last executing test programs:

3m20.075533401s ago: executing program 4 (id=106):
mkdir(&(0x7f0000000940)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000840)='ramfs\x00', 0x0, 0x0)
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
getdents64(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000280)={0x3, 0x8000000000000001}, &(0x7f00000002c0))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000200)=@raw=[@exit, @ldst, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @exit], &(0x7f0000000280)='GPL\x00', 0x4, 0xdf, &(0x7f00000002c0)=""/223, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0xc, 0x0, 0x2, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getdents(0xffffffffffffffff, &(0x7f0000000200)=""/222, 0xde)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @host, 0x0, 0x0, 0x7})
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r5, 0x7a4, &(0x7f0000000180)={{@my=0x1}, 0x5})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, 0x0, 0x0)

3m17.429430587s ago: executing program 4 (id=111):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x1}, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0) (async, rerun: 64)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) (async, rerun: 64)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 64)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
unshare(0x60400) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x8403, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, 0x0) (async)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, 0x0, 0x90)
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) (async)
chdir(&(0x7f00000001c0)='./bus\x00')
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
readahead(r4, 0x0, 0x0)

3m16.826576059s ago: executing program 4 (id=116):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000140)={0x7})

3m16.594328277s ago: executing program 4 (id=117):
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006800e97800000000000000000a000000000000000800", @ANYRES64=r1], 0x20}}, 0x0)
pipe2(&(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='ns\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r5, &(0x7f0000000300)='N', 0x1)
ppoll(&(0x7f0000000040)=[{r5}], 0x1, 0x0, 0x0, 0x0)
splice(r4, 0x0, r6, 0x0, 0x4ffe2, 0x0)
write$smackfs_cipso(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="73797a3000203030303230303030303030303030303030303435203030303030cce8e8f987996f500bbe724b3030302000"/65], 0x31)
mount$bind(&(0x7f0000000380)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2040000, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)="9f000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf0000811e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08123d00020008000140010000009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff55e461247604821d35c86ee54bbab3eaf8956e2ca426", 0x9f}], 0x1}, 0x0)

3m14.87517542s ago: executing program 4 (id=119):
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
close(0xffffffffffffffff)
syz_open_dev$dri(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000001740)={r1, 0x0, 0x0}, 0x20)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x1ff, 0x2, 0x3000, 0x2000, &(0x7f0000feb000/0x2000)=nil})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071102100000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r2}}, 0xfffffd85)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x20)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r7, 0x8b32, &(0x7f0000000040))

3m14.436749663s ago: executing program 4 (id=123):
mkdir(&(0x7f0000000180)='./file1\x00', 0xca)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000240)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]})
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
r3 = syz_open_procfs$userns(r0, &(0x7f0000000380))
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan4\x00', <r4=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x54, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r5 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x16)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
fsopen(&(0x7f0000000000)='aio\x00', 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlink(&(0x7f0000000580)='./bus\x00')
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fb0019b40320d812010079de01ec020109021b0001000003000904000001785e4c"], 0x0)
ptrace(0x10, 0x0)
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000740)={0x0})
poll(0x0, 0x0, 0xca)

3m14.052924276s ago: executing program 32 (id=123):
mkdir(&(0x7f0000000180)='./file1\x00', 0xca)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000240)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]})
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
r3 = syz_open_procfs$userns(r0, &(0x7f0000000380))
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan4\x00', <r4=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x54, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r5 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x16)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
fsopen(&(0x7f0000000000)='aio\x00', 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlink(&(0x7f0000000580)='./bus\x00')
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fb0019b40320d812010079de01ec020109021b0001000003000904000001785e4c"], 0x0)
ptrace(0x10, 0x0)
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000740)={0x0})
poll(0x0, 0x0, 0xca)

1m28.276662874s ago: executing program 2 (id=461):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x40}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14, 0x10}}, 0xc0}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000100001002bbd70000000000000000000", @ANYRES32=r1, @ANYBLOB="73000400240899ee14001680100001800c0005"], 0x38}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)

1m28.131214866s ago: executing program 2 (id=464):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000000206050000000000000000000000000010000300686173683a69702c6d61630005000400000000000900020073797a30000000001400078008001240000000000500c50c7ba163becc1500fc000000faff04000200000005"], 0x5c}}, 0x0)

1m27.941802165s ago: executing program 2 (id=466):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x3)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)

1m25.669380135s ago: executing program 2 (id=472):
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fd\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
write$smackfs_cipso(r0, &(0x7f00000003c0)={'syz0\x00', 0x20, 0x2d}, 0x31)
mount$bind(&(0x7f0000000380)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) (fail_nth: 2)

1m24.056372631s ago: executing program 2 (id=475):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioprio_set$uid(0x3, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000180)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}])

1m23.617668314s ago: executing program 2 (id=479):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_opts(r0, 0x0, 0x17, &(0x7f0000000100)="e1", 0x1)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000600)=0x1b, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
epoll_pwait(0xffffffffffffffff, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x10000008})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x1, 0x0)

1m23.370797893s ago: executing program 33 (id=479):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_opts(r0, 0x0, 0x17, &(0x7f0000000100)="e1", 0x1)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000600)=0x1b, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
epoll_pwait(0xffffffffffffffff, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x10000008})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x1, 0x0)

1m6.018583532s ago: executing program 6 (id=480):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
readv(r7, &(0x7f00000003c0)=[{&(0x7f0000000900)=""/4100, 0x1004}], 0x1)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x0, 0x0, @void, @value}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)

1m3.737694298s ago: executing program 6 (id=544):
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000400), 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELSET={0x14}], {0x14}}, 0x3c}}, 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x521000, 0x0)
mmap$dsp(&(0x7f00005c6000/0x4000)=nil, 0x4000, 0x2, 0x4000010, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000002580)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000100)={[{@metacopy_on, 0x3a}], [], 0x2f})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x0, 0x0)
getdents(r5, 0x0, 0x22)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x7fdfffffffffffff, 0x8080)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r7, &(0x7f0000001000), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c559265406c09306003d8002000", [0x0, 0x2]}})

1m2.783493407s ago: executing program 6 (id=547):
socket$netlink(0x10, 0x3, 0x4)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_io_uring_submit(r0, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
unshare(0x22020600)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000080"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket(0x10, 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f0000000380)=0x3)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000100)=[{0x0, 0x0, 0x0, 0x0, @time, {0x5}}, {0x0, 0x0, 0x0, 0x0, @time}], 0x38)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000180)=0x9, 0x4)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000100)={'security\x00', 0x3, [{}, {}, {}]}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0xffffffffffffffff, 0xee01}}, './file0\x00'})
clock_gettime(0x0, &(0x7f0000000140)={<r7=>0x0, <r8=>0x0})
futimesat(r6, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{r7, r8/1000+10000}, {0x0, 0xea60}})
mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)

39.187440556s ago: executing program 6 (id=547):
socket$netlink(0x10, 0x3, 0x4)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_io_uring_submit(r0, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
unshare(0x22020600)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000080"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket(0x10, 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f0000000380)=0x3)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000100)=[{0x0, 0x0, 0x0, 0x0, @time, {0x5}}, {0x0, 0x0, 0x0, 0x0, @time}], 0x38)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000180)=0x9, 0x4)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000100)={'security\x00', 0x3, [{}, {}, {}]}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0xffffffffffffffff, 0xee01}}, './file0\x00'})
clock_gettime(0x0, &(0x7f0000000140)={<r7=>0x0, <r8=>0x0})
futimesat(r6, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{r7, r8/1000+10000}, {0x0, 0xea60}})
mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)

18.640733545s ago: executing program 6 (id=547):
socket$netlink(0x10, 0x3, 0x4)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_io_uring_submit(r0, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
unshare(0x22020600)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000080"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket(0x10, 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f0000000380)=0x3)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000100)=[{0x0, 0x0, 0x0, 0x0, @time, {0x5}}, {0x0, 0x0, 0x0, 0x0, @time}], 0x38)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000180)=0x9, 0x4)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000100)={'security\x00', 0x3, [{}, {}, {}]}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0xffffffffffffffff, 0xee01}}, './file0\x00'})
clock_gettime(0x0, &(0x7f0000000140)={<r7=>0x0, <r8=>0x0})
futimesat(r6, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{r7, r8/1000+10000}, {0x0, 0xea60}})
mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)

17.445601858s ago: executing program 3 (id=684):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000000180)=""/185)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x10410, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = open(&(0x7f0000000040)='./file0\x00', 0x42082, 0x0)
read$FUSE(r4, &(0x7f0000001940)={0x2020}, 0x2020)

16.187499402s ago: executing program 3 (id=691):
syz_emit_ethernet(0xad, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x77, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x0, "fe906d17ef"}]}}}}}}, 0x0)

14.168175857s ago: executing program 3 (id=696):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
unshare(0x24060400)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000ac0)='\x00\x00')
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r4, &(0x7f0000000b00)={0x2020}, 0xdcdfeeb0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet(r5, &(0x7f0000009ec0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000007040)=[@ip_tos_int={{0x10, 0x84, 0x1, 0x80}}], 0x10}}], 0x1, 0x20040000)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r6, &(0x7f0000005880)=[{0xe, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @ext={0x0, 0x0}}], 0x1c)
socket$qrtr(0x2a, 0x2, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7f, @void, @value}, 0x94)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x4, 0x1}, 0x10)
socket$tipc(0x1e, 0x6455bb3269e54a65, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0x13)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x0)

12.706202217s ago: executing program 3 (id=698):
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006800e97800000000000000000a000000000000000800", @ANYRES64=r1], 0x20}}, 0x0)
pipe2(&(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='ns\x00')
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
pipe(&(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r6, &(0x7f0000000300)='N', 0x1)
ppoll(&(0x7f0000000040)=[{r6}], 0x1, 0x0, 0x0, 0x0)
splice(r5, 0x0, r7, 0x0, 0x4ffe2, 0x0)
write$smackfs_cipso(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="73797a3000203030303230303030303030303030303030303435203030303030cce8e8f987996f500bbe724b3030302000"/65], 0x31)
mount$bind(&(0x7f0000000380)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2040000, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)="9f000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf0000811e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08123d00020008000140010000009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff55e461247604821d35c86ee54bbab3eaf8956e2ca426", 0x9f}], 0x1}, 0x0)

11.78706485s ago: executing program 3 (id=702):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f00000000c0)) (async, rerun: 32)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004ec0)={{0x14}, [@NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x5, 0x0, 0x0, {0x3, 0x0, 0x1}}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}], {0x14}}, 0x7c}}, 0x0) (rerun: 32)

11.132496158s ago: executing program 3 (id=704):
mkdir(&(0x7f0000000180)='./file1\x00', 0xca)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000240)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]})
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan4\x00', <r3=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x54, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x16)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlink(&(0x7f0000000580)='./bus\x00')
socket$inet(0x2, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fb0019b40320d812010079de01ec020109021b0001000003000904000001785e4c"], 0x0)
ptrace(0x10, 0x0)
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000740)={0x0})
poll(0x0, 0x0, 0xca)

10.085009135s ago: executing program 34 (id=704):
mkdir(&(0x7f0000000180)='./file1\x00', 0xca)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000240)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]})
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan4\x00', <r3=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x54, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x16)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlink(&(0x7f0000000580)='./bus\x00')
socket$inet(0x2, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fb0019b40320d812010079de01ec020109021b0001000003000904000001785e4c"], 0x0)
ptrace(0x10, 0x0)
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000740)={0x0})
poll(0x0, 0x0, 0xca)

7.763466999s ago: executing program 0 (id=713):
unshare(0x20040600)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000300)="006484", 0x3}], 0x1, 0x5)
r1 = socket$netlink(0x10, 0x3, 0xb)
sendmsg$NFT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

7.71337907s ago: executing program 0 (id=714):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000380)=ANY=[@ANYRESOCT=r2], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r2, 0x0, 0x1}, 0xffffff88)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000", 0x23)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @exit, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x45, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r4, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff58, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000002c0)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
write$char_usb(r5, &(0x7f00000008c0)='-0', 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4000000)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc044560f, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
pread64(r6, &(0x7f0000000040)=""/41, 0x29, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000010000000000000000000000850000000e0000009500800000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20000}, 0x50)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0)

6.510910993s ago: executing program 0 (id=715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x4, 0x8, 0x40, 0x42, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000aee59120cd0c390013a60102030109021b0001000000000904"], 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20)

4.345793125s ago: executing program 0 (id=723):
unshare(0x20040600)
pipe(&(0x7f0000000040))
r0 = socket$netlink(0x10, 0x3, 0xb)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

4.294901199s ago: executing program 0 (id=724):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b03d25a806f8c2d94f90324fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000003a"])
clock_gettime(0x0, &(0x7f0000000440)={<r5=>0x0, <r6=>0x0})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000480)=<r7=>0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x403, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x647e4, 0x64da0}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x9}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}, 0x1, 0xba01}, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000780)=@fd={0x0, 0x3, 0x4, 0x400, 0x5, {r5, r6/1000+60000}, {0x5, 0xc, 0xf9, 0x5, 0x4, 0x81, "288469ce"}, 0x6, 0x4, {}, 0x2f8, 0x0, r7})
bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x80000000, 0x102, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000680)={0x2, 0x9, {0xffffffffffffffff}, {<r9=>0x0}, 0x6, 0x80000000})
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x12, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@cgroup, r10, 0xe, 0x0, 0xffffffffffffffff, @void, @value}, 0x14)
newfstatat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x100)
setreuid(r9, r11)
r12 = socket$tipc(0x1e, 0x5, 0x0)
r13 = accept4(r12, 0x0, 0x0, 0x80000)
sendmsg$OSF_MSG_ADD(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0xe0c}}, 0x0)
recvmmsg(r13, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000580)=""/135, 0x87}], 0x1}, 0x4}], 0x1, 0x10000, 0x0)
r14 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r13)
r15 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r15, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@allocspi={0x1e4, 0x16, 0x411, 0x0, 0x0, {{{@in6=@private0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}, {@in6=@private1, 0x2000, 0x33}, @in=@empty}, 0x0, 0xfdfffefe}, [@tfcpad={0x8}, @sa={0xe4, 0x6, {{@in=@private, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b}, {@in6=@dev}, @in=@multicast1, {0x0, 0x0, 0x10000000000000}}}]}, 0x1e4}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYRESHEX, @ANYRESDEC])
sendmsg$TIPC_NL_BEARER_ADD(r13, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000bc0)={0x254, r14, 0x800, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0xc4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6cc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcbc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_NODE={0xc8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "4a2bc82369448fcdeacf2fa5d741e83f5c2a823203195718c24c0d6f73e510f55e29f95b"}}, @TIPC_NLA_NODE_ID={0x6a, 0x3, "67ca2470fd66b567fb01d3faf035b0ac51e76d3fd982af48608fea8c1991a3111c40df585525ed3263203c80f45aa5ea61456f5c7ff32485d19a2aba617a5d001ed60d305edc38cbb74991c7e786215c04405f152bc0c48433d22992b39b34760991e6c81ffc"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0xb0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "d95c37133668143da4b1254748819c323f10058c8f"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "d87b1a84aff5ca150356a36b73cc65424ebb380979312e34dcc4c902199f5ce223b40ed6"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040404)

3.985591866s ago: executing program 1 (id=726):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x1, 0x0, 0x1}, &(0x7f0000000480)=<r1=>0x0, &(0x7f0000000500)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000003c0)='./bus\x00', 0x0)
r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
r4 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
ftruncate(r4, 0x2008002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read(r5, &(0x7f0000000040)=""/148, 0xffffff96) (fail_nth: 5)

3.254988361s ago: executing program 5 (id=727):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
syz_clone3(&(0x7f0000000440)={0x11f000400, 0x0, 0x0, 0x0, {0x3f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r4, @ANYBLOB="0800040004300000480012800e0001006970366772657461700000003400028008000100", @ANYRES32=r4, @ANYBLOB="14000600fe80000000000000000000000000001514000700fe80"], 0x68}}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14)

2.742777175s ago: executing program 1 (id=728):
r0 = socket(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x10400}, 0xa5, 0x10, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
socket(0x10, 0x3, 0x0)
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000700)={'lo\x00'})
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x2, 0x4, @empty}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)

2.68570195s ago: executing program 0 (id=729):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000300)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0xffffffffffffffff, 0x1, 0x4, r3, 0x80000000}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$igmp(0x2, 0x3, 0x2)
syz_usb_connect$uac1(0x0, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206"], 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvfrom(r1, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0)

