last executing test programs:

2m18.959874365s ago: executing program 0 (id=168):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x46, 0x0, &(0x7f00000000c0))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000000908000140000000090900020073797a3200000000140007001100010000000400000000000200000a"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={&(0x7f00000001c0)='./file0\x00', 0x0, 0x10, r3}, 0x14)
r4 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
sendmmsg$inet(r4, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x74, 0x0}}], 0x68000, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7fffffffffffffff, 0xc0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c)
sendmsg(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="33e28092c5ec1d88d05e0a6f2ce709c63de1ab461557270000fc494605c77dc874d0734eed79ecd2e373cf63d3a4e9a461877edf08af5c6c56be907e383f7a1cce50acae1ed1944d1e00f576d2365e27c059eaceee4e56e1f161effd91efedde230512ce932b03ea7ccfb1442c3d8c8954f4b9cdc4bc9dc1f14af9e5b22f9ba40774572c6992ca3e89d70fc2ab813333d71fbea6b7a7b60004285435319ebbae2cc5f343756ed4c9eb88760294047270864a6921876a953daf8b1e8dfa14c0626ce6597cd21a38b8b115ea15c3d63f4119868d4b3948cfcda7f069a9ccb0bbaa4854f0dc1092e6f0b16873951b1e521e1ce63614fc34a7cc07f154261ec71cd457229a5897a9815f7641bdf50b05aa1d5d1a8449f02cfaaeab93fe13c3d9506d0b6601af66ef870fb98b97b7b9d1c3c2790c21dbf6f7ebd3b0a85faa3288257ab2ae248865498bf0b7f23e12cfa7a3137a9903f866eb874415cf20253e94ddfb1533827d155800411faf", 0x16a}, {&(0x7f0000001600)="c9fbe0378bef0a6749d715b5c3e27d03e68c83579553d3bd9cc08edbae86d2f95e95a3fa8ab031e21b5a47e4205c87eefc819e6ea7bd0f6772e957f739339398cd07aeb0522339dde07af5b6ee6b94221ca3494c29be340810d421808f27877885583a2c80d4331aca54533ad84a0ccc5fa28956504f2eafc0f098f878ae3caf30b7981d5e778aaa197d235aa31c4c77fdf0e1c0d31fc7c43969830f82c4b5631e47df6b9a9f59a57e0e7bd1f9e4fcdb4150f713fb9e3530650b43a92853d1e3334fe72113d518a558343615ba8d3412bda82b725855e14c29f7ed81e1cbb76f9684cc6b7fcdc2808119a0f8328b0c5d0e996e50e95605724abb1c635b0bf633f4bcca6213fef03260e56321e3270f322eb13b8ab70c726cbce78c93e4c87d7d7b363542b1b4eb90242ae9459775aa7c045233df9912fc47d6793f40bb5543b537ed6b79e0091e3c069644ce8d6ea00125815fae3c25f4d5c847e76c0c697d7df260ba36e6917f75ccd289070477665e64ac3e00c93228b72763f28104defab475f03841980110b23d02a3d1b74d25c8f2e1c8dfd9243e0bb7a583f091f829329f045f2fc0c40bb4a5205b071d4b6959663c6bfc1f04b23db627ac9fc792cd3355dbbc031d56107ea3379209a49abf03a8347fce6d48cf1968b64558e30210b02214cd0728c6743b89bd4cc2f1d1424fcedd95fa700751a4ff438469fd9e6f3a47200f3fbbde74bdbbeabfb6f96e32366d85a8e6bb6d576687634daac56c9619e4bbeea7606f223d3976c4bea9a07406b037cef4d06cc9e447dc06901c91145aeb9b9726cbf808d253cb01e0806f21d82b928173be2f5bbed1a97e725b17d1d1bd19c14935abd242ca6501c4282f5f1a3e813c68bdb88add0b6fcc14b8355a81b9ac915e5d51212438c5d2993f26456c9ecde871752c99ddbaecb3f6f5f02a0542e898b64a6d475aae01f2aca6c6013907c085ef56483c910cdf4cdcdb516533aeb97644462cd012e0407dfdeff5428e23edd335b1590641353c54f0802f45d880cb8f22ebbac0cc094a771877aac6491aa62350ccde2993826928e6614b76c15e4aae8ede6de392f4f6567f0833ced4458bca37928cc2a70ca20cd38c11138b6ba39a6374ef7f150eb2d5a500a6b9c010d13dcf7318deb8c106e2448c6b21f62051300080dcc9d87db52cefe722035f1508fff231c22bfc8f1d2e14de70a281be8eb3649ace61896f0c33357fcd838db94aaca611b228f76cb4ab983ad3ab636c7260d57bba0061574bb0876afbeb916e252572687b8d28ba7c945f07e0286bedfd7c259769016225a158bf607dd62e11c83bc686a7ab2903ddd64d4e2c44f39ac1f76b80d6be086396e7515441afcadfecb940776ee4f776d3c294dce9aab77e5c2f6c36c20b4343d80d0c3da5f838b948aa684729c578718d3a0811a1dd654e7ad5e414d892ceb3dd704632caa4dcfdc947ce9391ab9abaa0951d12d56623b0028fe78da20a65df9eabb16e4b14bbbfea7108ab4308e7cb540ab8a810cebbf0d3b64ba108d281c91b011f2a8e565c4b802448bad1a57fe6e74fd3278211a70f0767746ed1f234e8edbcb6f8a215e66849a7f10d1533ef626e31725439afd95c9b3a673041459e473d5ddbcc187f55d72d054bf16a714ee0f4bb5d14cf29b853fd6f703b54f227d20ca414b3d6314e9448d211707158ea758e04a2fe7dad468374d62ab4240bb3c9782faa9f87aec26876714b169198931cbd486c01bb2156488467cda498d0a0c62ff6cf03fc68aa3b8051fff5d68e8374796439e9cf12dae426d3692c2d50699eae00ba4b9797fe5295740d8efb64a48bda389e841254638a118337404194e440a2338e2ce0b32395874e0d5cc36c0f1231426d82636e5a7182f82ea545bf7cd5d19ff42a1e8b90193a82452a0eec6575bf7181275d5c2ba2d74a5bda47934d8c89f3225f38959c12b3a2cae85e5108439bc262b69f5bd5f73a86776525f4ecb1685175ffc05aa5faadcc3be80d0b1d1bfc34ffc2ee1cde6bdf00"/1456, 0x5b0}], 0x2, 0x0, 0x0, 0x2c}, 0x40440c4)

