1086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.350451][ T1086] Workqueue: netns cleanup_net
[  370.350476][ T1086] Call Trace:
[  370.350482][ T1086]  <TASK>
[  370.350490][ T1086]  dump_stack_lvl+0x189/0x250
[  370.350509][ T1086]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.350525][ T1086]  ? __pfx__printk+0x10/0x10
[  370.350544][ T1086]  ? print_lock_name+0xde/0x100
[  370.350564][ T1086]  print_circular_bug+0x2ee/0x310
[  370.350583][ T1086]  check_noncircular+0x134/0x160
[  370.350603][ T1086]  validate_chain+0xb9b/0x2140
[  370.350622][ T1086]  ? __lock_acquire+0xab9/0xd20
[  370.350640][ T1086]  __lock_acquire+0xab9/0xd20
[  370.350655][ T1086]  ? team_device_event+0x182/0xa20
[  370.350669][ T1086]  lock_acquire+0x120/0x360
[  370.350682][ T1086]  ? team_device_event+0x182/0xa20
[  370.350697][ T1086]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  370.350724][ T1086]  __mutex_lock+0x182/0xe80
[  370.350740][ T1086]  ? team_device_event+0x182/0xa20
[  370.350757][ T1086]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  370.350777][ T1086]  ? team_device_event+0x182/0xa20
[  370.350791][ T1086]  ? __pfx___mutex_lock+0x10/0x10
[  370.350806][ T1086]  ? __timer_delete_sync+0x218/0x2d0
[  370.350832][ T1086]  team_device_event+0x182/0xa20
[  370.350848][ T1086]  notifier_call_chain+0x1b3/0x3e0
[  370.350867][ T1086]  dev_close_many+0x29c/0x410
[  370.350885][ T1086]  ? __lock_acquire+0xab9/0xd20
[  370.350900][ T1086]  ? __pfx_dev_close_many+0x10/0x10
[  370.350929][ T1086]  unregister_netdevice_many_notify+0x619/0x2320
[  370.350947][ T1086]  ? __local_bh_enable_ip+0x12d/0x1c0
[  370.350965][ T1086]  ? __local_bh_enable_ip+0x12d/0x1c0
[  370.350979][ T1086]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  370.351000][ T1086]  ? unregister_netdevice_queue+0x1b3/0x380
[  370.351018][ T1086]  ? batadv_meshif_destroy_netlink+0x1dd/0x270
[  370.351039][ T1086]  default_device_exit_batch+0x819/0x890
[  370.351062][ T1086]  ? __pfx___might_resched+0x10/0x10
[  370.351079][ T1086]  ? __pfx_default_device_exit_batch+0x10/0x10
[  370.351099][ T1086]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  370.351117][ T1086]  ? net_generic+0x1e/0x240
[  370.351134][ T1086]  ? __pfx_default_device_exit_batch+0x10/0x10
[  370.351160][ T1086]  ops_undo_list+0x522/0x990
[  370.351182][ T1086]  ? __pfx_ops_undo_list+0x10/0x10
[  370.351206][ T1086]  cleanup_net+0x4c5/0x800
[  370.351226][ T1086]  ? __pfx_cleanup_net+0x10/0x10
[  370.351247][ T1086]  ? process_scheduled_works+0x9ef/0x17b0
[  370.351263][ T1086]  ? process_scheduled_works+0x9ef/0x17b0
[  370.351278][ T1086]  process_scheduled_works+0xade/0x17b0
[  370.351303][ T1086]  ? __pfx_process_scheduled_works+0x10/0x10
[  370.351324][ T1086]  worker_thread+0x8a0/0xda0
[  370.351348][ T1086]  kthread+0x70e/0x8a0
[  370.351368][ T1086]  ? __pfx_worker_thread+0x10/0x10
[  370.351383][ T1086]  ? __pfx_kthread+0x10/0x10
[  370.351402][ T1086]  ? _raw_spin_unlock_irq+0x23/0x50
[  370.351415][ T1086]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.351430][ T1086]  ? __pfx_kthread+0x10/0x10
[  370.351448][ T1086]  ret_from_fork+0x3fc/0x770
[  370.351463][ T1086]  ? __pfx_ret_from_fork+0x10/0x10
[  370.351479][ T1086]  ? __switch_to_asm+0x39/0x70
[  370.351497][ T1086]  ? __switch_to_asm+0x33/0x70
[  370.351514][ T1086]  ? __pfx_kthread+0x10/0x10
[  370.351533][ T1086]  ret_from_fork_asm+0x1a/0x30
[  370.351555][ T1086]  </TASK>
[  370.690867][ T6012] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  370.700020][ T6012] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.712548][   T13] Bluetooth: (null): Invalid header checksum
[  370.718676][   T13] Bluetooth: (null): Invalid header checksum
[  370.725440][   T13] Bluetooth: (null): Invalid header checksum
[  370.731627][   T13] Bluetooth: (null): Invalid header checksum
[  370.737733][   T13] Bluetooth: (null): Invalid header checksum
[  370.744017][   T13] Bluetooth: (null): Invalid header checksum
[  370.759005][ T6012] usb 4-1: config 0 descriptor??