2.565330948s ago: executing program 5 (id=730):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0x0, &(0x7f0000000140)=""/253, &(0x7f0000000040)=0xfd)
close(r0)
syz_open_dev$media(&(0x7f0000000000), 0x1, 0x4040)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000240)=0x1, 0x4)
shutdown(r1, 0x1)
connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x4}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4)
write$cgroup_int(r0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendto(r2, 0x0, 0xfffffffffffffea0, 0x804, 0x0, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x2000000000000040, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)

2.453097905s ago: executing program 5 (id=731):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/mdstat\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_setup(0x6, &(0x7f0000001380)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x3, r0, 0x0}])
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
socket$inet_dccp(0x2, 0x6, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x15)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

2.39788707s ago: executing program 1 (id=732):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
memfd_create(&(0x7f0000000380)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf9\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xccd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4hi\v\x00\x00\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xeb\x05\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x\x004]PZ\x9e\xd5Y\xf0L\xa4\xbc\x86\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2\x05\x00\x00\x00\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\xbc\x8d\xed\xf3\x98\x96\x84\xd7\xc2\x88\b\xcc6\xa44\xd7\xed\xc1\x8f\xa7K\xc9KeEk\xd1\xb7\xfb\x88\x12\xd0i\xef(\xddUP\xee;Dk\x84\xfcD\xf0\xd6\xe9\x96B!\x8c\xb8\xc6\'~\x99\x1d2\xdb\xfd=\xa7\x86\x06\x03\xc6Y\xc6\x87\xd13\xd0Y\x90\xe9*~$jQ\xb9\x84\xec\xe9{\xa8%}/\xcaP\xb1a\xa6\xd9\xb2\xe9\xa7\x1b\x00\xb8\x9d\xb0\x01\x04Y6\xcb\xaa\xa9\vE\xd0Q\xcd/#%J\x0f\x97\x96\xa0\xeeb\xe2R\xf5\x16\x1f\xe554q\xbdp\x0f)\x99\xec\xe4\xf9~\x91\x00[B$p\x92\x03i\x7f\x1c\xaf\x06\t\xda\xff\xb8\xf1\xc9\xd7\xc3\xfaN\xeel 40XJ\xe1\xe4Hv=\x81\xdaZ\xd6\aT\x86\xf5\x13+\xa9\x14x\xe7\x19?\xa9#2\xba\x7f1\xf2\xb8$\xa2\xb5*\xef\xd3\x8d\xe4Q\xe6C\xb3AU\xcb\xae\xdcN\xb7Mp\xc8\x04]\x84\x7f\x19\xd3#\x8b@\x9d\x1a\xc5\xc8n^e\xeak\xea9\x15\x9b\x1d\xb7\xe8\xca\xac;\n\\\xa9{B&uO\xb6\xd8\xa6\xb8\xfaA\x1f\xfb\xdcm)}q\x17\x7f\x86b\x1bq\xcb\x81\r\xc2\bb\xd9\xc7t\x88Y\f/\x0f_\x0e\xae\x92\x91\xf8B{\x16\x8a\xa7\xed\x01\x8c\xe9%', 0x7)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000000000094000040"])
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='squashfs\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r6 = creat(&(0x7f0000000440)='./bus\x00', 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000002e40)='./bus\x00', &(0x7f0000002e80)='nilfs2\x00', 0x0, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r7, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20)
sendmsg$inet(r3, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
r8 = syz_open_dev$media(&(0x7f0000000280), 0xb, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r8, 0xc0287c02, &(0x7f00000001c0)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{}, {<r9=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r8, 0xc0347c03, &(0x7f0000000080)={{}, {r9}, 0x2})
r10 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
sendto$unix(r6, &(0x7f0000000780)="fed1b4d9a446ccb1a89dba88ad56c3619c7dc7b68fe99328d5422785e7e67548362f7024294f87aba3b17794dad5bf0c511c0464608b33a83c024713ce87d3f7c360be9db9582ab144cd1acc76ee77bd0561e91eb79d5b838e605504b1815b975bd0bd4628948f5f2d0cb18bf20da86651dfe41bce58a3f36408a5efb46299eea3de135a69b7071d23fdf3a4376328a6c01a8dfb2d4ea6d405a21b5104a2b91edd54a56eb154c1b20562e0a6fd34509e50671ef041636f3e6df3b275a7c2372831ffb56e78c6a4c8bb0ed9ec0eba9193bd51", 0xd2, 0xc004, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
getdents64(r10, 0xfffffffffffffffe, 0x29)
unlink(&(0x7f0000000040)='./file0\x00')

1.846322199s ago: executing program 1 (id=733):
unshare(0x20040600)
r0 = socket$netlink(0x10, 0x3, 0xb)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

1.717707682s ago: executing program 1 (id=734):
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37bc21cfdc8180c7d09c35d130d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd6e19946b18a45333df51d78f735999aadfcda64488160c4ae6ba9dcef0c144e3de7be7fdc1ead6a425ff6128fab1517630c1d9507e0685488a57f85298b4e4382842c0730"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2f, 0x0, 0x0, @void, @value}, 0x20)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4)

1.362267225s ago: executing program 5 (id=735):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') (rerun: 32)
read$FUSE(r1, &(0x7f0000000080)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
setresuid(0x0, r2, 0x0) (async, rerun: 32)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0) (async, rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, 0x1000, 0xff, 0x10001})
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x9c, 0x2, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x9}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xffffffff}]}, @CTA_PROTOINFO={0x18, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x14, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x2, 0x4}}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x7f}]}}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0xc04}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, @CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x100}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xd}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x83a}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x24000880}, 0x0) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f00000020c0)={'wlan0\x00', {0x2, 0x4e20, @loopback}}) (async)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
recvmmsg(r6, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000000), 0x880)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711238000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
utimensat(r4, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3ffffffe}}, 0x0) (async, rerun: 32)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = eventfd(0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async, rerun: 32)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000002c0)={0x0, 0x0, 0x4, r9, 0xb}) (async, rerun: 32)
r10 = dup(r8)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_RUN(r11, 0xae80, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) (rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))

1.178159855s ago: executing program 5 (id=736):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0300000004000000040000000a0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000000000000000000000000000000000000000000000000000b9811e74a160120edab15d234357f8fb52a7a8b9fd27b2eedc5664b4ce04e5f7a0619c899502a1ece2945d48172b275c469b75dd398156dd7fed8d6490277be4cb803be766a828dfc1aafbe5f3bc53df282de05efc8eb00dac38bd00fdc0a83f0d21338e3c62ad85d1c629c682c8f972e4a9d6c24b725d3570e9ef1f47caf9e76f9ddfe8fc57566cb42dc98a1fb8ae68685a36da4a5a29211479128d87e426fe3a90a6edfbe14c0b866ca58"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xcc275000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000053c0)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
pread64(r4, 0x0, 0x0, 0x0)
read$alg(0xffffffffffffffff, &(0x7f00000001c0)=""/68, 0x44)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x26}})
unshare(0x20060000)
socket$nl_crypto(0x10, 0x3, 0x15)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
write$rfkill(r4, &(0x7f0000000180)={0x1, 0x1, 0x2, 0x1, 0x1}, 0x8)
socket$inet6(0xa, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000025c0)=@dellinkprop={0x20, 0x6d, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x10d49, 0x200}}, 0x20}, 0x1, 0x0, 0x0, 0x8015}, 0x40040)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000000)=0x4, 0x4)

1.05662215s ago: executing program 1 (id=737):
inotify_add_watch(0xffffffffffffffff, 0x0, 0x10000a0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
socket$caif_stream(0x25, 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket(0x18, 0x800, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r3 = syz_open_dev$sndctrl(0x0, 0x9, 0x101040)
fallocate(r3, 0xa, 0x1, 0x400)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x14d882, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000040))
writev(r6, &(0x7f00000004c0)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd147a1576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a235d615ded3292397894b34a794bc14a2edfdc6978c0c97bcb02de69264d", 0x81}, {0x0}], 0x2)
socketpair(0xf, 0x1, 0x37, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r7)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r7)
r8 = dup(r5)
sendfile(r5, r8, 0x0, 0x80006)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 5 (id=738):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x6, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x15, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = syz_usb_connect(0x0, 0x5d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009b6cec20ca08602058c60102030109024b0001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000b00)={0x84, &(0x7f00000001c0)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r3, 0x0)
syz_emit_ethernet(0x9a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60f5000000640600fe8000000000040000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94c2"], 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = dup(0xffffffffffffffff)
ioctl$PTP_EXTTS_REQUEST2(r5, 0x40603d10, &(0x7f0000000040)={0x7})
sendmsg$nl_generic(r5, &(0x7f0000000700)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x28, 0x23, 0x10, 0x70bd2c, 0x25dfdbff, {0xe}, [@typed={0x4, 0x6c}, @typed={0x8, 0x12b, 0x0, 0x0, @ipv4=@loopback}, @typed={0x8, 0x1f, 0x0, 0x0, @ipv4=@multicast1}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x24004811)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001500000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000d00)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000a00)={0x44, &(0x7f0000000080)={0x20, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000640)={0x2c, &(0x7f00000004c0)={0x20, 0x11, 0x2, "2086"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000000)={0x0, 0x15}, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000007c0)={0x2c, &(0x7f0000000540)={0x20, 0x13, 0x2, "a5d2"}, 0x0, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x8}, 0x0, 0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000380)={'syztnl0\x00', <r7=>0x0, 0x80, 0x10, 0x6, 0x10000, {{0x29, 0x4, 0x3, 0x7, 0xa4, 0x67, 0x0, 0x34, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xe}, @rand_addr=0x64010101, {[@end, @lsrr={0x83, 0x23, 0x91, [@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x35}, @remote, @broadcast, @rand_addr=0x64010100, @multicast2, @multicast1, @remote]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x24, 0x18, 0x0, 0x3, [0xffffff01, 0x4, 0x4d, 0x1, 0x8, 0x6, 0x7, 0xfffffffa]}, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x13, 0x2e, [@remote, @dev={0xac, 0x14, 0x14, 0x17}, @loopback, @multicast2]}, @generic={0x94, 0x9, "f3005b94fbb357"}, @timestamp_prespec={0x44, 0x24, 0xc2, 0x3, 0x4, [{@broadcast, 0x1}, {@broadcast, 0x200}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x8}, {@rand_addr=0x64010100, 0xfffffffb}]}]}}}}})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4c0, 0x0)
mount$fuseblk(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0xc000}})
r9 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r9, &(0x7f0000000180)=[{&(0x7f00000001c0)='\n', 0x1}, {0x0}], 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x1, '\x00', r7, r8, 0x5, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)

kernel console output (not intermixed with test programs):