2m18.744097154s ago: executing program 0 (id=171):
syz_emit_ethernet(0xf2, &(0x7f0000000080)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0xbc, 0x2f, 0x0, @remote, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x880b, 0x0, 0xfffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [0x8001]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "bb4669f89369a55d82505050e7a75c6b6146954326ee3046f0446889113c23355fb7912403278dd393c7e8dfff2b08ab7bc9b2a3d0e5563e59b36885472640716ee5b645b11ae093e08ea3abc109fcafebeb505b233f7c5a26db175160b7cb19822a2098bec6aa00"/118}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0xfffd}}}}}}}}}, 0x0)
r0 = open(&(0x7f00000001c0)='./file2\x00', 0x86442, 0x0)
io_setup(0x2, &(0x7f0000000400)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, 0x0, 0x0, 0x401}])
openat$misdntimer(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000180), 0x416800, 0x0)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r2, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt(r3, 0xa6, 0xd, 0x0, 0x0)
eventfd2(0x9, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x10)
eventfd2(0x89b, 0x80801)
read$FUSE(0xffffffffffffffff, &(0x7f0000004d80)={0x2020}, 0x5bb5)

2m18.032764674s ago: executing program 0 (id=172):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_OPER(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x20, r5, 0x1, 0x0, 0x25dfdbfd, {{0x8}, {@void, @val={0xc, 0x99, {0x1, 0x1}}}}}, 0x20}}, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount(&(0x7f0000000140)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
clock_gettime(0x0, &(0x7f00000000c0))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f00000009c0)={0x17df000000000000, 0x0, r8})
unshare(0x40020000)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x3c}, 0x1, 0x620b}, 0x0)

2m16.961250769s ago: executing program 0 (id=176):
syz_io_uring_setup(0x277, &(0x7f0000000480)={0x0, 0x37a9, 0x4, 0x1}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001000000", @ANYRES32, @ANYBLOB="0010000000000000001f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = syz_io_uring_setup(0x1ed3, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x5, 0x279}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x9, 0x7, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = dup(r4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000540))
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_io_uring_setup(0x1327, &(0x7f0000000300)={0x0, 0x7303, 0x10100, 0x0, 0x2}, &(0x7f0000000180)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r9, 0x2def, 0x4000, 0x0, 0x0, 0x0)
recvmsg$unix(r7, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2000)
shutdown(r8, 0x1)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r12 = landlock_create_ruleset(&(0x7f0000000080)={0x8040}, 0x18, 0x0)
landlock_restrict_self(r12, 0x6)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="6800000098af5214a841c41c6078f7ffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000400012800c0001006d6163766c616e00300002801c0005800a000400aaaaaaaaaaaa000003000400aaaaaaaaaaaa00000800030003000000080001001000000008000500", @ANYRES32=r6, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
r13 = dup(r8)
write$6lowpan_enable(r13, &(0x7f0000000000)='0', 0x1)
r14 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r15 = dup(r14)
write$UHID_INPUT(r15, &(0x7f0000002300)={0x7, {"a2e3ad214fc752f91b4809094bf70e0dd038e7ff7fc6e5539b326d078b089b3b083872090890e0878f0e1ac6e7049b3d68959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b08320d075d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb1d17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202e928f28381aab144a5d429a04a6a2b83c7076600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e988037b2ed050000000000000046684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2e7faa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5399e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a74cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df2928924486cfff799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e74322f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2a9702b4230f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df11fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fffffff7f00000000758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x10af}}, 0x1006)

2m16.548434229s ago: executing program 0 (id=177):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})

2m16.491292721s ago: executing program 0 (id=178):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
capset(0x0, &(0x7f0000000140))
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040)="4dc07f9471633078", 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
r7 = io_uring_setup(0x25f5, &(0x7f00000000c0)={0x0, 0xc63b, 0x0, 0x0, 0x1})
io_uring_register$IORING_REGISTER_CLOCK(r7, 0x1d, &(0x7f0000000040)={0x7}, 0x0)
io_uring_enter(r7, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)
r8 = dup(r6)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)}}], 0x1, 0x0)

2m1.406791789s ago: executing program 32 (id=178):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
capset(0x0, &(0x7f0000000140))
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000040)="4dc07f9471633078", 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
r7 = io_uring_setup(0x25f5, &(0x7f00000000c0)={0x0, 0xc63b, 0x0, 0x0, 0x1})
io_uring_register$IORING_REGISTER_CLOCK(r7, 0x1d, &(0x7f0000000040)={0x7}, 0x0)
io_uring_enter(r7, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)
r8 = dup(r6)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)}}], 0x1, 0x0)