[  370.761086][   T13] Bluetooth: (null): Invalid header checksum
[  370.764778][ T6012] usb 4-1: can't set config #0, error -71
[  370.771785][ T8379] netlink: 236 bytes leftover after parsing attributes in process `syz.1.567'.
[  370.789001][ T6012] usb 4-1: USB disconnect, device number 14
[  370.852130][ T1086] veth1_macvtap: left promiscuous mode
[  370.858196][ T1086] veth0_macvtap: left promiscuous mode
[  370.864003][ T1086] veth1_vlan: left promiscuous mode
[  370.869498][ T1086] veth0_vlan: left promiscuous mode
[  370.916699][ T1206] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  371.308127][ T5156] Bluetooth: hci4: command tx timeout
[  371.556749][ T1086] team0 (unregistering): Port device dummy0 removed
[  371.724485][ T8350] tipc: Resetting bearer <eth:syzkaller0>
[  372.518424][ T8350] tipc: Resetting bearer <eth:syzkaller0>
[  372.556379][ T8350] tipc: Disabling bearer <eth:syzkaller0>
[  372.587284][ T1086] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.664256][ T1086] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.775427][ T1086] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.823513][ T1086] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.941347][ T1086] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.996974][ T1086] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.067803][ T1086] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.123475][ T1086] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.252941][ T1086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  373.266589][ T1086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.334069][ T1086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  373.345834][ T1086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.411768][ T1086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  373.422263][ T1086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.491507][ T1086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  373.503203][ T1086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.595683][ T1086] bridge_slave_1: left allmulticast mode
[  373.605020][ T1086] bridge_slave_1: left promiscuous mode
[  373.611790][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.623218][ T1086] bridge_slave_0: left allmulticast mode
[  373.629121][ T1086] bridge_slave_0: left promiscuous mode
[  373.634867][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.645891][ T1086] bridge_slave_1: left promiscuous mode
[  373.651863][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.663328][ T1086] bridge_slave_0: left allmulticast mode
[  373.669177][ T1086] bridge_slave_0: left promiscuous mode
[  373.674992][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.690576][ T1086] bridge_slave_1: left allmulticast mode
[  373.696280][ T1086] bridge_slave_1: left promiscuous mode
[  373.703643][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.715736][ T1086] bridge_slave_0: left allmulticast mode
[  373.722913][ T1086] bridge_slave_0: left promiscuous mode
[  373.729771][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.849719][ T1086] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[  373.881276][ T1086] bond2 (unregistering): (slave geneve2): Releasing active interface
[  373.930981][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  373.941459][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  373.951539][ T1086] bond0 (unregistering): Released all slaves
[  373.962978][ T1086] bond1 (unregistering): Released all slaves
[  373.975498][ T1086] bond2 (unregistering): Released all slaves
[  374.152255][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  374.162378][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  374.172543][ T1086] bond0 (unregistering): Released all slaves
[  374.181710][ T1086] bond1 (unregistering): Released all slaves
[  374.400853][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  374.411326][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  374.421045][ T1086] bond0 (unregistering): Released all slaves
[  374.541121][ T1086] tipc: Left network mode