nt 3
[  174.742465][   T25] usb 3-1: Product: syz
[  174.762763][   T25] usb 3-1: Manufacturer: syz
[  174.776032][   T25] usb 3-1: SerialNumber: syz
[  175.005368][ T5916] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  175.043533][ T5916] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 84
[  175.607484][ T5916] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 4
[  175.624881][ T5916] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  175.647771][ T5916] usb 1-1: USB disconnect, device number 8
[  175.749290][   T25] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  175.768574][   T25] usb 3-1: 2:1 : format type 39 is not supported yet
[  175.770796][ T5916] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  175.784216][   T25] usb 3-1: selecting invalid altsetting 0
[  175.850050][ T5916] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  175.894960][ T5916] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  175.923311][ T5916] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  175.933446][ T5916] keyspan 1-1:0.0: device disconnected
[  175.935007][   T25] usb 3-1: USB disconnect, device number 7
[  176.199678][ T7488] syzkaller1: entered promiscuous mode
[  176.229067][ T7488] syzkaller1: entered allmulticast mode
[  177.194753][ T7489] orangefs_mount: mount request failed with -4
[  177.428158][ T7505] netlink: 31 bytes leftover after parsing attributes in process `syz.1.334'.
[  177.618083][ T7509] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  177.883894][   T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  178.375682][   T25] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  178.434380][   T25] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  178.486286][   T25] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  178.544264][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.694242][ T5916] usb 2-1: new low-speed USB device number 8 using dummy_hcd
[  178.699293][ T7518] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  178.809092][   T25] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  178.860251][ T5916] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  178.881501][ T5916] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  179.214212][   T46] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  179.234461][ T5916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  179.268311][ T5916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.339392][ T5916] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  179.390491][   T46] usb 1-1: Using ep0 maxpacket: 32
[  179.401970][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.435726][   T46] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  179.491807][   T46] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  179.664940][   T46] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  179.720220][   T46] usb 1-1: Product: syz
[  179.760713][   T46] usb 1-1: Manufacturer: syz
[  179.814341][   T46] usb 1-1: SerialNumber: syz
[  179.901421][   T46] usb 1-1: config 0 descriptor??
[  179.927939][ T5916] hub 2-1:1.0: bad descriptor, ignoring hub
[  179.931986][ T7532] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  179.954715][ T5916] hub 2-1:1.0: probe with driver hub failed with error -5
[  179.962394][ T5916] cdc_wdm 2-1:1.0: skipping garbage
[  180.021247][ T5916] cdc_wdm 2-1:1.0: skipping garbage
[  180.139494][ T7176] wlan1: Trigger new scan to find an IBSS to join
[  180.143015][ T5916] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  180.158274][ T5916] cdc_wdm 2-1:1.0: Unknown control protocol
[  180.244240][ T5833] usb 4-1: USB disconnect, device number 12
[  180.760336][ T5916] usb 2-1: USB disconnect, device number 8
[  181.278103][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[  181.279461][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  181.286227][ T5840] Bluetooth: hci1: command 0x0406 tx timeout
[  181.315920][ T6791] udevd[6791]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.894996][ T7568] orangefs_mount: mount request failed with -4
[  182.348559][ T7601] syzkaller1: entered promiscuous mode
[  182.374756][ T7601] syzkaller1: entered allmulticast mode
[  182.548194][ T7607] xt_CT: You must specify a L4 protocol and not use inversions on it
[  183.466587][ T5833] usb 1-1: USB disconnect, device number 9
[  184.135787][ T7170] wlan1: Trigger new scan to find an IBSS to join
[  184.614451][   T46] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  184.824272][   T46] usb 4-1: Using ep0 maxpacket: 32
[  184.847124][   T46] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.858565][   T46] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  184.878960][   T46] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  184.935871][   T46] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  184.944828][   T46] usb 4-1: Product: syz
[  184.949035][   T46] usb 4-1: Manufacturer: syz
[  184.953660][   T46] usb 4-1: SerialNumber: syz
[  184.962623][   T46] usb 4-1: config 0 descriptor??
[  185.158594][ T5916] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  185.284308][ T5833] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  185.344192][ T5916] usb 1-1: Using ep0 maxpacket: 16
[  185.392266][ T5916] usb 1-1: config 0 interface 0 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.516590][   T35] wlan1: Creating new IBSS network, BSSID 56:23:a0:2a:10:43
[  185.531415][ T5916] usb 1-1: config 0 interface 0 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.571995][ T5833] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  185.692750][ T5833] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  185.761544][ T5916] usb 1-1: config 0 interface 0 has no altsetting 0
[  185.867320][ T5916] usb 1-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00
[  185.876597][ T5833] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  185.885769][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.893853][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.904523][ T5916] usb 1-1: config 0 descriptor??
[  185.913188][ T7629] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  185.950536][ T5833] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  186.189910][ T7639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.353'.
[  186.711762][   T46] usb 2-1: USB disconnect, device number 9
[  186.755024][ T5833] usb 4-1: USB disconnect, device number 13
[  187.141400][ T5916] usbhid 1-1:0.0: can't add hid device: -71
[  187.160854][ T5916] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  187.199403][ T5916] usb 1-1: USB disconnect, device number 10
[  187.529578][ T7658] xt_CT: You must specify a L4 protocol and not use inversions on it
[  187.721049][   T29] audit: type=1326 audit(1732322229.098:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  187.892176][ T5833] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  187.926942][   T29] audit: type=1326 audit(1732322229.098:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  187.951870][   T29] audit: type=1326 audit(1732322229.098:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  187.977276][   T29] audit: type=1326 audit(1732322229.098:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  187.998855][   T29] audit: type=1326 audit(1732322229.098:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.020712][   T29] audit: type=1326 audit(1732322229.098:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.042749][   T29] audit: type=1326 audit(1732322229.098:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.447713][   T29] audit: type=1326 audit(1732322229.098:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.449426][ T5833] usb 4-1: device descriptor read/64, error -71
[  188.470879][   T29] audit: type=1326 audit(1732322229.098:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.500410][   T29] audit: type=1326 audit(1732322229.098:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7660 comm="syz.1.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5417e819 code=0x7ffc0000
[  188.800635][ T5833] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  189.395063][ T5833] usb 4-1: device descriptor read/64, error -71
[  189.504458][ T5833] usb usb4-port1: attempt power cycle
[  189.564691][ T5885] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  189.632653][ T7678] loop8: detected capacity change from 0 to 7
[  189.642672][ T7678] Dev loop8: unable to read RDB block 7
[  189.650752][ T7678]  loop8: unable to read partition table
[  189.661601][ T7678] loop8: partition table beyond EOD, truncated
[  189.668332][ T7678] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  189.668332][ T7678] 
) failed (rc=-5)
[  189.686922][  T971] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  189.731211][ T5885] usb 2-1: Using ep0 maxpacket: 8
[  189.739668][ T5885] usb 2-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d9.40
[  189.749472][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.765834][ T5885] usb 2-1: Product: syz
[  189.770056][ T5885] usb 2-1: Manufacturer: syz
[  189.787004][ T5885] usb 2-1: SerialNumber: syz
[  189.800564][ T5885] usb 2-1: config 0 descriptor??
[  189.844225][  T971] usb 3-1: Using ep0 maxpacket: 16
[  189.854447][ T5833] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  189.863522][  T971] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  189.872793][  T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.883644][  T971] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  189.898102][ T5833] usb 4-1: device descriptor read/8, error -71
[  189.909476][  T971] usb 3-1: config 1 has no interface number 1
[  189.925316][  T971] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  189.937889][  T971] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  189.950634][  T971] usb 3-1: config 1 interface 2 has no altsetting 0
[  189.962937][  T971] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  189.984206][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.992544][  T971] usb 3-1: Product: syz
[  190.004311][  T971] usb 3-1: Manufacturer: syz
[  190.019915][  T971] usb 3-1: SerialNumber: syz
[  190.180868][ T5885] usb 2-1: USB disconnect, device number 10
[  190.270342][ T7675] netlink: 92 bytes leftover after parsing attributes in process `syz.2.367'.
[  190.279607][ T7675] netlink: 12 bytes leftover after parsing attributes in process `syz.2.367'.
[  190.290415][ T7675] netlink: 20 bytes leftover after parsing attributes in process `syz.2.367'.
[  190.307751][  T971] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  190.317788][  T971] usb 3-1: 2:1 : format type 39 is not supported yet
[  190.327163][  T971] usb 3-1: selecting invalid altsetting 0
[  190.350689][  T971] usb 3-1: USB disconnect, device number 8
[  190.527614][ T6019] udevd[6019]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  190.587016][ T5974] udevd[5974]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  191.222342][ T7707] xt_CT: You must specify a L4 protocol and not use inversions on it
[  191.783335][ T7701] ALSA: mixer_oss: invalid OSS volume 'j'
[  191.834862][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[  191.842687][ T7680] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  192.066240][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.376'.
[  192.650504][ T7680] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  192.663529][ T7680] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  192.671075][ T7680] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  192.682389][ T7680] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  192.690309][ T7680] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  192.699067][ T7680] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  192.705212][ T7680] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  192.716189][ T7680] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  192.839947][ T7721] netlink: 32 bytes leftover after parsing attributes in process `syz.1.380'.
[  192.854291][ T7721] netlink: 32 bytes leftover after parsing attributes in process `syz.1.380'.
[  192.976311][ T7717] orangefs_mount: mount request failed with -4
[  192.984362][  T971] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  193.003957][ T7725] FAULT_INJECTION: forcing a failure.
[  193.003957][ T7725] name failslab, interval 1, probability 0, space 0, times 0
[  193.110094][ T7725] CPU: 1 UID: 0 PID: 7725 Comm: syz.0.381 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  193.120437][ T7725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  193.130525][ T7725] Call Trace:
[  193.133825][ T7725]  <TASK>
[  193.136785][ T7725]  dump_stack_lvl+0x241/0x360
[  193.141489][ T7725]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.146737][ T7725]  ? __pfx__printk+0x10/0x10
[  193.151335][ T7725]  ? ref_tracker_alloc+0x332/0x490
[  193.156448][ T7725]  should_fail_ex+0x3b0/0x4e0
[  193.161134][ T7725]  ? skb_clone+0x20c/0x390
[  193.165545][ T7725]  should_failslab+0xac/0x100
[  193.170225][ T7725]  ? skb_clone+0x20c/0x390
[  193.174664][ T7725]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  193.180053][ T7725]  skb_clone+0x20c/0x390
[  193.184295][ T7725]  __netlink_deliver_tap+0x3cc/0x7f0
[  193.189594][ T7725]  ? netlink_deliver_tap+0x2e/0x1b0
[  193.194824][ T7725]  netlink_deliver_tap+0x19d/0x1b0
[  193.199945][ T7725]  netlink_unicast+0x7c4/0x990
[  193.204710][ T7725]  ? __pfx_netlink_unicast+0x10/0x10
[  193.209986][ T7725]  ? __virt_addr_valid+0x183/0x530
[  193.215090][ T7725]  ? __check_object_size+0x48e/0x900
[  193.220373][ T7725]  netlink_sendmsg+0x8e4/0xcb0
[  193.225139][ T7725]  ? __pfx_netlink_sendmsg+0x10/0x10
[  193.230440][ T7725]  ? __pfx_netlink_sendmsg+0x10/0x10
[  193.235719][ T7725]  __sock_sendmsg+0x221/0x270
[  193.240421][ T7725]  ____sys_sendmsg+0x52a/0x7e0
[  193.245185][ T7725]  ? __pfx_____sys_sendmsg+0x10/0x10
[  193.250458][ T7725]  ? __fget_files+0x2a/0x410
[  193.255039][ T7725]  ? __fget_files+0x2a/0x410
[  193.259626][ T7725]  __sys_sendmsg+0x269/0x350
[  193.264218][ T7725]  ? __pfx_lock_release+0x10/0x10
[  193.269241][ T7725]  ? __pfx___sys_sendmsg+0x10/0x10
[  193.274352][ T7725]  ? __pfx_vfs_write+0x10/0x10
[  193.279155][ T7725]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  193.285477][ T7725]  ? do_syscall_64+0x100/0x230
[  193.290259][ T7725]  ? do_syscall_64+0xb6/0x230
[  193.294981][ T7725]  do_syscall_64+0xf3/0x230
[  193.299500][ T7725]  ? clear_bhb_loop+0x35/0x90
[  193.304194][ T7725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.310101][ T7725] RIP: 0033:0x7f73be17e819
[  193.314520][ T7725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.334318][ T7725] RSP: 002b:00007f73bf04a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.342748][ T7725] RAX: ffffffffffffffda RBX: 00007f73be335fa0 RCX: 00007f73be17e819
[  193.350744][ T7725] RDX: 000000000000c000 RSI: 0000000020000000 RDI: 0000000000000003
[  193.358731][ T7725] RBP: 00007f73bf04a090 R08: 0000000000000000 R09: 0000000000000000
[  193.366699][ T7725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.374666][ T7725] R13: 0000000000000000 R14: 00007f73be335fa0 R15: 00007ffc1e3cbf58
[  193.382921][ T7725]  </TASK>
[  193.386031][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.835571][  T971] usb 6-1: device descriptor read/all, error -71
[  193.974168][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[  194.002073][ T7733] fuse: Bad value for 'fd'
[  194.086865][ T7740] xt_CT: You must specify a L4 protocol and not use inversions on it
[  194.330343][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.388'.
[  194.541253][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  194.550874][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  194.659876][ T7748] usb usb8: usbfs: process 7748 (syz.3.387) did not claim interface 0 before use
[  194.821834][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  194.828482][ T5836] Bluetooth: hci3: command 0x0406 tx timeout
[  194.835108][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[  194.846555][ T7746] netlink: 20 bytes leftover after parsing attributes in process `syz.0.388'.
[  195.007950][   T29] kauditd_printk_skb: 13 callbacks suppressed
[  195.007969][   T29] audit: type=1326 audit(1732322236.388:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7742 comm="syz.5.389" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b9df7e819 code=0x0
[  195.406402][ T7767] netlink: 68 bytes leftover after parsing attributes in process `syz.3.393'.
[  196.672253][   T58] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  196.698635][ T7780] syz.1.395: attempt to access beyond end of device
[  196.698635][ T7780] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  196.735051][ T7780] gfs2: error -5 reading superblock
[  196.826905][   T58] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  196.838103][   T58] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  196.889500][   T58] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  196.937941][   T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.949097][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  196.959995][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  196.969411][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  197.714343][  T971] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  197.804849][ T7774] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  197.825154][   T58] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  198.014295][  T971] usb 6-1: Using ep0 maxpacket: 32
[  198.032865][ T7798] netlink: 'syz.1.399': attribute type 10 has an invalid length.
[  198.042330][  T971] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.063522][ T7798] netlink: 188 bytes leftover after parsing attributes in process `syz.1.399'.
[  198.073104][  T971] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  198.174673][  T971] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  198.183858][  T971] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  198.201390][  T971] usb 6-1: Product: syz
[  198.207171][ T7787] orangefs_mount: mount request failed with -4
[  198.227666][  T971] usb 6-1: Manufacturer: syz
[  198.232407][  T971] usb 6-1: SerialNumber: syz
[  198.292199][  T971] usb 6-1: config 0 descriptor??
[  198.646883][   T58] usb 3-1: USB disconnect, device number 9
[  199.046871][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  199.905535][ T7818] gfs2: not a GFS2 filesystem
[  199.912007][ T7818] No such timeout policy "syz0"
[  199.979887][  T971] usb 6-1: USB disconnect, device number 6
[  200.090806][ T7822] fuse: Unknown parameter '184467440737095516150xffffffffffffffffÿÿÿÿÿÿÿÿÿÿ00000000000000000000'
[  201.064023][ T7836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.408'.
[  201.358772][ T7836] netlink: 16 bytes leftover after parsing attributes in process `syz.3.408'.
[  202.362832][   T58] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  202.591765][   T58] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  202.669873][   T58] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  202.731120][   T58] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  202.801141][   T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.914545][ T7847] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  202.945143][ T7855] orangefs_mount: mount request failed with -4
[  203.071847][   T58] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  204.139220][ T5885] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  204.305800][ T5885] usb 3-1: config 0 has no interfaces?