1m55.714911429s ago: executing program 4 (id=252):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000340)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0xc0b45545, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000e734a5e703f57f050000000000000000000000000000000000bdc77b9a193cc33fcf721d1e3a352b9606b69f860f42107bcfce000000000000"], 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x1}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044004}, 0x40000)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r6, &(0x7f00000023c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r6, &(0x7f0000000140)={0x78, 0x0, r7, {0x7, 0xf, 0x0, {0x0, 0x4, 0x8000, 0x6, 0x20000000000000, 0x3, 0x9, 0xaf59, 0x4, 0x6000, 0x6, 0x0, 0x0, 0x0, 0x19de}}}, 0x78)

1m54.732441958s ago: executing program 1 (id=278):
syz_emit_ethernet(0xe, &(0x7f0000002d40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@generic={0x6000}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
prctl$PR_SET_PDEATHSIG(0x1, 0x41)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_bond\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0xfff0bdc4, 0x4100, 0xb, 0x2d8aa1a0, 0x1, 0x800000000000003, 0x800000000006, 0x0, 0x100, 0x3, 0x4, 0x7, 0x0, 0x8000, 0x5, 0x0, 0x0, 0x1, 0x9, 0x7fff, 0x7, 0x6, 0x3, 0x0, 0x4e})

1m54.729596374s ago: executing program 4 (id=279):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_OPER(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x20, r5, 0x1, 0x0, 0x25dfdbfd, {{0x8}, {@void, @val={0xc, 0x99, {0x1, 0x1}}}}}, 0x20}}, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount(&(0x7f0000000140)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
clock_gettime(0x0, &(0x7f00000000c0))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[0x0, <r9=>0x0], 0x0, 0x0, 0x2, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f00000009c0)={0x17df000000000000, r9, r8})
unshare(0x40020000)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x3c}, 0x1, 0x620b}, 0x0)

1m54.259300462s ago: executing program 4 (id=281):
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1ff, 0x20000)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000000)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x10040, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
dup2(r0, 0xffffffffffffffff)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x7}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

1m54.182652029s ago: executing program 33 (id=281):
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1ff, 0x20000)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000000)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x10040, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
dup2(r0, 0xffffffffffffffff)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x7}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

1m53.884576148s ago: executing program 1 (id=283):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000280)={<r2=>0x0, 0xa6d}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000003c0)={0xb4, 0x8, 0x5, 0x6, r2}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000140)={0x7, 'rose0\x00', {0x800}, 0xffff})
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000340), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r5, @ANYBLOB="010028bd70000000000003000000"], 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000680), r1)
r7 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_START_POLL(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)=ANY=[@ANYBLOB="ae15b2b8000000000000000093000000000000", @ANYRES16=r10, @ANYBLOB="010023010000340200000600000008000100", @ANYRES32=r8, @ANYBLOB="08000300ffffffff"], 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r10, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r4, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r6, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

1m53.663237164s ago: executing program 1 (id=285):
r0 = syz_open_dev$radio(&(0x7f0000000940), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x98f904, 0x0, @name="b2a3aecfe98b60d96aa6cabd6b02abe50ee295085444d07526162235c558749e"}) (fail_nth: 3)

1m53.590648804s ago: executing program 1 (id=286):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000340)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0xc0b45545, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000e734a5e703f57f050000000000000000000000000000000000bdc77b9a193cc33fcf721d1e3a352b9606b69f860f42107bcfce000000000000"], 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x1}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044004}, 0x40000)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r6, &(0x7f00000023c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r6, &(0x7f0000000140)={0x78, 0x0, r7, {0x7, 0xf, 0x0, {0x0, 0x4, 0x8000, 0x6, 0x20000000000000, 0x3, 0x9, 0xaf59, 0x4, 0x6000, 0x6, 0x0, 0x0, 0x0, 0x19de}}}, 0x78)

1m52.324366746s ago: executing program 1 (id=289):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) (async)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f0000002080)=0x3a, 0x23b)
fstat(r1, &(0x7f0000006680))
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0) (async)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7ffffffe}]})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)="3109bdac5921677608", 0x1}], 0x49, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2]) (async)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000180)=0x6) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))

1m51.719501106s ago: executing program 1 (id=291):
syz_emit_ethernet(0xe, &(0x7f0000002d40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@generic={0x6000}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
prctl$PR_SET_PDEATHSIG(0x1, 0x41)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_bond\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0xfff0bdc4, 0x4100, 0xb, 0x2d8aa1a0, 0x1, 0x800000000000003, 0x800000000006, 0x0, 0x100, 0x3, 0x4, 0x7, 0x0, 0x8000, 0x5, 0x0, 0x0, 0x1, 0x9, 0x7fff, 0x7, 0x6, 0x3, 0x0, 0x4e})

1m51.163677681s ago: executing program 34 (id=291):
syz_emit_ethernet(0xe, &(0x7f0000002d40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local, @void, {@generic={0x6000}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
prctl$PR_SET_PDEATHSIG(0x1, 0x41)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth0_to_bond\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0xfff0bdc4, 0x4100, 0xb, 0x2d8aa1a0, 0x1, 0x800000000000003, 0x800000000006, 0x0, 0x100, 0x3, 0x4, 0x7, 0x0, 0x8000, 0x5, 0x0, 0x0, 0x1, 0x9, 0x7fff, 0x7, 0x6, 0x3, 0x0, 0x4e})