[  375.032825][ T1086] hsr_slave_0: left promiscuous mode
[  375.038982][ T1086] hsr_slave_1: left promiscuous mode
[  375.044842][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.052518][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.061843][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.070018][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.082013][ T1086] hsr_slave_0: left promiscuous mode
[  375.088048][ T1086] hsr_slave_1: left promiscuous mode
[  375.093755][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.101302][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.109291][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.116804][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.126951][ T1086] hsr_slave_0: left promiscuous mode
[  375.132867][ T1086] hsr_slave_1: left promiscuous mode
[  375.138601][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.146096][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.153992][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.161599][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.175242][ T1086] veth1_macvtap: left promiscuous mode
[  375.180852][ T1086] veth0_macvtap: left promiscuous mode
[  375.186544][ T1086] veth1_vlan: left promiscuous mode
[  375.193752][ T1086] veth0_vlan: left promiscuous mode
[  375.199868][ T1086] veth1_macvtap: left promiscuous mode
[  375.205366][ T1086] veth0_macvtap: left promiscuous mode
[  375.211551][ T1086] veth1_vlan: left promiscuous mode
[  375.216954][ T1086] veth0_vlan: left promiscuous mode
[  375.222950][ T1086] veth1_macvtap: left promiscuous mode
[  375.228627][ T1086] veth0_macvtap: left promiscuous mode
[  375.234367][ T1086] veth1_vlan: left promiscuous mode
[  375.456502][ T1086] team0 (unregistering): Port device team_slave_1 removed
[  375.470192][ T1086] team0 (unregistering): Port device team_slave_0 removed
[  375.661909][ T1086] team0 (unregistering): Port device team_slave_1 removed
[  375.689997][ T1086] team0 (unregistering): Port device team_slave_0 removed
[  375.929965][ T1086] team0 (unregistering): Port device team_slave_1 removed
[  375.940915][ T1086] team0 (unregistering): Port device team_slave_0 removed
[  376.019173][ T1086] lo (unregistering): left allmulticast mode
[  377.061069][ T1086] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.130321][ T1086] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.202605][ T1086] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.242658][ T1086] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.329940][ T1086] bridge_slave_1: left allmulticast mode
[  377.335654][ T1086] bridge_slave_1: left promiscuous mode
[  377.350933][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.361231][ T1086] bridge_slave_0: left allmulticast mode
[  377.367305][ T1086] bridge_slave_0: left promiscuous mode
[  377.373064][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.498250][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  377.510167][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  377.519774][ T1086] bond0 (unregistering): Released all slaves
[  377.597918][ T1086] tipc: Left network mode
[  377.739367][ T1086] hsr_slave_0: left promiscuous mode
[  377.745223][ T1086] hsr_slave_1: left promiscuous mode
[  377.754412][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  377.762397][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0
[  377.770217][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  377.781266][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1
[  377.793105][ T1086] veth1_macvtap: left promiscuous mode
[  377.799088][ T1086] veth0_macvtap: left promiscuous mode
[  377.804727][ T1086] veth1_vlan: left promiscuous mode
[  377.811122][ T1086] veth0_vlan: left promiscuous mode
[  377.972074][ T1086] team0 (unregistering): Port device team_slave_1 removed
[  377.982777][ T1086] team0 (unregistering): Port device team_slave_0 removed
[  378.679135][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  378.685507][ T1299] ieee802154 phy1 wpan1: encryption failed: -22