[  204.311545][ T5885] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  204.360802][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.392434][ T5885] usb 3-1: config 0 descriptor??
[  204.973172][   T29] audit: type=1804 audit(1732322246.348:119): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.423" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0
[  205.016966][   T29] audit: type=1800 audit(1732322246.378:120): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.423" name="/" dev="fuse" ino=1 res=0 errno=0
[  205.056164][   T29] audit: type=1804 audit(1732322246.398:121): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.423" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0
[  205.078433][   T29] audit: type=1804 audit(1732322246.398:122): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.423" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0
[  205.128321][   T29] audit: type=1800 audit(1732322246.398:123): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.423" name="/" dev="fuse" ino=1 res=0 errno=0
[  205.859097][ T7895] support for cryptoloop has been removed.  Use dm-crypt instead.
[  206.161063][  T971] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  206.304303][  T971] usb 1-1: device descriptor read/64, error -71
[  206.624547][  T971] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  206.674685][ T7906] block device autoloading is deprecated and will be removed.
[  206.683257][ T7906] syz.3.428: attempt to access beyond end of device
[  206.683257][ T7906] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  206.774741][  T971] usb 1-1: device descriptor read/64, error -71
[  206.840214][   T58] usb 2-1: USB disconnect, device number 11
[  206.888132][  T971] usb usb1-port1: attempt power cycle
[  206.998320][ T5833] usb 3-1: USB disconnect, device number 10
[  207.191196][ T7909] netlink: 25 bytes leftover after parsing attributes in process `syz.1.430'.
[  207.370143][  T971] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  207.386139][  T971] usb 1-1: device descriptor read/8, error -71
[  207.436880][   T29] audit: type=1326 audit(1732322248.818:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7920 comm="syz.2.433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c01f7e819 code=0x0
[  207.461543][ T7923] program syz.3.434 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  207.487389][ T7904] orangefs_mount: mount request failed with -4
[  207.630300][  T971] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  207.649323][  T971] usb 1-1: device descriptor read/8, error -71
[  207.760535][ T7932] netlink: 68 bytes leftover after parsing attributes in process `syz.5.437'.
[  207.761777][  T971] usb usb1-port1: unable to enumerate USB device
[  208.985123][ T7927] netlink: 12 bytes leftover after parsing attributes in process `syz.3.435'.
[  208.995461][ T7942] ieee802154 phy0 wpan0: encryption failed: -22
[  209.001919][ T7927] netlink: 16 bytes leftover after parsing attributes in process `syz.3.435'.
[  209.081737][ T7947] syz.1.442: attempt to access beyond end of device
[  209.081737][ T7947] md0: rw=0, sector=2, nr_sectors = 2 limit=0
[  209.094911][ T7947] vxfs: unable to read disk superblock at 1
[  209.101289][ T7947] syz.1.442: attempt to access beyond end of device
[  209.101289][ T7947] md0: rw=0, sector=16, nr_sectors = 2 limit=0
[  209.114144][ T7947] vxfs: unable to read disk superblock at 8
[  209.120072][ T7947] vxfs: can't find superblock.
[  209.624014][ T7960] binder: 7946:7960 ioctl c0306201 20000680 returned -14
[  211.045638][  T971] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  211.202542][ T5840] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  211.212331][ T5840] Bluetooth: hci3: Injecting HCI hardware error event
[  211.226213][ T5840] Bluetooth: hci3: hardware error 0x00
[  211.828613][ T7972] Can't find ip_set type has
[  211.936732][  T971] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.956557][  T971] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.295164][  T971] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  212.426939][  T971] usb 1-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  212.466579][  T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.684922][  T971] usb 1-1: config 0 descriptor??
[  212.701011][  T971] usb 1-1: can't set config #0, error -71
[  213.680737][  T971] usb 1-1: USB disconnect, device number 15
[  213.731042][ T5840] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  214.665317][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  214.758408][ T7997] block nbd5: NBD_DISCONNECT
[  214.966797][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.456'.
[  215.518790][ T7173] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  215.774001][ T7996] block nbd5: Disconnected due to user request.
[  215.793218][ T7996] block nbd5: shutting down sockets
[  216.042342][ T8025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.461'.
[  216.209213][ T8036] netlink: 16 bytes leftover after parsing attributes in process `syz.2.464'.
[  216.403472][ T8040] netlink: 68 bytes leftover after parsing attributes in process `syz.3.468'.
[  216.458472][ T8045] kvm: user requested TSC rate below hardware speed
[  219.461646][ T8060] FAULT_INJECTION: forcing a failure.
[  219.461646][ T8060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.476774][ T8060] CPU: 0 UID: 0 PID: 8060 Comm: syz.2.472 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  219.487044][ T8060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  219.497099][ T8060] Call Trace:
[  219.500371][ T8060]  <TASK>
[  219.503295][ T8060]  dump_stack_lvl+0x241/0x360
[  219.507986][ T8060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.513190][ T8060]  ? __pfx__printk+0x10/0x10
[  219.517788][ T8060]  should_fail_ex+0x3b0/0x4e0
[  219.522472][ T8060]  strncpy_from_user+0x36/0x260
[  219.527330][ T8060]  getname_flags+0xf1/0x540
[  219.531834][ T8060]  ? __fget_files+0x2a/0x410
[  219.536423][ T8060]  user_path_at+0x24/0x60
[  219.540756][ T8060]  __se_sys_mount+0x297/0x3c0
[  219.545435][ T8060]  ? lockdep_hardirqs_on+0x99/0x150
[  219.550639][ T8060]  ? __pfx___se_sys_mount+0x10/0x10
[  219.555845][ T8060]  ? __x64_sys_mount+0x20/0xc0
[  219.560616][ T8060]  do_syscall_64+0xf3/0x230
[  219.565121][ T8060]  ? clear_bhb_loop+0x35/0x90
[  219.569798][ T8060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.575689][ T8060] RIP: 0033:0x7f9c01f7e819
[  219.580109][ T8060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.599712][ T8060] RSP: 002b:00007f9bffdf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  219.608131][ T8060] RAX: ffffffffffffffda RBX: 00007f9c02136080 RCX: 00007f9c01f7e819
[  219.616102][ T8060] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000000
[  219.624072][ T8060] RBP: 00007f9bffdf6090 R08: 0000000000000000 R09: 0000000000000000
[  219.632041][ T8060] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  219.640030][ T8060] R13: 0000000000000000 R14: 00007f9c02136080 R15: 00007ffd6e5733a8
[  219.648017][ T8060]  </TASK>
[  220.235193][ T8063] bond0: option resend_igmp: invalid value (7540)
[  220.241739][ T8063] bond0: option resend_igmp: allowed values 0 - 255
[  220.468371][ T8065] bond0: option resend_igmp: invalid value (7540)
[  220.474511][   T46] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  220.476472][ T8065] bond0: option resend_igmp: allowed values 0 - 255
[  220.647272][   T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  220.676768][   T46] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  220.695207][   T46] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  220.705805][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  220.713825][   T46] usb 1-1: SerialNumber: syz
[  220.756995][ T7170] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.860111][ T7170] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.966652][ T8083] netlink: 'syz.3.482': attribute type 2 has an invalid length.
[  221.039384][ T7170] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.099308][ T8083] Xÿ: entered promiscuous mode
[  221.130717][ T8059] IPVS: set_ctl: invalid protocol: 108 172.20.20.67:20002
[  221.184189][  T971] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  221.209307][ T7170] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.344218][ T8097] netlink: 68 bytes leftover after parsing attributes in process `syz.1.485'.
[  221.609832][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  222.324156][  T971] usb 6-1: Using ep0 maxpacket: 16
[  222.329483][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  222.723926][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  222.731927][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  222.745976][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  222.753329][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  222.992597][  T971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  223.010579][  T971] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  223.019770][  T971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.045396][  T971] usb 6-1: Product: syz
[  223.049615][  T971] usb 6-1: Manufacturer: syz
[  223.063012][  T971] usb 6-1: SerialNumber: syz
[  223.073524][  T971] usb 6-1: config 0 descriptor??
[  223.085004][ T8108] netlink: 48 bytes leftover after parsing attributes in process `syz.3.488'.
[  223.100403][  T971] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  223.124175][  T971] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  223.163108][ T7170] bridge_slave_1: left allmulticast mode
[  223.179416][ T7170] bridge_slave_1: left promiscuous mode
[  223.193812][ T7170] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.388286][ T5885] usb 1-1: USB disconnect, device number 16
[  223.403124][ T7170] bridge_slave_0: left allmulticast mode
[  223.409366][ T7170] bridge_slave_0: left promiscuous mode
[  223.419771][ T7170] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.255169][  T971] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  224.795087][ T5840] Bluetooth: hci2: command tx timeout
[  224.909804][  T971] em28xx 6-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=65)
[  224.980025][  T971] em28xx 6-1:0.0: board has no eeprom
[  224.986423][ T7170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  224.998447][ T7170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  225.014401][ T7170] bond0 (unregistering): Released all slaves
[  225.035505][ T7170] bond1 (unregistering): Released all slaves
[  225.360487][ T8125] bond0: option resend_igmp: invalid value (7540)
[  225.370239][ T8125] bond0: option resend_igmp: allowed values 0 - 255
[  225.489547][  T971] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  225.499208][  T971] em28xx 6-1:0.0: dvb set to bulk mode.
[  225.530536][ T5833] em28xx 6-1:0.0: Binding DVB extension
[  225.590315][ T5833] em28xx 6-1:0.0: Registering input extension
[  225.668487][ T8098] chnl_net:caif_netlink_parms(): no params data found
[  225.726496][  T971] usb 6-1: USB disconnect, device number 7
[  225.732897][  T971] em28xx 6-1:0.0: Disconnecting em28xx
[  225.738464][  T971] em28xx 6-1:0.0: Closing input extension
[  225.908893][  T971] em28xx 6-1:0.0: Freeing device
[  226.003714][ T7170] hsr_slave_0: left promiscuous mode
[  226.022654][ T7170] hsr_slave_1: left promiscuous mode
[  226.103920][ T7170] veth1_macvtap: left promiscuous mode
[  226.125564][ T7170] veth0_macvtap: left promiscuous mode
[  226.136194][ T7170] veth1_vlan: left allmulticast mode
[  226.141554][ T7170] veth1_vlan: left promiscuous mode
[  226.151243][ T7170] veth0_vlan: left promiscuous mode
[  226.769051][ T8158] xt_CT: You must specify a L4 protocol and not use inversions on it
[  227.221476][ T5840] Bluetooth: hci2: command tx timeout
[  227.284272][  T971] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  227.330958][ T8163] sctp: [Deprecated]: syz.1.497 (pid 8163) Use of int in max_burst socket option.
[  227.330958][ T8163] Use struct sctp_assoc_value instead
[  227.390764][ T8167] netlink: 68 bytes leftover after parsing attributes in process `syz.5.498'.
[  227.664573][  T971] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  228.672750][  T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.691105][  T971] usb 1-1: config 0 descriptor??
[  229.086264][ T7170] macvlan0 (unregistering): left allmulticast mode
[  229.286297][   T54] Bluetooth: hci2: command tx timeout
[  229.371312][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  229.524806][    T9] usb 4-1: Using ep0 maxpacket: 32
[  229.597602][ T7170] team0 (unregistering): Port device team_slave_1 removed
[  229.613235][  T971] usb 1-1: Cannot set autoneg
[  229.643800][  T971] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  229.711756][ T7170] team0 (unregistering): Port device team_slave_0 removed
[  229.739485][  T971] usb 1-1: USB disconnect, device number 17
[  229.806092][    T9] usb 4-1: device descriptor read/all, error -71
[  230.270445][ T8098] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.277972][ T8098] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.285446][ T8098] bridge_slave_0: entered allmulticast mode
[  230.292510][ T8098] bridge_slave_0: entered promiscuous mode
[  230.307658][ T8184] bond0: option resend_igmp: invalid value (7540)
[  230.317101][ T8184] bond0: option resend_igmp: allowed values 0 - 255
[  230.395709][ T8098] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.402877][ T8098] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.410271][ T8098] bridge_slave_1: entered allmulticast mode
[  230.421484][ T8098] bridge_slave_1: entered promiscuous mode
[  230.467133][ T8098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.479064][ T8098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  230.564409][  T971] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  230.637888][ T8098] team0: Port device team_slave_0 added
[  230.690997][ T8098] team0: Port device team_slave_1 added
[  230.695957][ T8193] mmap: syz.3.507 (8193) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  230.714535][  T971] usb 1-1: Using ep0 maxpacket: 32
[  230.732345][  T971] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  230.741597][  T971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.756135][  T971] usb 1-1: Product: syz
[  230.760472][  T971] usb 1-1: Manufacturer: syz
[  230.769271][  T971] usb 1-1: SerialNumber: syz
[  231.457509][   T54] Bluetooth: hci2: command tx timeout
[  231.500040][  T971] usb 1-1: config 0 descriptor??
[  231.507535][ T8098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.514861][ T8098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.564453][ T8098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.579116][  T971] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  231.619515][ T8098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.626664][ T8098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.673466][ T8098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.825195][ T8098] hsr_slave_0: entered promiscuous mode
[  231.835820][ T7170] IPVS: stop unused estimator thread 0...
[  231.846973][ T8206] fuse: Unknown parameter ']~ô™í±|—¢'
[  231.848088][ T8098] hsr_slave_1: entered promiscuous mode
[  231.861545][ T8098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  231.871652][ T8098] Cannot create hsr debugfs directory
[  232.203598][ T8098] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  232.235982][ T8098] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  232.247359][ T8098] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  232.267782][ T8098] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  233.814849][  T971] gspca_ov534_9: reg_w failed -71
[  234.116603][ T8098] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.136165][  T971] gspca_ov534_9: Unknown sensor 0000
[  234.136217][  T971] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22
[  234.165253][  T971] usb 1-1: USB disconnect, device number 18
[  234.231525][ T8227] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  234.946707][ T8098] 8021q: adding VLAN 0 to HW filter on device team0
[  234.978318][ T8098] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  234.988795][ T8098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  235.017040][ T6373] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.024184][ T6373] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.055793][ T6373] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.062963][ T6373] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.212909][ T8233] bond0: option resend_igmp: invalid value (7540)
[  235.219751][ T8233] bond0: option resend_igmp: allowed values 0 - 255
[  235.304192][  T971] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  235.387314][ T8098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.488776][  T971] usb 1-1: config 0 has an invalid descriptor of length 75, skipping remainder of the config
[  235.519779][  T971] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  235.572473][  T971] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  235.603178][  T971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.622604][  T971] usb 1-1: Product: syz
[  235.637844][  T971] usb 1-1: Manufacturer: syz
[  235.642498][  T971] usb 1-1: SerialNumber: syz
[  235.666377][  T971] usb 1-1: config 0 descriptor??
[  235.892157][  T971] redrat3 1-1:0.0: Couldn't find all endpoints
[  235.903551][  T971] usb 1-1: USB disconnect, device number 19
[  235.960511][ T8098] veth0_vlan: entered promiscuous mode
[  236.008048][ T8098] veth1_vlan: entered promiscuous mode
[  236.057057][ T8098] veth0_macvtap: entered promiscuous mode
[  236.077112][ T8098] veth1_macvtap: entered promiscuous mode
[  236.117941][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.160740][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.186427][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.218454][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.242533][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.265151][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.282429][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.300119][ T8269] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  236.311083][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.335336][ T8098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.355630][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.384178][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.394505][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.423693][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.441706][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.452417][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.464558][ T8098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.481223][ T8098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.533632][ T8098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.577618][ T8098] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.601922][ T8098] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.612973][ T8098] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.627836][ T8098] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.073139][   T58] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  237.169199][ T8277] bond0: option resend_igmp: invalid value (7540)
[  237.189971][ T8279] netlink: 24 bytes leftover after parsing attributes in process `syz.5.530'.
[  237.233433][ T8277] bond0: option resend_igmp: allowed values 0 - 255