1m48.395894466s ago: executing program 3 (id=298):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x208400, 0x88)
write$FUSE_IOCTL(r0, &(0x7f0000000100)={0x20}, 0xfdef)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, &(0x7f0000000000)={0x18, 0x7, 0x6, 0x0, 0x7, 0x400000}, 0x0, 0x0, 0x0) (async)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, &(0x7f0000000000)={0x18, 0x7, 0x6, 0x0, 0x7, 0x400000}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000240)={0x2020}, 0xffa6) (async)
read$FUSE(r0, &(0x7f0000000240)={0x2020}, 0xffa6)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x2, 0x18}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m48.280236467s ago: executing program 3 (id=299):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000200)=0x40000003, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x4, {0x2}, 0xfe}, 0x18)
syz_genetlink_get_family_id$tipc2(0x0, r1)
add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000380)="d4ae549e61c39707f7807a4d00034a942c59cb80c0c58a852a99695ae1295232f42d3dd221a9d79fc831900f4158777c1fa707194afa03aa49c06e1116ae3b11d099e3e62e66bd64c66d773e5d8e96f5a694890178bc418948919d2abb1a823874e24a51632fb6054bda15b3d594fe8739ae1400d9ea7e2a08b033b2f964f8b0d05266ad46c4a88ea1fa74dbc6dbbdc843b2fbefb9f573616d9523973249ec3ffa2cca69d48ce72ce8e97cde9b14d2fd33909fe05c0301cd59bc4daa", 0xbc, 0xfffffffffffffffd)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5, {0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[], 0x14}}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0x0, 0x1, 0x2, 0x3, 0x3, 0x800000000000003, 0xfffffffffffffe00, 0x10, 0x3ff, 0x3, 0xffffffffffffffff, 0x9, 0x5, 0xfffffffffffffff7, 0x3], 0xf000, 0x2000})
syz_usb_connect(0x4, 0x36, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000040)='\f\x00', 0x2, 0x0, 0x0, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000a80)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23d, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x4, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x960, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x3, 0x1010001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9388, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
syz_open_dev$MSR(&(0x7f0000000080), 0x16f8, 0x0)
readlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)=""/59, 0x3b)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r7, &(0x7f0000000b80)=[{{&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x6008004)
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x2)
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x1)
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0xb6, 0x0, 0x9})
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$UI_DEV_CREATE(r6, 0x5501)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1m46.644194173s ago: executing program 3 (id=302):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000006580)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {}, {0x10, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_POLICE={0x40, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0xfffffff3, 0x20000000, 0x10000, 0xfffffeff, 0xc, {0x2, 0x1, 0x8, 0x81, 0x1000, 0xfffff90d}, {0x4, 0x1, 0x101, 0x0, 0x1, 0x1}, 0xfffffff9, 0x1}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x1000}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x7, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xc00, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4, 0x0, 0x3f00}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

1m46.494253632s ago: executing program 3 (id=303):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000340)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0xc0b45545, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000e734a5e703f57f050000000000000000000000000000000000bdc77b9a193cc33fcf721d1e3a352b9606b69f860f42107bcfce000000000000"], 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x1}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044004}, 0x40000)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r6, &(0x7f00000023c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r6, &(0x7f0000000140)={0x78, 0x0, r7, {0x7, 0xf, 0x0, {0x0, 0x4, 0x8000, 0x6, 0x20000000000000, 0x3, 0x9, 0xaf59, 0x4, 0x6000, 0x6, 0x0, 0x0, 0x0, 0x19de}}}, 0x78)

1m45.403359453s ago: executing program 3 (id=305):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
write$binfmt_misc(r1, 0x0, 0x0)

1m44.209375394s ago: executing program 3 (id=308):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x1000}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r1, 0x4000db4, 0x0, 0x20, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r4, &(0x7f0000000180), 0x8)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r5, &(0x7f00000000c0)=[{0x22, 0x0, 0x0, 0x0, @time={0x8000, 0x7}, {0xfe}, {}, @raw8={"327db9d037647b6facc54682"}}], 0x1c)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002c80), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x20024090)
r7 = socket(0x8000000010, 0x2, 0x0)
write(r7, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000002481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)

1m44.026641948s ago: executing program 35 (id=308):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x1000}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r1, 0x4000db4, 0x0, 0x20, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r4, &(0x7f0000000180), 0x8)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r5, &(0x7f00000000c0)=[{0x22, 0x0, 0x0, 0x0, @time={0x8000, 0x7}, {0xfe}, {}, @raw8={"327db9d037647b6facc54682"}}], 0x1c)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002c80), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x20024090)
r7 = socket(0x8000000010, 0x2, 0x0)
write(r7, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000002481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)

1m17.837378212s ago: executing program 2 (id=408):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x34, &(0x7f0000000280)={&(0x7f0000000140)={0x34, r1, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0xfffff076}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000c5}, 0x2404c080)

1m17.571342115s ago: executing program 2 (id=409):
close(0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x42, 0x2}, 0x2}}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f071, 0x19})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
syz_io_uring_setup(0x48b, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1003, 0x2d3}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0xf7ffffff})
ppoll(&(0x7f0000000100)=[{r3, 0x4400}], 0x1, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)

1m16.556583857s ago: executing program 2 (id=410):
close(0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x42, 0x2}, 0x2}}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f071, 0x19})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
syz_io_uring_setup(0x48b, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1003, 0x2d3}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0xf7ffffff})
ppoll(&(0x7f0000000100)=[{r3, 0x4400}], 0x1, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)