[  237.313071][   T58] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  237.325643][   T58] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  237.336801][   T58] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  237.345934][   T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.358173][ T8273] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  237.367554][   T58] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  237.414401][ T7173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.440750][   T29] audit: type=1326 audit(1732322278.818:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8274 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b9df7e819 code=0x7ffc0000
[  237.462673][ T7173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.466861][   T29] audit: type=1326 audit(1732322278.818:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8274 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b9df7e819 code=0x7ffc0000
[  237.588120][ T8273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.596680][ T8273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.060192][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.115560][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.153934][ T8285] netlink: 64 bytes leftover after parsing attributes in process `syz.3.534'.
[  238.193041][ T8285] 9pnet_fd: Insufficient options for proto=fd
[  238.200291][ T8285] 9pnet_fd: Insufficient options for proto=fd
[  238.469291][ T8289] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  238.504526][ T8289] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  238.540381][ T8289] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  238.549532][ T8289] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  239.526795][ T5884] usb 1-1: USB disconnect, device number 20
[  239.554226][ T5916] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  239.704639][ T5916] usb 6-1: Using ep0 maxpacket: 16
[  239.719836][ T5916] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  239.741758][ T5916] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  239.760598][ T5916] usb 6-1: config 1 has no interface number 1
[  239.777566][ T5916] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  239.788616][ T8315] netlink: 24 bytes leftover after parsing attributes in process `syz.3.539'.
[  240.172313][ T5916] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  240.428466][ T5916] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  240.491725][ T8321] bond0: option resend_igmp: invalid value (7540)
[  240.500371][ T8321] bond0: option resend_igmp: allowed values 0 - 255
[  240.502550][ T5916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.515633][ T5916] usb 6-1: Product: syz
[  240.519926][ T5916] usb 6-1: Manufacturer: syz
[  240.525064][ T5916] usb 6-1: SerialNumber: syz
[  240.889382][ T5916] usb 6-1: 2:1 : no UAC_FORMAT_TYPE desc
[  241.108492][ T5916] usb 6-1: USB disconnect, device number 8
[  241.776786][   T11] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.837050][   T54] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  241.851585][ T8330] binder: Bad value for 'max'
[  242.050613][   T11] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  242.220119][   T11] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.232179][   T11] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  242.569139][   T11] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.580025][   T11] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  242.811253][ T8340] FAULT_INJECTION: forcing a failure.
[  242.811253][ T8340] name failslab, interval 1, probability 0, space 0, times 0
[  243.294750][ T8340] CPU: 1 UID: 0 PID: 8340 Comm: syz.3.550 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  243.305051][ T8340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  243.315142][ T8340] Call Trace:
[  243.318440][ T8340]  <TASK>
[  243.321382][ T8340]  dump_stack_lvl+0x241/0x360
[  243.326094][ T8340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.331328][ T8340]  ? __pfx__printk+0x10/0x10
[  243.335949][ T8340]  ? __kmalloc_node_noprof+0xb7/0x440
[  243.341331][ T8340]  ? __pfx___might_resched+0x10/0x10
[  243.346607][ T8340]  ? __asan_memset+0x23/0x50
[  243.351200][ T8340]  should_fail_ex+0x3b0/0x4e0
[  243.355871][ T8340]  should_failslab+0xac/0x100
[  243.360541][ T8340]  __kmalloc_node_noprof+0xdf/0x440
[  243.365728][ T8340]  ? __kvmalloc_node_noprof+0x72/0x190
[  243.371194][ T8340]  __kvmalloc_node_noprof+0x72/0x190
[  243.376473][ T8340]  alloc_netdev_mqs+0xa72/0x1080
[  243.381404][ T8340]  rtnl_create_link+0x2f9/0xc20
[  243.386259][ T8340]  rtnl_newlink_create+0x210/0xa30
[  243.391363][ T8340]  ? irqentry_exit+0x63/0x90
[  243.395963][ T8340]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  243.401622][ T8340]  ? rtnl_newlink+0xd15/0x24f0
[  243.406385][ T8340]  ? rtnl_newlink+0xd24/0x24f0
[  243.411152][ T8340]  rtnl_newlink+0x17dd/0x24f0
[  243.415838][ T8340]  ? __pfx_rtnl_newlink+0x10/0x10
[  243.420857][ T8340]  ? netlink_unicast+0x7c4/0x990
[  243.425796][ T8340]  ? __pfx_validate_chain+0x10/0x10
[  243.431015][ T8340]  ? __sys_sendmsg+0x269/0x350
[  243.435773][ T8340]  ? do_syscall_64+0xf3/0x230
[  243.440445][ T8340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.446524][ T8340]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  243.452501][ T8340]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  243.458831][ T8340]  ? mark_lock+0x9a/0x360
[  243.463159][ T8340]  ? __lock_acquire+0x1397/0x2100
[  243.468213][ T8340]  ? __pfx_lock_release+0x10/0x10
[  243.473231][ T8340]  ? cap_capable+0x1b4/0x250
[  243.477829][ T8340]  ? __pfx_rtnl_newlink+0x10/0x10
[  243.482856][ T8340]  rtnetlink_rcv_msg+0x791/0xcf0
[  243.487790][ T8340]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  243.492912][ T8340]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  243.498386][ T8340]  ? ref_tracker_free+0x643/0x7e0
[  243.503436][ T8340]  netlink_rcv_skb+0x1e3/0x430
[  243.508221][ T8340]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  243.513690][ T8340]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  243.519538][ T8340]  ? netlink_deliver_tap+0x2e/0x1b0
[  243.524756][ T8340]  netlink_unicast+0x7f6/0x990
[  243.529536][ T8340]  ? __pfx_netlink_unicast+0x10/0x10
[  243.534824][ T8340]  ? __virt_addr_valid+0x183/0x530
[  243.539941][ T8340]  ? __check_object_size+0x48e/0x900
[  243.545237][ T8340]  netlink_sendmsg+0x8e4/0xcb0
[  243.550016][ T8340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.555324][ T8340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.560611][ T8340]  __sock_sendmsg+0x221/0x270
[  243.565288][ T8340]  ____sys_sendmsg+0x52a/0x7e0
[  243.570059][ T8340]  ? __pfx_____sys_sendmsg+0x10/0x10
[  243.575345][ T8340]  ? __fget_files+0x2a/0x410
[  243.579939][ T8340]  ? __fget_files+0x2a/0x410
[  243.584531][ T8340]  __sys_sendmsg+0x269/0x350
[  243.589114][ T8340]  ? __pfx_lock_release+0x10/0x10
[  243.594141][ T8340]  ? __pfx___sys_sendmsg+0x10/0x10
[  243.599264][ T8340]  ? __pfx_vfs_write+0x10/0x10
[  243.604055][ T8340]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  243.610396][ T8340]  ? do_syscall_64+0x100/0x230
[  243.615166][ T8340]  ? do_syscall_64+0xb6/0x230
[  243.619847][ T8340]  do_syscall_64+0xf3/0x230
[  243.624351][ T8340]  ? clear_bhb_loop+0x35/0x90
[  243.629028][ T8340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.634917][ T8340] RIP: 0033:0x7f1ed3f7e819
[  243.639328][ T8340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.658961][ T8340] RSP: 002b:00007f1ed4d18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  243.667374][ T8340] RAX: ffffffffffffffda RBX: 00007f1ed4135fa0 RCX: 00007f1ed3f7e819
[  243.675352][ T8340] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
[  243.683323][ T8340] RBP: 00007f1ed4d18090 R08: 0000000000000000 R09: 0000000000000000
[  243.691292][ T8340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  243.699262][ T8340] R13: 0000000000000000 R14: 00007f1ed4135fa0 R15: 00007ffdbdd2f498
[  243.707245][ T8340]  </TASK>
[  243.834209][ T8349] netlink: 12 bytes leftover after parsing attributes in process `syz.5.552'.
[  243.843478][ T8349] netlink: 16 bytes leftover after parsing attributes in process `syz.5.552'.
[  244.175860][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  244.187423][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  244.195395][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  244.203334][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  244.210659][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  244.217878][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  244.685072][   T11] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.741579][   T11] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  245.438171][   T11] bridge_slave_1: left allmulticast mode
[  245.443876][   T11] bridge_slave_1: left promiscuous mode
[  245.449810][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.360912][   T54] Bluetooth: hci2: command tx timeout
[  246.425735][   T11] bridge_slave_0: left allmulticast mode
[  246.431433][   T11] bridge_slave_0: left promiscuous mode
[  246.439573][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.929667][ T8375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.559'.
[  247.867923][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.887814][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.909185][   T11] bond0 (unregistering): Released all slaves
[  247.989305][ T8366] netlink: 132 bytes leftover after parsing attributes in process `syz.5.557'.
[  248.043094][ T8353] chnl_net:caif_netlink_parms(): no params data found
[  248.274575][ T8399] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  248.299543][ T8400] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  248.434419][   T54] Bluetooth: hci2: command tx timeout
[  248.587120][  T234] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  249.800150][ T8416] netlink: 12 bytes leftover after parsing attributes in process `syz.1.570'.
[  249.809506][ T8416] netlink: 16 bytes leftover after parsing attributes in process `syz.1.570'.
[  250.159525][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.182410][ T8353] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.475647][   T54] Bluetooth: hci2: command tx timeout
[  250.654330][ T5916] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  250.885014][ T8353] bridge_slave_0: entered allmulticast mode
[  250.902556][ T8353] bridge_slave_0: entered promiscuous mode
[  250.923736][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.957516][ T8353] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.974432][ T8353] bridge_slave_1: entered allmulticast mode
[  250.989345][ T8353] bridge_slave_1: entered promiscuous mode
[  251.043201][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  251.060562][ T5916] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.094292][ T5916] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  251.119917][ T5916] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  251.151496][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  251.170864][ T8426] syzkaller1: entered promiscuous mode
[  251.177367][ T5916] usb 4-1: Product: syz
[  251.185102][ T8426] syzkaller1: entered allmulticast mode
[  251.192286][ T5916] usb 4-1: Manufacturer: syz
[  251.200689][ T5916] usb 4-1: SerialNumber: syz
[  251.207692][ T5916] usb 4-1: config 0 descriptor??
[  251.213474][   T11] hsr_slave_0: left promiscuous mode
[  251.218499][ T8440] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  251.238413][   T11] hsr_slave_1: left promiscuous mode
[  251.239441][ T8441] 9pnet_fd: Insufficient options for proto=fd
[  251.262741][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.270321][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.278600][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.286235][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.315686][   T11] veth1_macvtap: left promiscuous mode
[  251.321255][   T11] veth0_macvtap: left promiscuous mode
[  251.327012][   T11] veth1_vlan: left promiscuous mode
[  251.332365][   T11] veth0_vlan: left promiscuous mode
[  251.417226][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz.5.574'.
[  251.959610][   T11] team0 (unregistering): Port device team_slave_1 removed
[  252.066749][   T11] team0 (unregistering): Port device team_slave_0 removed
[  252.179374][ T8449] overlayfs: missing 'lowerdir'
[  252.564564][   T54] Bluetooth: hci2: command tx timeout
[  253.255365][    T9] usb 4-1: USB disconnect, device number 20
[  253.290945][ T8453] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  253.410576][ T8457] syz.3.583: attempt to access beyond end of device
[  253.410576][ T8457] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  253.424845][ T8457] SQUASHFS error: Failed to read block 0x0: -5
[  253.431072][ T8457] unable to read squashfs_super_block
[  253.527569][ T8463] FAULT_INJECTION: forcing a failure.
[  253.527569][ T8463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.531404][ T8461] NILFS (nullb0): couldn't find nilfs on the device
[  253.551935][ T8463] CPU: 1 UID: 0 PID: 8463 Comm: syz.0.584 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  253.562222][ T8463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  253.572290][ T8463] Call Trace:
[  253.575571][ T8463]  <TASK>
[  253.578497][ T8463]  dump_stack_lvl+0x241/0x360
[  253.583179][ T8463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.588383][ T8463]  ? __pfx__printk+0x10/0x10
[  253.592972][ T8463]  ? do_raw_spin_lock+0x14f/0x370
[  253.598002][ T8463]  should_fail_ex+0x3b0/0x4e0
[  253.602684][ T8463]  _copy_to_user+0x31/0xb0
[  253.607110][ T8463]  fanotify_read+0xe0d/0x2c30
[  253.611810][ T8463]  ? __pfx_fanotify_read+0x10/0x10
[  253.616950][ T8463]  ? __pfx_woken_wake_function+0x10/0x10
[  253.622611][ T8463]  ? rw_verify_area+0x568/0x6f0
[  253.627477][ T8463]  ? __pfx_fanotify_read+0x10/0x10
[  253.632594][ T8463]  vfs_read+0x1fc/0xb70
[  253.636762][ T8463]  ? __pfx_vfs_read+0x10/0x10
[  253.641439][ T8463]  ? __fget_files+0x2a/0x410
[  253.646034][ T8463]  ? __fget_files+0x395/0x410
[  253.650711][ T8463]  ? __fget_files+0x2a/0x410
[  253.655303][ T8463]  ksys_read+0x18f/0x2b0
[  253.659547][ T8463]  ? __pfx_ksys_read+0x10/0x10
[  253.664308][ T8463]  ? do_syscall_64+0x100/0x230
[  253.669078][ T8463]  ? do_syscall_64+0xb6/0x230
[  253.673758][ T8463]  do_syscall_64+0xf3/0x230
[  253.678270][ T8463]  ? clear_bhb_loop+0x35/0x90
[  253.682989][ T8463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.688896][ T8463] RIP: 0033:0x7f73be17e819
[  253.693308][ T8463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.712919][ T8463] RSP: 002b:00007f73bf04a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  253.721337][ T8463] RAX: ffffffffffffffda RBX: 00007f73be335fa0 RCX: 00007f73be17e819
[  253.729310][ T8463] RDX: 0000000000002020 RSI: 0000000020000140 RDI: 0000000000000003
[  253.737285][ T8463] RBP: 00007f73bf04a090 R08: 0000000000000000 R09: 0000000000000000
[  253.745256][ T8463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.753220][ T8463] R13: 0000000000000000 R14: 00007f73be335fa0 R15: 00007ffc1e3cbf58
[  253.761203][ T8463]  </TASK>
[  253.798693][ T8353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.852827][ T8353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.914047][ T8353] team0: Port device team_slave_0 added
[  253.966047][ T8353] team0: Port device team_slave_1 added
[  254.105370][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_0
[  254.112359][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.175813][ T8353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  254.209318][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_1
[  254.254855][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.281193][ T8353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  254.358972][ T8353] hsr_slave_0: entered promiscuous mode
[  254.366941][ T8353] hsr_slave_1: entered promiscuous mode
[  254.376526][ T8353] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  254.384236][ T8353] Cannot create hsr debugfs directory
[  254.561178][ T8476] netlink: 32 bytes leftover after parsing attributes in process `syz.5.588'.
[  254.621900][ T8475] xt_CT: No such helper "snmp_trap"
[  255.022652][ T8493] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  255.919390][ T8502] fuse: Unknown parameter 'id'
[  255.945037][ T8502] (syz.3.595,8502,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  255.953961][ T8502] (syz.3.595,8502,1):ocfs2_fill_super:1178 ERROR: status = -22
[  255.993329][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  255.999972][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  256.149940][ T8504] syz.5.596: attempt to access beyond end of device
[  256.149940][ T8504] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0
[  256.163950][ T8504] SQUASHFS error: Failed to read block 0x0: -5
[  256.170817][ T8504] unable to read squashfs_super_block
[  256.731454][ T8509] bond0: option resend_igmp: invalid value (7540)
[  256.758743][ T8509] bond0: option resend_igmp: allowed values 0 - 255
[  256.787774][ T8353] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  256.888682][ T8353] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  256.974455][ T8353] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  257.154423][    T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  257.228075][ T8353] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  257.356943][    T9] usb 1-1: Using ep0 maxpacket: 32
[  257.403267][ T8353] 8021q: adding VLAN 0 to HW filter on device bond0
[  257.419164][ T8353] 8021q: adding VLAN 0 to HW filter on device team0
[  257.450230][ T8353] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  257.460695][ T8353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  257.510278][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.517482][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.528650][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.535804][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.634958][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  257.641276][ T8523] netlink: 144 bytes leftover after parsing attributes in process `syz.5.603'.
[  257.686107][    T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  257.716073][    T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  257.763174][    T9] usb 1-1: Product: syz
[  258.076924][ T8528] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  258.086143][ T8528] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  258.094936][ T8528] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  258.103643][ T8528] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  258.330210][    T9] usb 1-1: Manufacturer: syz
[  258.352059][    T9] usb 1-1: SerialNumber: syz
[  258.672381][ T8353] 8021q: adding VLAN 0 to HW filter on device batadv0
[  258.895909][  T971] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  258.965941][ T8538] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  258.982074][    T9] usb 1-1: config 0 descriptor??
[  258.988711][ T8514] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  259.082046][ T8544] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  259.133956][   T29] audit: type=1326 audit(1732322300.508:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8548 comm="syz.5.607" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b9df7e819 code=0x0
[  259.144568][ T8552] syz.3.609: attempt to access beyond end of device