1m15.36954638s ago: executing program 2 (id=418):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0)
umount2(&(0x7f0000000340)='./file0/file0\x00', 0x8)
r1 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_G_AUDIO(r1, 0x80345621, &(0x7f0000000000))
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write(r0, &(0x7f00000002c0)="23000000010006", 0x7)
r2 = eventfd(0xffff8001)
readv(r2, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/42, 0x2a}], 0x1)

1m15.273717567s ago: executing program 2 (id=420):
mlockall(0x6)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x300})

1m15.009127891s ago: executing program 2 (id=422):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000280)={0x787, {{0xa, 0x4e24, 0xdfda, @mcast1, 0x1e}}}, 0x84)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x214, 0x90, 0x11, 0x148, 0x90, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@ip={@remote, @rand_addr=0x64010100, 0xff, 0xff000000, 'veth1_to_bond\x00', 'wlan0\x00', {}, {}, 0x88, 0x2}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@unspec=@connmark={{0x2c}, {0x8, 0xfffffff7}}, @common=@addrtype={{0x2c}, {0xd29, 0x328, 0x1, 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x5, 0xc}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x270)

1m14.746863143s ago: executing program 36 (id=422):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000280)={0x787, {{0xa, 0x4e24, 0xdfda, @mcast1, 0x1e}}}, 0x84)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x214, 0x90, 0x11, 0x148, 0x90, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@ip={@remote, @rand_addr=0x64010100, 0xff, 0xff000000, 'veth1_to_bond\x00', 'wlan0\x00', {}, {}, 0x88, 0x2}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@unspec=@connmark={{0x2c}, {0x8, 0xfffffff7}}, @common=@addrtype={{0x2c}, {0xd29, 0x328, 0x1, 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x5, 0xc}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x270)

50.873221892s ago: executing program 6 (id=495):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
futex_waitv(&(0x7f0000001b00)=[{0xffb, 0x0, 0xa}], 0x1, 0x0, 0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x20}, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x11}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d800010000000000000000000000008"], 0x80}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000002060102000000000000000000000000040007800500010006000000050005000a00000000686173683a6970740000000009000200"], 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000680)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3, 0xfffffffe}}, @const={0x1, 0x0, 0x0, 0xa, 0x5}, @union={0x0, 0x7, 0x0, 0x9, 0x0, 0x2, [{0xf, 0x3, 0x81}, {0x0, 0x3, 0x7}, {0x6, 0x4, 0x8}, {0x4, 0x5, 0x5}, {0xa, 0x3, 0x43}, {0x3, 0x2, 0x240}, {0xf, 0x3, 0x10}]}]}}, 0x0, 0x9e}, 0x28)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095a2b1698fb4e1c0c8d3e6fcdca0ee2243c6753e90e8eddc4eea313a7210fa5ab42a07a6e03a1d893b43"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

49.520760956s ago: executing program 6 (id=500):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x3f, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

47.927836638s ago: executing program 6 (id=503):
close(0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x42, 0x2}, 0x2}}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f071, 0x19})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_setup(0x48b, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1003, 0x2d3}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0xf7ffffff})
ppoll(&(0x7f0000000100)=[{r3, 0x4400}], 0x1, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)

46.853882231s ago: executing program 6 (id=506):
r0 = socket$inet(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x8}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={&(0x7f0000000000)="0ef8b553dabc02dc665a002f229a046450f3bc097906af34805b54e4f4d76e5a368c8c61f338aa2ebf0b82", &(0x7f0000000140)=""/53, &(0x7f0000000180)="961d3d68ce3ee9184fc658eb1385", &(0x7f00000001c0)="2c49fdcd0ba2755c5f469a3f8f89cf8e", 0xbb, r1}, 0x38)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2065091, 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x81000, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000540)={@random="a94fdfd02d25", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0x2, 0x70, 0x67, 0x0, 0x6, 0x1, 0x0, @remote, @remote}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x5, 0x3e, {0x15, 0x4, 0x2, 0xe, 0xff31, 0x68, 0x8b, 0xff, 0x6, 0xfff, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0xc, 0xaa, 0x0, 0x3, [0xb, 0x7fff]}, @timestamp={0x44, 0x14, 0xae, 0x0, 0x4, [0x9c4d, 0x2000000d, 0xe, 0x0]}, @rr={0x7, 0x13, 0x95, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x14}]}, @cipso={0x86, 0x6}, @timestamp_addr={0x44, 0x4, 0xd9, 0x1, 0x2}]}}}}}}}, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast2, @loopback, 0x0, 0x1, [@multicast1]}, 0x14)

46.777675606s ago: executing program 6 (id=507):
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
write$P9_RUNLINKAT(r1, &(0x7f0000000000)={0x7, 0x4d, 0x1}, 0x7)
tee(r0, r2, 0x3, 0x1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=""/4096, 0x1000)
setsockopt$inet_opts(r3, 0x0, 0x1e, &(0x7f0000000140)="02", 0x1)

46.193453657s ago: executing program 6 (id=512):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x7, [@volatile={0x10, 0x0, 0x0, 0x9, 0x1}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x5}, @float={0x9, 0x0, 0x0, 0x10, 0x10}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x3a, 0x0, 0x24, 0x5}]}, {0x0, [0x0, 0x0, 0x61, 0x30, 0x0]}}, &(0x7f0000000140)=""/10, 0x6b, 0xa, 0x0, 0x6}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1f, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

46.061387034s ago: executing program 37 (id=512):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x7, [@volatile={0x10, 0x0, 0x0, 0x9, 0x1}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x5}, @float={0x9, 0x0, 0x0, 0x10, 0x10}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x3a, 0x0, 0x24, 0x5}]}, {0x0, [0x0, 0x0, 0x61, 0x30, 0x0]}}, &(0x7f0000000140)=""/10, 0x6b, 0xa, 0x0, 0x6}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1f, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.452072225s ago: executing program 7 (id=791):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0900000004000000080000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)

4.383624474s ago: executing program 7 (id=792):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
setrlimit(0xc, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0x400}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffeffffffffff}, {0x0, 0x0, 0x40000000000000, 0x9}}, [@tmpl={0x44, 0x5, [{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x3c}, 0x2, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x4, 0x0, 0x1}]}]}, 0xfc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0)

3.451483956s ago: executing program 7 (id=798):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001380)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

2.692495947s ago: executing program 7 (id=801):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000600))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000002380)=""/4101, 0xeeee8000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

2.342013212s ago: executing program 5 (id=812):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fff7", @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40004801}, 0x24004880)
socket$inet_mptcp(0x2, 0x1, 0x106)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
landlock_create_ruleset(&(0x7f00000001c0)={0x1407, 0x3, 0x1}, 0x14, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(sha3-224-generic,ctr-blowfish-asm)\x00'}, 0x58)
close(0xffffffffffffffff)
socket$tipc(0x1e, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xf}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)

1.871681997s ago: executing program 5 (id=815):
r0 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x1f, 0x7, 0x0})

1.871500284s ago: executing program 5 (id=816):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000005000000000000004b64ffec8500000050000000850000000e"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

1.840909715s ago: executing program 5 (id=817):
socket$nl_netfilter(0x10, 0x3, 0xc)
creat(0x0, 0xecf86c37d53049cc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0x4, 0x0, 0x0, 0x0, 0xb201fffe)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r0, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r2, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffe, 0x4}, {}, {}, @result={0x1f00}}], 0x1c)

1.77192136s ago: executing program 7 (id=818):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x6c5602, 0x0)
fchdir(r0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4}, {0x0, [0x0, 0x5f]}}, 0x0, 0x1c}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r5, 0x0, r7, 0x0, 0x39000, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000100)=ANY=[], 0xfffffe3e)

1.771724741s ago: executing program 8 (id=819):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000340)=0x80020000, 0x4)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
recvfrom(r1, 0x0, 0x0, 0x40000040, 0x0, 0x0)

1.690009709s ago: executing program 8 (id=820):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6e)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)=0x3ff)

1.689811807s ago: executing program 5 (id=821):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
r4 = dup2(r3, r3)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)

1.241188422s ago: executing program 9 (id=825):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000005000000000000004b64ffec8500000050000000850000000e0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

1.150729035s ago: executing program 9 (id=826):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000600))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
syz_io_uring_setup(0x34ec, &(0x7f0000000080)={0x0, 0x7522, 0x4, 0xffffffff, 0x170}, &(0x7f0000000140), 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000002380)=""/4101, 0xeeee8000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

1.089643002s ago: executing program 9 (id=827):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000001c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000100)={0x0, 0x0, 0x2001})

1.08948171s ago: executing program 9 (id=828):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

1.00979685s ago: executing program 9 (id=829):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x8041, 0x0)
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000040)=0x2fff)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)

860.899983ms ago: executing program 7 (id=830):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)={0x20, 0x6, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x7fff, 0x5850, 0x1, &(0x7f0000000780)="e0"}], 0x1})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

858.079933ms ago: executing program 9 (id=831):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r3, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0xb, 0x8}}, './file0\x00'})

741.035904ms ago: executing program 38 (id=831):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r3, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0xb, 0x8}}, './file0\x00'})

698.248744ms ago: executing program 5 (id=833):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x478)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)=0x3ff)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

698.115637ms ago: executing program 8 (id=834):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000005000000000000004b64ffec8500000050000000850000000e0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

697.78671ms ago: executing program 8 (id=835):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
iopl(0x3)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
getdents(0xffffffffffffffff, &(0x7f0000001000)=""/4085, 0xff5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001080211000000085990052f00df90720bbc4e"], 0x36)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})

50.332463ms ago: executing program 8 (id=836):
r0 = socket(0x40000000015, 0x5, 0x0)
getpeername(r0, 0x0, 0x0)

0s ago: executing program 8 (id=837):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, &(0x7f00000001c0)={&(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)='\b\x00', 0x2}, {&(0x7f0000000200)="000000001824", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x42}, @private=0xa010102}}}], 0x20}, 0x24008004)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