[  259.144568][ T8552] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  259.210806][ T8353] veth0_vlan: entered promiscuous mode
[  259.237676][ T8552] SQUASHFS error: Failed to read block 0x0: -5
[  259.252112][ T8514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.255780][ T8552] unable to read squashfs_super_block
[  259.272465][ T8353] veth1_vlan: entered promiscuous mode
[  259.297233][ T8514] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.709282][ T8353] veth0_macvtap: entered promiscuous mode
[  259.773464][ T8353] veth1_macvtap: entered promiscuous mode
[  259.851711][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.868649][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.879043][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.893402][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.918359][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.973416][   T46] usb 1-1: USB disconnect, device number 21
[  259.979525][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.990823][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.054541][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.105515][ T8353] batman_adv: batadv0: Interface activated: batadv_slave_0
[  260.130507][ T8568] bond0: option resend_igmp: invalid value (7540)
[  260.144444][ T8568] bond0: option resend_igmp: allowed values 0 - 255
[  260.311279][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.493968][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.503983][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.516457][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.526832][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.537802][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.547868][ T8353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.558725][ T8353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.574855][ T8353] batman_adv: batadv0: Interface activated: batadv_slave_1
[  260.582290][ T8575] netlink: 132 bytes leftover after parsing attributes in process `syz.5.614'.
[  260.605167][ T8353] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.615353][ T8353] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.624678][ T8353] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.635563][ T8353] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.744487][   T46] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  260.777188][ T7178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.791317][ T7178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.819842][ T7173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.839637][ T7173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.914667][   T46] usb 1-1: Using ep0 maxpacket: 8
[  260.922682][   T46] usb 1-1: config 0 has an invalid interface number: 137 but max is 0
[  260.942939][   T46] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.988993][   T46] usb 1-1: config 0 has no interface number 0
[  261.065074][   T46] usb 1-1: config 0 interface 137 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  261.897603][   T46] usb 1-1: config 0 interface 137 altsetting 0 endpoint 0x3 has invalid maxpacket 959, setting to 64
[  261.914184][   T46] usb 1-1: config 0 interface 137 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  261.944348][   T46] usb 1-1: config 0 interface 137 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 12
[  262.005383][   T46] usb 1-1: New USB device found, idVendor=06f8, idProduct=3009, bcdDevice=3c.93
[  262.014902][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.022919][   T46] usb 1-1: Product: syz
[  262.061102][   T46] usb 1-1: Manufacturer: syz
[  262.098375][   T46] usb 1-1: SerialNumber: syz
[  262.145164][   T46] usb 1-1: config 0 descriptor??
[  262.515209][   T46] gspca_main: gspca_pac7302-2.14.0 probing 06f8:3009
[  262.604876][ T8597] netlink: 12 bytes leftover after parsing attributes in process `syz.3.620'.
[  262.614036][ T8597] netlink: 16 bytes leftover after parsing attributes in process `syz.3.620'.
[  263.194893][   T46] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  263.204197][   T46] gspca_pac7302 1-1:0.137: probe with driver gspca_pac7302 failed with error -110
[  264.243792][ T8601] netlink: 12 bytes leftover after parsing attributes in process `syz.5.622'.
[  264.252807][ T8601] netlink: 16 bytes leftover after parsing attributes in process `syz.5.622'.
[  264.279114][ T8610] syz.1.624: attempt to access beyond end of device
[  264.279114][ T8610] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  264.296290][ T8610] SQUASHFS error: Failed to read block 0x0: -5
[  264.302528][ T8610] unable to read squashfs_super_block
[  264.477309][ T8617] bond0: option resend_igmp: invalid value (7540)
[  264.486163][ T8617] bond0: option resend_igmp: allowed values 0 - 255
[  264.798932][ T5923] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  265.074305][ T5923] usb 2-1: Using ep0 maxpacket: 8
[  265.085956][ T5923] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  265.097011][ T5923] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  265.107823][ T5923] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  265.118339][ T5923] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  265.137382][ T5923] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  265.147165][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  265.155648][ T5923] usb 2-1: Product: syz
[  265.292628][ T7173] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.418844][ T5923] usb 2-1: GET_CAPABILITIES returned 0
[  265.425457][ T5923] usbtmc 2-1:16.0: can't read capabilities
[  265.484801][ T7173] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.504760][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  265.531784][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  265.542384][   T46] usb 1-1: USB disconnect, device number 22
[  265.550324][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  265.559046][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  265.569420][ T5840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  265.585176][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  265.625298][ T7173] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.648570][ T8619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.658371][ T8619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.739378][ T7173] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.858864][ T5923] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  266.214165][ T8640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.223472][ T8640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.269575][ T8638] can0: slcan on ptm0.
[  266.395772][ T5923] usb 6-1: Using ep0 maxpacket: 16
[  266.598829][ T5923] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.615529][ T8626] chnl_net:caif_netlink_parms(): no params data found
[  266.627666][ T7173] bridge_slave_1: left allmulticast mode
[  266.627794][ T5923] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  266.633440][ T7173] bridge_slave_1: left promiscuous mode
[  266.642685][ T5923] usb 6-1: New USB device found, idVendor=046d, idProduct=ffff, bcdDevice= 0.00
[  266.657784][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.659106][ T7173] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.668420][ T5923] usb 6-1: config 0 descriptor??
[  266.685858][ T7173] bridge_slave_0: left allmulticast mode
[  266.691708][ T7173] bridge_slave_0: left promiscuous mode
[  266.697546][ T7173] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.812375][ T8643] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  267.180528][ T7173] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  267.191070][ T7173] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  267.202566][ T7173] bond0 (unregistering): Released all slaves
[  267.354315][ T5923] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  267.421636][ T8626] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.430159][ T8626] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.434828][ T5916] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  267.438463][ T8626] bridge_slave_0: entered allmulticast mode
[  267.451986][ T8626] bridge_slave_0: entered promiscuous mode
[  267.461745][ T8626] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.469707][ T8626] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.477478][ T8626] bridge_slave_1: entered allmulticast mode
[  267.484274][ T8626] bridge_slave_1: entered promiscuous mode
[  267.518538][ T5923] usb 1-1: config 4 has an invalid interface number: 39 but max is 1
[  267.532409][ T5923] usb 1-1: config 4 has an invalid interface number: 49 but max is 1
[  267.544058][ T5923] usb 1-1: config 4 has no interface number 0
[  267.553706][ T5923] usb 1-1: config 4 has no interface number 1
[  267.563346][ T5923] usb 1-1: config 4 interface 39 has no altsetting 0
[  267.570584][ T8626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.576406][ T5923] usb 1-1: config 4 interface 49 has no altsetting 0
[  267.582927][ T8626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  267.595778][ T5923] usb 1-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  267.595811][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.595832][ T5923] usb 1-1: Product: syz
[  267.595847][ T5923] usb 1-1: Manufacturer: syz
[  267.595862][ T5923] usb 1-1: SerialNumber: syz
[  267.677578][   T54] Bluetooth: hci2: command tx timeout
[  267.756181][ T8626] team0: Port device team_slave_0 added
[  267.771459][ T7173] hsr_slave_0: left promiscuous mode
[  267.777484][ T8639] can0 (unregistered): slcan off ptm0.
[  267.842527][ T7173] hsr_slave_1: left promiscuous mode
[  267.846557][   T46] usb 2-1: USB disconnect, device number 12
[  267.868791][ T7173] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.889368][ T7173] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.967721][ T7173] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.984312][ T7173] batman_adv: batadv0: Removing interface: batadv_slave_1
[  268.062157][ T7173] veth1_macvtap: left promiscuous mode
[  268.075212][ T5916] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  268.091083][ T7173] veth0_macvtap: left promiscuous mode
[  268.114968][ T7173] veth1_vlan: left promiscuous mode
[  268.175813][ T7173] veth0_vlan: left promiscuous mode
[  269.758749][   T54] Bluetooth: hci2: command tx timeout
[  270.212195][    T9] usb 6-1: USB disconnect, device number 9
[  270.842215][ T5923] usb 1-1: USB disconnect, device number 23
[  270.901025][ T7173] team0 (unregistering): Port device team_slave_1 removed
[  270.963197][ T7173] team0 (unregistering): Port device team_slave_0 removed
[  271.468240][ T8626] team0: Port device team_slave_1 added
[  271.632499][ T8626] batman_adv: batadv0: Adding interface: batadv_slave_0
[  271.642918][ T8626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  271.669173][ T8626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  271.682060][ T8626] batman_adv: batadv0: Adding interface: batadv_slave_1
[  271.698613][ T8626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  271.735277][ T8694] FAULT_INJECTION: forcing a failure.
[  271.735277][ T8694] name failslab, interval 1, probability 0, space 0, times 0
[  271.785198][ T8626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  271.800767][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.3.644 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  271.811053][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  271.821106][ T8694] Call Trace:
[  271.824377][ T8694]  <TASK>
[  271.827298][ T8694]  dump_stack_lvl+0x241/0x360
[  271.831981][ T8694]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.837179][ T8694]  ? __pfx__printk+0x10/0x10
[  271.841764][ T8694]  ? fs_reclaim_acquire+0x93/0x130
[  271.846866][ T8694]  ? __pfx___might_resched+0x10/0x10
[  271.852214][ T8694]  should_fail_ex+0x3b0/0x4e0
[  271.856918][ T8694]  should_failslab+0xac/0x100
[  271.861601][ T8694]  __kmalloc_node_track_caller_noprof+0xda/0x440
[  271.867918][ T8694]  ? smk_import_entry+0x18d/0x610
[  271.872955][ T8694]  kstrndup+0x41/0xb0
[  271.876950][ T8694]  smk_import_entry+0x18d/0x610
[  271.881807][ T8694]  smk_write_net4addr+0x37d/0xf10
[  271.886841][ T8694]  ? __pfx_smk_write_net4addr+0x10/0x10
[  271.892388][ T8694]  ? rcu_read_lock_any_held+0xb7/0x160
[  271.897866][ T8694]  ? __pfx_smk_write_net4addr+0x10/0x10
[  271.903426][ T8694]  vfs_write+0x2a3/0xd30
[  271.907750][ T8694]  ? __pfx_vfs_write+0x10/0x10
[  271.912509][ T8694]  ? __fget_files+0x2a/0x410
[  271.917107][ T8694]  ? __fget_files+0x395/0x410
[  271.921794][ T8694]  ? __fget_files+0x2a/0x410
[  271.926403][ T8694]  ksys_write+0x18f/0x2b0
[  271.930764][ T8694]  ? __pfx_ksys_write+0x10/0x10
[  271.935626][ T8694]  ? do_syscall_64+0x100/0x230
[  271.940390][ T8694]  ? do_syscall_64+0xb6/0x230
[  271.945074][ T8694]  do_syscall_64+0xf3/0x230
[  271.949571][ T8694]  ? clear_bhb_loop+0x35/0x90
[  271.954243][ T8694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.960140][ T8694] RIP: 0033:0x7f1ed3f7e819
[  271.964548][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.984155][ T8694] RSP: 002b:00007f1ed4d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  271.992560][ T8694] RAX: ffffffffffffffda RBX: 00007f1ed4135fa0 RCX: 00007f1ed3f7e819
[  272.000533][ T8694] RDX: 000000000000006f RSI: 0000000020000000 RDI: 0000000000000003
[  272.008497][ T8694] RBP: 00007f1ed4d18090 R08: 0000000000000000 R09: 0000000000000000
[  272.016456][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.024412][ T8694] R13: 0000000000000000 R14: 00007f1ed4135fa0 R15: 00007ffdbdd2f498
[  272.032377][ T8694]  </TASK>
[  272.124836][   T54] Bluetooth: hci2: command tx timeout
[  272.266595][ T8695] netlink: 12 bytes leftover after parsing attributes in process `syz.5.645'.
[  272.275996][ T8695] netlink: 16 bytes leftover after parsing attributes in process `syz.5.645'.
[  272.613486][ T8626] hsr_slave_0: entered promiscuous mode
[  272.630898][ T8626] hsr_slave_1: entered promiscuous mode
[  272.645958][ T8699] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  272.674814][ T8626] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  272.692821][ T8626] Cannot create hsr debugfs directory
[  272.707681][ T8699] netlink: 52 bytes leftover after parsing attributes in process `syz.1.646'.
[  273.724195][ T5916] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  273.851905][ T8714] block device autoloading is deprecated and will be removed.
[  273.881692][ T8715] erofs (device loop11): cannot find valid erofs superblock
[  274.062679][ T8717] fuse: Unknown parameter 'f`'
[  274.070312][ T8717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.651'.
[  274.316093][   T54] Bluetooth: hci2: command tx timeout
[  274.576276][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  274.670549][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  274.683748][ T5916] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  274.705802][ T5916] usb 2-1: New USB device found, idVendor=046d, idProduct=ffff, bcdDevice= 0.00
[  274.720897][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.733451][ T5916] usb 2-1: config 0 descriptor??
[  274.746905][ T8719] FAULT_INJECTION: forcing a failure.
[  274.746905][ T8719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.772636][ T8719] CPU: 0 UID: 0 PID: 8719 Comm: syz.3.653 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  274.782988][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  274.793071][ T8719] Call Trace:
[  274.796372][ T8719]  <TASK>
[  274.799414][ T8719]  dump_stack_lvl+0x241/0x360
[  274.804562][ T8719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.809801][ T8719]  ? __pfx__printk+0x10/0x10
[  274.814422][ T8719]  ? __pfx_lock_release+0x10/0x10
[  274.819470][ T8719]  should_fail_ex+0x3b0/0x4e0
[  274.824183][ T8719]  _copy_from_user+0x2f/0xc0
[  274.828804][ T8719]  dev_ethtool+0xea/0x1bc0
[  274.833255][ T8719]  ? dev_load+0x21/0x1f0
[  274.837521][ T8719]  ? __pfx_dev_ethtool+0x10/0x10
[  274.842493][ T8719]  ? dev_load+0x21/0x1f0
[  274.846760][ T8719]  dev_ioctl+0x785/0x1340
[  274.851116][ T8719]  sock_do_ioctl+0x240/0x460
[  274.851919][ T8626] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  274.855712][ T8719]  ? __pfx_sock_do_ioctl+0x10/0x10
[  274.855747][ T8719]  ? __asan_memset+0x23/0x50
[  274.863462][ T8723] FAULT_INJECTION: forcing a failure.
[  274.863462][ T8723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.867516][ T8719]  ? smack_file_ioctl+0x29e/0x3a0
[  274.867549][ T8719]  sock_ioctl+0x626/0x8e0
[  274.867572][ T8719]  ? __pfx_sock_ioctl+0x10/0x10
[  274.867591][ T8719]  ? __fget_files+0x2a/0x410
[  274.867610][ T8719]  ? __fget_files+0x2a/0x410
[  274.867630][ T8719]  ? __pfx_sock_ioctl+0x10/0x10
[  274.867650][ T8719]  __se_sys_ioctl+0xf5/0x170
[  274.867674][ T8719]  do_syscall_64+0xf3/0x230
[  274.867699][ T8719]  ? clear_bhb_loop+0x35/0x90
[  274.867725][ T8719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.867746][ T8719] RIP: 0033:0x7f1ed3f7e819
[  274.867771][ T8719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.867784][ T8719] RSP: 002b:00007f1ed4d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.965820][ T8719] RAX: ffffffffffffffda RBX: 00007f1ed4135fa0 RCX: 00007f1ed3f7e819
[  274.973814][ T8719] RDX: 00000000200002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  274.981803][ T8719] RBP: 00007f1ed4d18090 R08: 0000000000000000 R09: 0000000000000000
[  274.989785][ T8719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.997768][ T8719] R13: 0000000000000000 R14: 00007f1ed4135fa0 R15: 00007ffdbdd2f498
[  275.005776][ T8719]  </TASK>
[  275.008816][ T8723] CPU: 1 UID: 0 PID: 8723 Comm: syz.5.655 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  275.019079][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  275.029135][ T8723] Call Trace:
[  275.032409][ T8723]  <TASK>
[  275.035336][ T8723]  dump_stack_lvl+0x241/0x360
[  275.040020][ T8723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.045220][ T8723]  ? __pfx__printk+0x10/0x10
[  275.049808][ T8723]  ? __pfx_lock_release+0x10/0x10
[  275.054845][ T8723]  should_fail_ex+0x3b0/0x4e0
[  275.059551][ T8723]  _copy_from_user+0x2f/0xc0
[  275.064596][ T8723]  memdup_user+0x64/0xc0
[  275.068857][ T8723]  ptp_ioctl+0x5dc/0x3320
[  275.073208][ T8723]  ? __pfx_ptp_ioctl+0x10/0x10
[  275.077993][ T8723]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  275.084009][ T8723]  ? __pfx_smack_log+0x10/0x10
[  275.088788][ T8723]  ? smack_file_ioctl+0x29e/0x3a0
[  275.093830][ T8723]  ? __fget_files+0x2a/0x410
[  275.098440][ T8723]  ? __pfx_ptp_ioctl+0x10/0x10
[  275.103206][ T8723]  posix_clock_ioctl+0x100/0x140
[  275.108158][ T8723]  ? __pfx_posix_clock_ioctl+0x10/0x10
[  275.113633][ T8723]  __se_sys_ioctl+0xf5/0x170
[  275.118320][ T8723]  do_syscall_64+0xf3/0x230
[  275.122827][ T8723]  ? clear_bhb_loop+0x35/0x90
[  275.127520][ T8723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.133447][ T8723] RIP: 0033:0x7f8b9df7e819
[  275.137860][ T8723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.157464][ T8723] RSP: 002b:00007f8b9ed03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.165881][ T8723] RAX: ffffffffffffffda RBX: 00007f8b9e135fa0 RCX: 00007f8b9df7e819
[  275.173849][ T8723] RDX: 0000000000000000 RSI: 0000000043403d0e RDI: 0000000000000003
[  275.181988][ T8723] RBP: 00007f8b9ed03090 R08: 0000000000000000 R09: 0000000000000000
[  275.189958][ T8723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.197943][ T8723] R13: 0000000000000000 R14: 00007f8b9e135fa0 R15: 00007fff511bc5b8