us mode
[  122.066434][ T7155] hsr_slave_1: entered promiscuous mode
[  122.069327][ T7155] debugfs: 'hsr0' already exists in 'hsr'
[  122.072803][ T7155] Cannot create hsr debugfs directory
[  122.160500][ T5955] Bluetooth: hci3: command tx timeout
[  122.420969][ T7155] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  122.429860][ T7155] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  122.441232][ T7155] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  122.452031][ T7155] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  122.600976][ T6203] hsr_slave_0: left promiscuous mode
[  122.604200][ T6203] hsr_slave_1: left promiscuous mode
[  122.606843][ T6203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.609221][ T6203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.613542][ T6203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.616812][ T6203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.637703][ T6203] veth1_macvtap: left promiscuous mode
[  122.639806][ T6203] veth0_macvtap: left promiscuous mode
[  122.647681][ T6203] veth1_vlan: left promiscuous mode
[  122.649722][ T6203] veth0_vlan: left promiscuous mode
[  123.002266][ T7214] netlink: 20 bytes leftover after parsing attributes in process `syz.3.293'.
[  123.152369][ T6203] team0 (unregistering): Port device team_slave_1 removed
[  123.179500][ T6203] team0 (unregistering): Port device team_slave_0 removed
[  123.203653][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  123.212422][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  123.220656][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  123.228417][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  123.233010][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  123.277395][ T7222] netlink: 'syz.3.294': attribute type 10 has an invalid length.
[  123.427640][ T7228] blktrace: Concurrent blktraces are not allowed on nullb0
[  123.562403][ T7155] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.594468][ T7155] 8021q: adding VLAN 0 to HW filter on device team0
[  123.636557][ T7155] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  123.647166][ T7155] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  123.803759][ T7222] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.807360][ T7222] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.823312][ T7222] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.826263][ T7222] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.830020][ T7222] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.832746][ T7222] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.838492][ T7222] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  123.844059][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.846814][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.851626][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.854243][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.070528][ T7155] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.102626][ T7219] chnl_net:caif_netlink_parms(): no params data found
[  124.194966][ T7225] infiniband syz1: set active
[  124.211609][ T7225] infiniband syz1: added syz_tun
[  124.214516][ T7225] syz1: rxe_create_cq: returned err = -12
[  124.217313][ T7225] infiniband syz1: Couldn't create ib_mad CQ
[  124.220055][ T7225] infiniband syz1: Couldn't open port 1
[  124.233114][ T7219] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.235766][ T7219] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.238526][ T7219] bridge_slave_0: entered allmulticast mode
[  124.241694][ T5951] Bluetooth: hci3: command tx timeout
[  124.242708][ T7219] bridge_slave_0: entered promiscuous mode
[  124.249651][ T7219] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.252374][ T7219] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.253370][ T7225] RDS/IB: syz1: added
[  124.255389][ T7219] bridge_slave_1: entered allmulticast mode
[  124.257420][ T7225] smc: adding ib device syz1 with port count 1
[  124.262539][ T7225] smc:    ib device syz1 port 1 has no pnetid
[  124.267448][ T7219] bridge_slave_1: entered promiscuous mode
[  124.328709][ T7219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.406640][ T6203] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.428623][ T7263] netlink: 12 bytes leftover after parsing attributes in process `syz.2.296'.
[  124.434824][ T7219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.468612][ T7263] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  124.472847][ T7263] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  124.488919][ T7219] team0: Port device team_slave_0 added
[  124.510827][ T6203] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.526162][ T7219] team0: Port device team_slave_1 added
[  124.545144][ T7219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.547862][ T7219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  124.557515][ T7219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.568876][ T7219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  124.572049][ T7219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  124.582831][ T7219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.596948][ T7263] netlink: 36 bytes leftover after parsing attributes in process `syz.2.296'.
[  124.611767][ T6203] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.648839][ T7155] veth0_vlan: entered promiscuous mode
[  124.674426][ T7219] hsr_slave_0: entered promiscuous mode
[  124.676868][ T7219] hsr_slave_1: entered promiscuous mode
[  124.679478][ T7219] debugfs: 'hsr0' already exists in 'hsr'
[  124.682735][ T7219] Cannot create hsr debugfs directory
[  124.687271][ T7155] veth1_vlan: entered promiscuous mode
[  124.723201][ T6203] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.806303][ T7155] veth0_macvtap: entered promiscuous mode
[  124.835288][ T7155] veth1_macvtap: entered promiscuous mode
[  124.935965][ T7155] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.968383][ T7155] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.990594][ T6203] bridge_slave_1: left allmulticast mode
[  124.994023][ T6203] bridge_slave_1: left promiscuous mode
[  124.996814][ T6203] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.007949][ T6203] 
: left allmulticast mode
[  125.010005][ T6203] 
: left promiscuous mode
[  125.012129][ T6203] bridge0: port 1(
) entered disabled state
[  125.282890][ T5951] Bluetooth: hci2: command tx timeout
[  125.389253][ T6203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.410938][ T6203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.423980][ T6203] bond0 (unregistering): Released all slaves
[  125.492949][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.505682][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.527126][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.540599][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.564306][ T7219] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  125.574822][ T6203] tipc: Left network mode
[  125.575114][ T7219] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  125.602783][ T7219] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  125.686300][ T7276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'.
[  125.708872][ T7219] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  125.859774][ T7286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.299'.
[  125.928504][ T7288] input: syz1 as /devices/virtual/input/input6
[  126.017267][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.032622][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.176074][ T4772] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.179470][ T4772] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.325615][ T5951] Bluetooth: hci3: command tx timeout
[  126.436963][ T7299] netlink: 20 bytes leftover after parsing attributes in process `syz.5.300'.