[  275.205920][ T8723]  </TASK>
[  276.251430][ T8626] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  277.013044][ T8626] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  277.037839][ T8626] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  277.399075][    T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  277.402996][ T8626] 8021q: adding VLAN 0 to HW filter on device bond0
[  277.616583][    T9] usb 4-1: Using ep0 maxpacket: 32
[  277.643639][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.653727][ T8626] 8021q: adding VLAN 0 to HW filter on device team0
[  277.660382][ T7173] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.667895][ T7173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.687484][ T5887] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  277.697639][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  277.736151][    T9] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  277.751954][    T9] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  277.826256][ T7170] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.833445][ T7170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.841093][    T9] usb 4-1: Product: syz
[  277.848611][    T9] usb 4-1: Manufacturer: syz
[  277.861639][    T9] usb 4-1: SerialNumber: syz
[  277.881286][    T9] usb 4-1: config 0 descriptor??
[  278.154869][ T8751] netlink: 12 bytes leftover after parsing attributes in process `syz.5.661'.
[  278.164337][ T8751] netlink: 16 bytes leftover after parsing attributes in process `syz.5.661'.
[  279.182341][ T5923] usb 2-1: USB disconnect, device number 13
[  280.110991][ T5884] usb 4-1: USB disconnect, device number 21
[  280.138129][ T8626] 8021q: adding VLAN 0 to HW filter on device batadv0
[  280.340468][ T8769] binder: 8766:8769 ioctl c0306201 20000580 returned -14
[  280.619656][ T8778] netlink: 12 bytes leftover after parsing attributes in process `syz.5.667'.
[  281.358970][ T5884] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  281.368789][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  281.544212][ T5884] usb 4-1: device descriptor read/64, error -71
[  281.663162][ T8626] veth0_vlan: entered promiscuous mode
[  281.675605][ T8626] veth1_vlan: entered promiscuous mode
[  281.894533][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  281.951065][ T8626] veth0_macvtap: entered promiscuous mode
[  282.074970][    T9] usb 6-1: Using ep0 maxpacket: 32
[  282.092301][    T9] usb 6-1: New USB device found, idVendor=10cf, idProduct=8068, bcdDevice=2e.fd
[  282.104752][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.119494][ T8626] veth1_macvtap: entered promiscuous mode
[  282.221176][    T9] usb 6-1: config 0 descriptor??
[  282.304223][ T5884] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  282.314020][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.343542][    T9] vmk80xx 6-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  282.354208][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.364246][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.375722][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.388688][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.409139][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.432800][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.444254][ T5884] usb 4-1: device descriptor read/64, error -71
[  282.448438][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.461725][ T8626] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.477216][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.495468][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.515508][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.567842][ T5884] usb usb4-port1: attempt power cycle
[  282.627929][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.975055][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.003696][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.051104][ T8626] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.072298][ T8626] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.102045][ T8626] batman_adv: batadv0: Interface activated: batadv_slave_1
[  283.104302][ T8791] netlink: 165 bytes leftover after parsing attributes in process `syz.5.670'.
[  283.141045][ T8626] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.162265][ T8626] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.172401][ T8626] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.181466][ T8626] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  283.384913][    T9] usb 6-1: USB disconnect, device number 10
[  283.665058][ T8799] netlink: 132 bytes leftover after parsing attributes in process `syz.0.674'.
[  283.731118][ T6520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.743573][ T6520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.778775][ T6520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.786951][ T6520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.797075][ T8807] FAULT_INJECTION: forcing a failure.
[  284.797075][ T8807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.810630][ T8807] CPU: 0 UID: 0 PID: 8807 Comm: syz.5.678 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  284.820904][ T8807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  284.830980][ T8807] Call Trace:
[  284.834278][ T8807]  <TASK>
[  284.837225][ T8807]  dump_stack_lvl+0x241/0x360
[  284.841928][ T8807]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.847150][ T8807]  ? __pfx__printk+0x10/0x10
[  284.851771][ T8807]  should_fail_ex+0x3b0/0x4e0
[  284.856477][ T8807]  _copy_to_user+0x31/0xb0
[  284.860915][ T8807]  bpf_test_finish+0x212/0x890
[  284.865713][ T8807]  ? __pfx_bpf_test_finish+0x10/0x10
[  284.871023][ T8807]  ? convert___skb_to_skb+0x41/0x620
[  284.876310][ T8807]  ? convert_skb_to___skb+0x2d3/0x510
[  284.881683][ T8807]  bpf_prog_test_run_skb+0xff0/0x1820
[  284.887068][ T8807]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  284.892873][ T8807]  ? __fget_files+0x2a/0x410
[  284.897462][ T8807]  ? fput+0x21b/0x290
[  284.901434][ T8807]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  284.907238][ T8807]  bpf_prog_test_run+0x2e4/0x360
[  284.912173][ T8807]  __sys_bpf+0x48d/0x810
[  284.916418][ T8807]  ? __pfx___sys_bpf+0x10/0x10
[  284.921194][ T8807]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  284.927178][ T8807]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  284.933510][ T8807]  ? do_syscall_64+0x100/0x230
[  284.938283][ T8807]  __x64_sys_bpf+0x7c/0x90
[  284.942702][ T8807]  do_syscall_64+0xf3/0x230
[  284.947207][ T8807]  ? clear_bhb_loop+0x35/0x90
[  284.951885][ T8807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.957791][ T8807] RIP: 0033:0x7f8b9df7e819
[  284.962200][ T8807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.981805][ T8807] RSP: 002b:00007f8b9ed03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  284.990219][ T8807] RAX: ffffffffffffffda RBX: 00007f8b9e135fa0 RCX: 00007f8b9df7e819
[  284.998187][ T8807] RDX: 000000000000004c RSI: 0000000020000240 RDI: 000000000000000a
[  285.006152][ T8807] RBP: 00007f8b9ed03090 R08: 0000000000000000 R09: 0000000000000000
[  285.014123][ T8807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  285.022095][ T8807] R13: 0000000000000000 R14: 00007f8b9e135fa0 R15: 00007fff511bc5b8
[  285.030072][ T8807]  </TASK>
[  286.102439][   T11] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.235253][ T8820] bond0: option resend_igmp: invalid value (7540)
[  286.563129][ T8820] bond0: option resend_igmp: allowed values 0 - 255
[  286.665026][ T5887] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  286.750479][   T11] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.942939][   T11] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.299092][    T9] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  287.337030][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  287.359368][   T11] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.371149][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  287.381256][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  287.668092][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  287.681770][ T5840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  287.691364][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  288.070020][ T8843] FAULT_INJECTION: forcing a failure.
[  288.070020][ T8843] name failslab, interval 1, probability 0, space 0, times 0
[  288.083949][ T8843] CPU: 0 UID: 0 PID: 8843 Comm: syz.0.690 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  288.094224][ T8843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  288.104301][ T8843] Call Trace:
[  288.107591][ T8843]  <TASK>
[  288.110533][ T8843]  dump_stack_lvl+0x241/0x360
[  288.115242][ T8843]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.120465][ T8843]  ? __pfx__printk+0x10/0x10
[  288.125084][ T8843]  ? fs_reclaim_acquire+0x93/0x130
[  288.130220][ T8843]  ? __pfx___might_resched+0x10/0x10
[  288.135563][ T8843]  should_fail_ex+0x3b0/0x4e0
[  288.140232][ T8843]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  288.145937][ T8843]  should_failslab+0xac/0x100
[  288.150601][ T8843]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  288.156304][ T8843]  __kmalloc_noprof+0xd8/0x400
[  288.161055][ T8843]  tomoyo_realpath_from_path+0xcf/0x5e0
[  288.166592][ T8843]  tomoyo_path_number_perm+0x236/0x860
[  288.172039][ T8843]  ? __lock_acquire+0x1397/0x2100
[  288.177050][ T8843]  ? tomoyo_path_number_perm+0x206/0x860
[  288.182673][ T8843]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  288.188684][ T8843]  ? __fget_files+0x2a/0x410
[  288.193266][ T8843]  ? __fget_files+0x2a/0x410
[  288.197843][ T8843]  security_file_ioctl+0xc6/0x2a0
[  288.202877][ T8843]  __se_sys_ioctl+0x46/0x170
[  288.207457][ T8843]  do_syscall_64+0xf3/0x230
[  288.211950][ T8843]  ? clear_bhb_loop+0x35/0x90
[  288.216620][ T8843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.222512][ T8843] RIP: 0033:0x7f73be17e819
[  288.226912][ T8843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.246512][ T8843] RSP: 002b:00007f73bf04a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.254929][ T8843] RAX: ffffffffffffffda RBX: 00007f73be335fa0 RCX: 00007f73be17e819
[  288.262898][ T8843] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000004
[  288.270852][ T8843] RBP: 00007f73bf04a090 R08: 0000000000000000 R09: 0000000000000000
[  288.278823][ T8843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.286792][ T8843] R13: 0000000000000000 R14: 00007f73be335fa0 R15: 00007ffc1e3cbf58
[  288.294768][ T8843]  </TASK>
[  288.359242][ T8843] ERROR: Out of memory at tomoyo_realpath_from_path.
[  288.537045][ T8833] chnl_net:caif_netlink_parms(): no params data found
[  288.736345][   T11] bridge_slave_1: left allmulticast mode
[  288.742012][   T11] bridge_slave_1: left promiscuous mode
[  289.838015][ T5840] Bluetooth: hci2: command tx timeout
[  289.995349][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.042686][   T11] bridge_slave_0: left allmulticast mode
[  290.053335][   T11] bridge_slave_0: left promiscuous mode
[  290.074511][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.514264][ T5887] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  291.668538][ T5887] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 5
[  291.678334][ T5887] usb 6-1: config 0 has no interface number 0
[  291.688614][ T5887] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.724621][ T5887] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.742478][ T5887] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  291.752623][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.781458][ T5887] usb 6-1: config 0 descriptor??
[  291.924218][ T5840] Bluetooth: hci2: command tx timeout
[  291.932791][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  291.962334][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  291.992254][   T11] bond0 (unregistering): Released all slaves
[  292.279524][ T8863] bond0: option resend_igmp: invalid value (7540)
[  292.297019][ T5887] uclogic 0003:256C:006D.0004: No inputs registered, leaving
[  292.304881][ T8863] bond0: option resend_igmp: allowed values 0 - 255
[  292.330207][ T5887] uclogic 0003:256C:006D.0004: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.5-1/input1
[  292.458463][   T29] audit: type=1326 audit(1732322333.838:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.501189][  T971] usb 6-1: USB disconnect, device number 11
[  292.542531][   T29] audit: type=1326 audit(1732322333.838:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.566273][   T29] audit: type=1326 audit(1732322333.838:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.589380][   T29] audit: type=1326 audit(1732322333.838:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.612505][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.620656][ T8833] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.632454][ T8833] bridge_slave_0: entered allmulticast mode
[  292.639758][ T8833] bridge_slave_0: entered promiscuous mode
[  292.646038][   T29] audit: type=1326 audit(1732322333.838:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.671347][   T29] audit: type=1326 audit(1732322333.838:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.708086][   T29] audit: type=1326 audit(1732322333.838:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.743277][   T29] audit: type=1326 audit(1732322333.838:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.804300][   T29] audit: type=1326 audit(1732322333.838:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f73be17d1b0 code=0x7ffc0000
[  292.832384][   T29] audit: type=1326 audit(1732322333.838:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73be17e819 code=0x7ffc0000
[  292.866643][ T8833] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.874885][ T8833] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.882326][ T8833] bridge_slave_1: entered allmulticast mode
[  292.889670][ T8833] bridge_slave_1: entered promiscuous mode
[  292.918663][ T8833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.931173][ T8833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.993795][ T8833] team0: Port device team_slave_0 added
[  293.010363][ T8833] team0: Port device team_slave_1 added
[  293.059780][ T8833] batman_adv: batadv0: Adding interface: batadv_slave_0
[  293.099755][ T8833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.126061][ T8833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  293.256691][ T8833] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.339909][ T8833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.720941][ T8833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.994359][ T5840] Bluetooth: hci2: command tx timeout
[  294.101097][   T11] hsr_slave_0: left promiscuous mode
[  294.134423][   T11] hsr_slave_1: left promiscuous mode
[  294.170903][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  294.194342][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.250977][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  294.274034][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.326592][   T11] veth1_macvtap: left promiscuous mode
[  294.332167][   T11] veth0_macvtap: left promiscuous mode
[  294.353678][   T11] veth1_vlan: left promiscuous mode
[  294.372058][   T11] veth0_vlan: left promiscuous mode
[  295.517417][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  295.529955][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  295.540813][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  295.550113][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  295.615693][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  295.623909][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  296.074393][ T5840] Bluetooth: hci2: command tx timeout
[  296.174730][   T11] team0 (unregistering): Port device team_slave_1 removed
[  296.273191][   T11] team0 (unregistering): Port device team_slave_0 removed
[  296.881846][ T5833] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  297.694941][ T5840] Bluetooth: hci1: command tx timeout
[  297.754524][ T8913] bond0: option resend_igmp: invalid value (7540)
[  297.772477][ T8913] bond0: option resend_igmp: allowed values 0 - 255
[  297.851465][ T8833] hsr_slave_0: entered promiscuous mode
[  297.881287][ T8833] hsr_slave_1: entered promiscuous mode
[  297.896550][ T8833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  297.908482][ T8833] Cannot create hsr debugfs directory
[  297.961817][ T8933] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  297.981244][  T971] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  298.084562][ T5923] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  298.255550][ T5923] usb 1-1: Using ep0 maxpacket: 32
[  298.274940][ T5923] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.331286][ T5923] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13
[  298.362641][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.403125][ T5923] usb 1-1: Product: syz
[  298.410700][ T5923] usb 1-1: Manufacturer: syz
[  298.430969][ T5923] usb 1-1: SerialNumber: syz
[  298.538700][ T5923] usb 1-1: config 0 descriptor??
[  298.586423][ T5923] pvrusb2: Hardware description: Terratec Grabster AV400
[  298.599186][ T5923] pvrusb2: **********
[  298.603212][ T5923] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  298.613426][ T5923] pvrusb2: Important functionality might not be entirely working.
[  298.648365][ T5923] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  298.687504][ T5923] pvrusb2: **********
[  298.688004][ T8939] FAULT_INJECTION: forcing a failure.
[  298.688004][ T8939] name failslab, interval 1, probability 0, space 0, times 0
[  298.705992][ T8939] CPU: 1 UID: 0 PID: 8939 Comm: syz.5.718 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  298.716275][ T8939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  298.726349][ T8939] Call Trace:
[  298.729646][ T8939]  <TASK>
[  298.732604][ T8939]  dump_stack_lvl+0x241/0x360
[  298.737319][ T8939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.742554][ T8939]  ? __pfx__printk+0x10/0x10
[  298.747172][ T8939]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  298.752658][ T8939]  ? __pfx___might_resched+0x10/0x10
[  298.757969][ T8939]  ? lockdep_init_map_type+0xa1/0x910
[  298.763367][ T8939]  should_fail_ex+0x3b0/0x4e0
[  298.768075][ T8939]  should_failslab+0xac/0x100
[  298.772761][ T8939]  ? nft_trans_table_add+0x57/0x400
[  298.777971][ T8939]  __kmalloc_cache_noprof+0x6c/0x2c0
[  298.783274][ T8939]  nft_trans_table_add+0x57/0x400
[  298.788304][ T8939]  nf_tables_newtable+0x1172/0x1e40
[  298.793502][ T8939]  ? __pfx_nf_tables_newtable+0x10/0x10
[  298.799066][ T8939]  ? __nla_parse+0x40/0x60
[  298.799314][ T5833] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  298.803487][ T8939]  nfnetlink_rcv+0x14e3/0x2ab0
[  298.815095][ T8939]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  298.820221][ T8939]  ? netlink_deliver_tap+0x2e/0x1b0
[  298.825604][ T8939]  ? skb_clone+0x240/0x390
[  298.830023][ T8939]  ? __pfx_lock_release+0x10/0x10
[  298.835057][ T8939]  ? netlink_deliver_tap+0x2e/0x1b0
[  298.840262][ T8939]  netlink_unicast+0x7f6/0x990
[  298.845024][ T8939]  ? __pfx_netlink_unicast+0x10/0x10
[  298.850303][ T8939]  ? __virt_addr_valid+0x183/0x530
[  298.855409][ T8939]  ? __check_object_size+0x48e/0x900
[  298.860692][ T8939]  netlink_sendmsg+0x8e4/0xcb0
[  298.865476][ T8939]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.870781][ T8939]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.876062][ T8939]  __sock_sendmsg+0x221/0x270
[  298.880729][ T8939]  ____sys_sendmsg+0x52a/0x7e0
[  298.885485][ T8939]  ? __pfx_____sys_sendmsg+0x10/0x10
[  298.890754][ T8939]  ? __fget_files+0x2a/0x410
[  298.895335][ T8939]  ? __fget_files+0x2a/0x410
[  298.902050][ T8939]  __sys_sendmsg+0x269/0x350
[  298.906642][ T8939]  ? __pfx_lock_release+0x10/0x10
[  298.911668][ T8939]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.916777][ T8939]  ? __pfx_vfs_write+0x10/0x10
[  298.921575][ T8939]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.927906][ T8939]  ? do_syscall_64+0x100/0x230
[  298.932669][ T8939]  ? do_syscall_64+0xb6/0x230
[  298.937347][ T8939]  do_syscall_64+0xf3/0x230
[  298.941853][ T8939]  ? clear_bhb_loop+0x35/0x90
[  298.946541][ T8939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.952527][ T8939] RIP: 0033:0x7f8b9df7e819
[  298.956931][ T8939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.976553][ T8939] RSP: 002b:00007f8b9ed03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.984962][ T8939] RAX: ffffffffffffffda RBX: 00007f8b9e135fa0 RCX: 00007f8b9df7e819
[  298.992942][ T8939] RDX: 0000000000044400 RSI: 00000000200000c0 RDI: 0000000000000003
[  299.000903][ T8939] RBP: 00007f8b9ed03090 R08: 0000000000000000 R09: 0000000000000000
[  299.008951][ T8939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  299.016913][ T8939] R13: 0000000000000000 R14: 00007f8b9e135fa0 R15: 00007fff511bc5b8
[  299.024889][ T8939]  </TASK>
[  299.065833][ T2326] pvrusb2: Invalid write control endpoint
[  299.074541][ T5923] usb 1-1: USB disconnect, device number 24
[  299.262247][ T2326] pvrusb2: Invalid write control endpoint
[  299.270739][ T2326] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  299.444779][ T2326] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  299.454252][ T2326] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  299.464985][ T2326] pvrusb2: Device being rendered inoperable
[  299.467469][ T8949] syz.5.720: attempt to access beyond end of device
[  299.467469][ T8949] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0
[  299.474362][ T2326] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  299.492613][ T2326] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  299.504426][ T2326] pvrusb2: Attached sub-driver cx25840
[  299.510228][ T2326] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  299.520668][ T2326] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  299.525939][ T8952] NILFS (nullb0): couldn't find nilfs on the device
[  299.548134][ T8949] SQUASHFS error: Failed to read block 0x0: -5
[  299.555066][ T8949] unable to read squashfs_super_block
[  299.563563][ T8947] netlink: 132 bytes leftover after parsing attributes in process `syz.1.719'.
[  299.636034][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  299.647284][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.697976][ T8914] chnl_net:caif_netlink_parms(): no params data found
[  299.760711][ T5840] Bluetooth: hci1: command tx timeout
[  299.886452][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  299.910439][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.070824][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  300.144180][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.194583][ T8973] 9pnet_fd: Insufficient options for proto=fd
[  300.861151][ T8978] FAULT_INJECTION: forcing a failure.
[  300.861151][ T8978] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  300.908386][ T8978] CPU: 1 UID: 0 PID: 8978 Comm: syz.1.726 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  300.918683][ T8978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  300.928763][ T8978] Call Trace:
[  300.932055][ T8978]  <TASK>
[  300.934996][ T8978]  dump_stack_lvl+0x241/0x360
[  300.939704][ T8978]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.944935][ T8978]  ? __pfx__printk+0x10/0x10
[  300.949562][ T8978]  should_fail_ex+0x3b0/0x4e0
[  300.954274][ T8978]  prepare_alloc_pages+0x1da/0x5b0
[  300.959502][ T8978]  __alloc_pages_noprof+0x16f/0x710
[  300.964730][ T8978]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  300.970498][ T8978]  alloc_pages_mpol_noprof+0x3e8/0x680
[  300.975995][ T8978]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  300.982005][ T8978]  ? xas_load+0x59b/0x5c0
[  300.986351][ T8978]  folio_alloc_noprof+0x128/0x180
[  300.991382][ T8978]  filemap_alloc_folio_noprof+0xdf/0x500
[  300.997014][ T8978]  ? filemap_get_entry+0x123/0x3b0
[  301.002127][ T8978]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  301.008369][ T8978]  ? do_sync_mmap_readahead+0x3d0/0x970
[  301.013918][ T8978]  ? __pfx_down_read+0x10/0x10
[  301.018687][ T8978]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  301.024587][ T8978]  ? count_memcg_event_mm+0x90/0x420
[  301.029876][ T8978]  __filemap_get_folio+0x446/0xbd0
[  301.034997][ T8978]  filemap_fault+0xd9d/0x1950
[  301.039879][ T8978]  ? __pfx_filemap_fault+0x10/0x10
[  301.045008][ T8978]  ? handle_pte_fault+0x334/0x6820
[  301.050129][ T8978]  ? __pfx_lock_release+0x10/0x10
[  301.055152][ T8978]  ? pte_offset_map_nolock+0x137/0x1f0
[  301.060622][ T8978]  __do_fault+0x135/0x460
[  301.064959][ T8978]  handle_pte_fault+0x1105/0x6820
[  301.069991][ T8978]  ? mark_lock+0x9a/0x360
[  301.074320][ T8978]  ? __pfx_handle_pte_fault+0x10/0x10
[  301.079745][ T8978]  ? mt_find+0x2a9/0x920
[  301.083984][ T8978]  ? __pfx_lock_release+0x10/0x10
[  301.089011][ T8978]  handle_mm_fault+0x1053/0x1ad0
[  301.093963][ T8978]  ? __pfx_handle_mm_fault+0x10/0x10
[  301.099256][ T8978]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  301.105585][ T8978]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  301.110872][ T8978]  exc_page_fault+0x2b9/0x8c0
[  301.115550][ T8978]  asm_exc_page_fault+0x26/0x30
[  301.120403][ T8978] RIP: 0010:rep_stos_alternative+0x40/0x80
[  301.126215][ T8978] Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 2e 0f 1f 84 00 00 00 00 00 90 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
[  301.145819][ T8978] RSP: 0018:ffffc90003a0fc70 EFLAGS: 00050246
[  301.151892][ T8978] RAX: 0000000000000000 RBX: 0000000020002040 RCX: 0000000000000040
[  301.159859][ T8978] RDX: 0000000000000000 RSI: ffffffff8c0ae4e0 RDI: 0000000020003000
[  301.167830][ T8978] RBP: 00007fffffffefff R08: ffffffff901c8d37 R09: 1ffffffff20391a6
[  301.175811][ T8978] R10: dffffc0000000000 R11: fffffbfff20391a7 R12: 0000000000002000
[  301.183775][ T8978] R13: 0000000000001000 R14: 1ffff1100632bb40 R15: 000000007fffd000
[  301.191754][ T8978]  read_zero+0x98/0x1f0
[  301.195930][ T8978]  ? __pfx_read_zero+0x10/0x10
[  301.200693][ T8978]  vfs_read+0x1fc/0xb70
[  301.204853][ T8978]  ? __pfx_vfs_read+0x10/0x10
[  301.209545][ T8978]  ? __fget_files+0x2a/0x410
[  301.214131][ T8978]  ? __fget_files+0x395/0x410
[  301.218797][ T8978]  ? __fget_files+0x2a/0x410
[  301.223415][ T8978]  ksys_read+0x18f/0x2b0
[  301.227755][ T8978]  ? __pfx_ksys_read+0x10/0x10
[  301.232520][ T8978]  ? do_syscall_64+0x100/0x230
[  301.237285][ T8978]  ? do_syscall_64+0xb6/0x230
[  301.241961][ T8978]  do_syscall_64+0xf3/0x230
[  301.246462][ T8978]  ? clear_bhb_loop+0x35/0x90
[  301.251139][ T8978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.257031][ T8978] RIP: 0033:0x7fcb5417e819
[  301.261445][ T8978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.281067][ T8978] RSP: 002b:00007fcb54fbd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  301.289487][ T8978] RAX: ffffffffffffffda RBX: 00007fcb54335fa0 RCX: 00007fcb5417e819
[  301.297461][ T8978] RDX: 00000000ffffff96 RSI: 0000000020000040 RDI: 0000000000000007
[  301.305429][ T8978] RBP: 00007fcb54fbd090 R08: 0000000000000000 R09: 0000000000000000
[  301.313393][ T8978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.321360][ T8978] R13: 0000000000000000 R14: 00007fcb54335fa0 R15: 00007ffe1e922c38
[  301.329391][ T8978]  </TASK>
[  301.433060][ T8969] veth3: entered promiscuous mode
[  301.496033][ T8988] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  301.507674][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  301.531248][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.560913][ T8914] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.568446][ T8914] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.576641][ T8914] bridge_slave_0: entered allmulticast mode
[  301.583803][ T8914] bridge_slave_0: entered promiscuous mode
[  301.606135][ T8914] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.617225][ T8914] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.624790][ T5887] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  301.662720][ T8914] bridge_slave_1: entered allmulticast mode
[  301.671702][ T8914] bridge_slave_1: entered promiscuous mode
[  301.694206][ T8994] IPv6: addrconf: prefix option has invalid lifetime
[  301.713823][ T8992] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  301.776009][ T8914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.807095][ T8914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.824371][ T5833] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  301.842621][ T5840] Bluetooth: hci1: command tx timeout
[  301.909904][ T8833] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  301.917536][  T971] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  301.927645][ T9001] syz.1.732: attempt to access beyond end of device
[  301.927645][ T9001] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  301.941935][ T9001] SQUASHFS error: Failed to read block 0x0: -5
[  301.948391][ T9001] unable to read squashfs_super_block
[  301.987486][ T5833] usb 1-1: Using ep0 maxpacket: 16
[  302.006021][ T8999] NILFS (nullb0): couldn't find nilfs on the device
[  302.034436][ T5833] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.052089][ T8833] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  302.059828][ T5833] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  302.251880][ T8833] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  302.258860][ T5833] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  302.269195][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.279322][ T9004] netlink: 132 bytes leftover after parsing attributes in process `syz.5.731'.
[  302.284205][ T5833] usb 1-1: Product: syz
[  302.297830][ T5833] usb 1-1: Manufacturer: syz
[  302.302212][ T8914] team0: Port device team_slave_0 added
[  302.303607][ T5833] usb 1-1: SerialNumber: syz
[  302.315205][ T8914] team0: Port device team_slave_1 added
[  302.323646][ T8833] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  302.347879][   T11] bridge_slave_1: left allmulticast mode
[  302.357782][   T11] bridge_slave_1: left promiscuous mode
[  302.364516][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.381442][   T11] bridge_slave_0: left allmulticast mode
[  302.387255][   T11] bridge_slave_0: left promiscuous mode
[  302.392989][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.541087][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  302.930356][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  302.948030][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  302.962406][   T11] bond0 (unregistering): Released all slaves
[  303.004770][ T8914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.011766][ T8914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.063982][ T8914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.092360][ T8914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  303.103691][ T8914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.148923][ T8914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.221169][   T11] Xÿ: left promiscuous mode
[  303.354411][ T8914] hsr_slave_0: entered promiscuous mode
[  303.361138][ T8914] hsr_slave_1: entered promiscuous mode
[  303.373092][ T8914] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  303.381913][ T8914] Cannot create hsr debugfs directory
[  303.960091][ T5840] Bluetooth: hci1: command tx timeout
[  304.364951][   T11] ------------[ cut here ]------------
[  304.370906][   T11] Have pending ack frames!
[  304.381434][   T11] WARNING: CPU: 1 PID: 11 at net/mac80211/main.c:1703 ieee80211_free_ack_frame+0x4c/0x60
[  304.391542][   T11] Modules linked in:
[  304.396073][   T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  304.407057][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  304.417350][   T11] Workqueue: netns cleanup_net
[  304.422257][   T11] RIP: 0010:ieee80211_free_ack_frame+0x4c/0x60
[  304.428693][   T11] Code: 00 00 00 e8 46 b1 5b fe 31 c0 5b c3 cc cc cc cc e8 69 cd 70 f6 c6 05 67 db e1 04 01 90 48 c7 c7 60 70 29 8d e8 f5 7b 31 f6 90 <0f> 0b 90 90 eb c9 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90
[  304.448543][   T11] RSP: 0018:ffffc900001077d0 EFLAGS: 00010246
[  304.455088][   T11] RAX: 89f2bba4eb18b700 RBX: ffff888032625140 RCX: ffff88801bee3c00
[  304.463241][   T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  304.471451][   T11] RBP: ffffc900001078d8 R08: ffffffff8155fd62 R09: fffffbfff1cfa898
[  304.479718][   T11] R10: dffffc0000000000 R11: fffffbfff1cfa898 R12: ffffc90000107840
[  304.487942][   T11] R13: dffffc0000000000 R14: ffff88802a1d9530 R15: ffff888077acfcb0
[  304.496137][   T11] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  304.505662][   T11] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  304.512276][   T11] CR2: 00007f8b9df619a0 CR3: 000000007dc38000 CR4: 00000000003526f0
[  304.520897][   T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  304.528950][   T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  304.536994][   T11] Call Trace:
[  304.540295][   T11]  <TASK>
[  304.543241][   T11]  ? __warn+0x168/0x4e0
[  304.547609][   T11]  ? ieee80211_free_ack_frame+0x4c/0x60
[  304.553218][   T11]  ? report_bug+0x2b3/0x500
[  304.557814][   T11]  ? ieee80211_free_ack_frame+0x4c/0x60
[  304.563399][   T11]  ? handle_bug+0x60/0x90
[  304.567788][   T11]  ? exc_invalid_op+0x1a/0x50
[  304.572491][   T11]  ? asm_exc_invalid_op+0x1a/0x20
[  304.577647][   T11]  ? __warn_printk+0x292/0x360
[  304.582442][   T11]  ? ieee80211_free_ack_frame+0x4c/0x60
[  304.588045][   T11]  idr_for_each+0x1e2/0x2d0
[  304.592597][   T11]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  304.598526][ T5817] syz-executor (5817) used greatest stack depth: 18768 bytes left
[  304.599067][   T11]  ? __pfx_idr_for_each+0x10/0x10
[  304.612186][   T11]  ? kobject_put+0x272/0x480
[  304.614718][ T8833] 8021q: adding VLAN 0 to HW filter on device bond0
[  304.616839][   T11]  ? kfree+0x1a0/0x440
[  304.627550][   T11]  ? kobject_put+0x272/0x480
[  304.632188][   T11]  ieee80211_free_hw+0xd0/0x480
[  304.637290][   T11]  mac80211_hwsim_del_radio+0x32b/0x4c0
[  304.642877][   T11]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  304.649018][   T11]  hwsim_exit_net+0x5c1/0x670
[  304.653727][   T11]  ? __pfx_hwsim_exit_net+0x10/0x10
[  304.659014][   T11]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  304.664911][   T11]  cleanup_net+0x802/0xcc0
[  304.669365][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  304.674364][   T11]  ? process_scheduled_works+0x976/0x1850
[  304.680115][   T11]  process_scheduled_works+0xa63/0x1850
[  304.685791][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[  304.691814][   T11]  ? assign_work+0x364/0x3d0
[  304.696571][   T11]  worker_thread+0x870/0xd30
[  304.701621][   T11]  ? __kthread_parkme+0x169/0x1d0
[  304.707135][   T11]  ? __pfx_worker_thread+0x10/0x10
[  304.712282][   T11]  kthread+0x2f0/0x390
[  304.716409][   T11]  ? __pfx_worker_thread+0x10/0x10
[  304.721551][   T11]  ? __pfx_kthread+0x10/0x10
[  304.726292][   T11]  ret_from_fork+0x4b/0x80
[  304.730729][   T11]  ? __pfx_kthread+0x10/0x10
[  304.735410][   T11]  ret_from_fork_asm+0x1a/0x30
[  304.740221][   T11]  </TASK>
[  304.743262][   T11] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  304.750562][   T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[  304.760899][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  304.770990][   T11] Workqueue: netns cleanup_net
[  304.775777][   T11] Call Trace:
[  304.779055][   T11]  <TASK>
[  304.781986][   T11]  dump_stack_lvl+0x241/0x360
[  304.786670][   T11]  ? __pfx_dump_stack_lvl+0x10/0x10
[  304.791874][   T11]  ? __pfx__printk+0x10/0x10
[  304.796462][   T11]  ? _printk+0xd5/0x120
[  304.800616][   T11]  ? __init_begin+0x41000/0x41000
[  304.805645][   T11]  ? vscnprintf+0x5d/0x90
[  304.809977][   T11]  panic+0x349/0x880
[  304.813872][   T11]  ? __warn+0x177/0x4e0
[  304.818027][   T11]  ? __pfx_panic+0x10/0x10
[  304.822453][   T11]  ? show_trace_log_lvl+0x3b2/0x410
[  304.827658][   T11]  ? ret_from_fork_asm+0x1a/0x30
[  304.832600][   T11]  __warn+0x34b/0x4e0
[  304.836582][   T11]  ? ieee80211_free_ack_frame+0x4c/0x60
[  304.842131][   T11]  report_bug+0x2b3/0x500
[  304.846457][   T11]  ? ieee80211_free_ack_frame+0x4c/0x60
[  304.852002][   T11]  handle_bug+0x60/0x90
[  304.856155][   T11]  exc_invalid_op+0x1a/0x50
[  304.860660][   T11]  asm_exc_invalid_op+0x1a/0x20
[  304.865512][   T11] RIP: 0010:ieee80211_free_ack_frame+0x4c/0x60
[  304.871665][   T11] Code: 00 00 00 e8 46 b1 5b fe 31 c0 5b c3 cc cc cc cc e8 69 cd 70 f6 c6 05 67 db e1 04 01 90 48 c7 c7 60 70 29 8d e8 f5 7b 31 f6 90 <0f> 0b 90 90 eb c9 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90
[  304.891272][   T11] RSP: 0018:ffffc900001077d0 EFLAGS: 00010246
[  304.897347][   T11] RAX: 89f2bba4eb18b700 RBX: ffff888032625140 RCX: ffff88801bee3c00
[  304.905317][   T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  304.913282][   T11] RBP: ffffc900001078d8 R08: ffffffff8155fd62 R09: fffffbfff1cfa898
[  304.921255][   T11] R10: dffffc0000000000 R11: fffffbfff1cfa898 R12: ffffc90000107840
[  304.929224][   T11] R13: dffffc0000000000 R14: ffff88802a1d9530 R15: ffff888077acfcb0
[  304.937223][   T11]  ? __warn_printk+0x292/0x360
[  304.942011][   T11]  idr_for_each+0x1e2/0x2d0
[  304.946526][   T11]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  304.952597][   T11]  ? __pfx_idr_for_each+0x10/0x10
[  304.957620][   T11]  ? kobject_put+0x272/0x480
[  304.962209][   T11]  ? kfree+0x1a0/0x440
[  304.966281][   T11]  ? kobject_put+0x272/0x480
[  304.970872][   T11]  ieee80211_free_hw+0xd0/0x480
[  304.975730][   T11]  mac80211_hwsim_del_radio+0x32b/0x4c0
[  304.981277][   T11]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  304.987346][   T11]  hwsim_exit_net+0x5c1/0x670
[  304.992030][   T11]  ? __pfx_hwsim_exit_net+0x10/0x10
[  304.997229][   T11]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  305.003032][   T11]  cleanup_net+0x802/0xcc0
[  305.007451][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  305.012391][   T11]  ? process_scheduled_works+0x976/0x1850
[  305.018112][   T11]  process_scheduled_works+0xa63/0x1850
[  305.023675][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[  305.029661][   T11]  ? assign_work+0x364/0x3d0
[  305.034258][   T11]  worker_thread+0x870/0xd30
[  305.038856][   T11]  ? __kthread_parkme+0x169/0x1d0
[  305.043893][   T11]  ? __pfx_worker_thread+0x10/0x10
[  305.049004][   T11]  kthread+0x2f0/0x390
[  305.053072][   T11]  ? __pfx_worker_thread+0x10/0x10
[  305.058184][   T11]  ? __pfx_kthread+0x10/0x10
[  305.062766][   T11]  ret_from_fork+0x4b/0x80
[  305.067183][   T11]  ? __pfx_kthread+0x10/0x10
[  305.071771][   T11]  ret_from_fork_asm+0x1a/0x30
[  305.076548][   T11]  </TASK>
[  305.079823][   T11] Kernel Offset: disabled
[  305.084211][   T11] Rebooting in 86400 seconds..