[  126.701386][ T7219] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.726804][ T6203] hsr_slave_0: left promiscuous mode
[  126.732609][ T6203] hsr_slave_1: left promiscuous mode
[  126.736349][ T6203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.739286][ T6203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.742469][ T6203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.745655][ T6203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.761464][ T6203] veth1_macvtap: left promiscuous mode
[  126.763952][ T6203] veth0_macvtap: left promiscuous mode
[  126.768071][ T6203] veth1_vlan: left promiscuous mode
[  126.770592][ T6203] veth0_vlan: left promiscuous mode
[  127.119078][ T6203] team0 (unregistering): Port device team_slave_1 removed
[  127.140808][ T6203] team0 (unregistering): Port device team_slave_0 removed
[  127.352701][ T7219] 8021q: adding VLAN 0 to HW filter on device team0
[  127.358543][   T86] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.360929][   T86] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.364907][ T5951] Bluetooth: hci2: command tx timeout
[  127.371692][   T86] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.374104][   T86] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.394761][ T7302] orangefs_mount: mount request failed with -4
[  127.720370][ T7219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.416094][ T5951] Bluetooth: hci3: command tx timeout
[  129.098634][ T5943] syz_tun (unregistering): left allmulticast mode
[  129.103504][  T221] smc: removing ib device syz1
[  129.139015][    T9] syz1: Port: 1 Link DOWN
[  129.162169][ T7219] veth0_vlan: entered promiscuous mode
[  129.167740][ T7219] veth1_vlan: entered promiscuous mode
[  129.183137][ T7219] veth0_macvtap: entered promiscuous mode
[  129.188914][ T7219] veth1_macvtap: entered promiscuous mode
[  129.199576][ T7219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.208610][ T7219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.216422][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.223131][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.226707][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.229639][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.302984][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.306447][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.351479][ T6203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.355362][ T6203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.447691][ T5951] Bluetooth: hci2: command tx timeout
[  129.635196][ T7364] FAULT_INJECTION: forcing a failure.
[  129.635196][ T7364] name failslab, interval 1, probability 0, space 0, times 0
[  129.641172][ T7364] CPU: 1 UID: 0 PID: 7364 Comm: syz.6.292 Not tainted syzkaller #0 PREEMPT(full) 
[  129.641212][ T7364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.641224][ T7364] Call Trace:
[  129.641230][ T7364]  <TASK>
[  129.641237][ T7364]  dump_stack_lvl+0x16c/0x1f0
[  129.641262][ T7364]  should_fail_ex+0x512/0x640
[  129.641281][ T7364]  ? kmem_cache_alloc_node_noprof+0x65/0x7b0
[  129.641305][ T7364]  should_failslab+0xc2/0x120
[  129.641328][ T7364]  kmem_cache_alloc_node_noprof+0x78/0x7b0
[  129.641348][ T7364]  ? __alloc_skb+0x2b2/0x380
[  129.641371][ T7364]  ? __alloc_skb+0x2b2/0x380
[  129.641387][ T7364]  ? __pfx_netlink_insert+0x10/0x10
[  129.641412][ T7364]  __alloc_skb+0x2b2/0x380
[  129.641429][ T7364]  ? __pfx___alloc_skb+0x10/0x10
[  129.641448][ T7364]  ? netlink_autobind.isra.0+0x158/0x370
[  129.641475][ T7364]  netlink_alloc_large_skb+0x69/0x140
[  129.641496][ T7364]  netlink_sendmsg+0x698/0xdd0
[  129.641521][ T7364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.641547][ T7364]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  129.641571][ T7364]  ____sys_sendmsg+0xa5d/0xc30
[  129.641597][ T7364]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.641619][ T7364]  ? get_compat_msghdr+0x11a/0x170
[  129.641647][ T7364]  ___sys_sendmsg+0x134/0x1d0
[  129.641669][ T7364]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.641699][ T7364]  ? find_held_lock+0x2b/0x80
[  129.641741][ T7364]  __sys_sendmsg+0x16d/0x220
[  129.641760][ T7364]  ? __pfx___sys_sendmsg+0x10/0x10
[  129.641778][ T7364]  ? __pfx___schedule+0x10/0x10
[  129.641802][ T7364]  ? rcu_is_watching+0x12/0xc0
[  129.641834][ T7364]  __do_fast_syscall_32+0xe8/0x680
[  129.641857][ T7364]  do_fast_syscall_32+0x32/0x80
[  129.641879][ T7364]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  129.641902][ T7364] RIP: 0023:0xf70dd579
[  129.641916][ T7364] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  129.641932][ T7364] RSP: 002b:00000000f548b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  129.641949][ T7364] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000300
[  129.641959][ T7364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  129.641970][ T7364] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  129.641979][ T7364] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  129.641989][ T7364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  129.642012][ T7364]  </TASK>
[  129.918408][  T221] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.075818][  T221] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.238836][ T5955] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  130.245041][ T5955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  130.249612][ T5955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.255156][ T5955] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.260386][ T5955] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  130.364540][  T221] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.423664][ T7390] pimreg: entered allmulticast mode
[  130.512179][  T221] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.754362][ T7396] 9pnet_virtio: no channels available for device syz
[  131.291809][ T7385] chnl_net:caif_netlink_parms(): no params data found
[  131.465360][ T7385] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.470844][ T7385] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.474128][ T7385] bridge_slave_0: entered allmulticast mode
[  131.488879][ T7385] bridge_slave_0: entered promiscuous mode
[  131.493978][ T7385] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.497303][ T7385] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.500840][ T7385] bridge_slave_1: entered allmulticast mode
[  131.504869][ T7385] bridge_slave_1: entered promiscuous mode
[  131.528979][ T5955] Bluetooth: hci2: command tx timeout
[  131.569752][ T7385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.589731][ T7385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.670864][ T7385] team0: Port device team_slave_0 added
[  131.674190][ T7385] team0: Port device team_slave_1 added
[  131.717388][ T7385] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.724950][ T7385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  131.735494][ T7385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.739729][  T221] bridge_slave_1: left allmulticast mode
[  131.744508][  T221] bridge_slave_1: left promiscuous mode
[  131.748852][  T221] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.757424][  T221] bridge_slave_0: left allmulticast mode
[  131.759535][  T221] bridge_slave_0: left promiscuous mode
[  131.768503][  T221] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.003412][  T221] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  132.081427][  T221] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  132.086268][  T221] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  132.090623][  T221] bond0 (unregistering): Released all slaves
[  132.095275][ T7385] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.098206][ T7385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  132.109508][ T7385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.143441][ T7385] hsr_slave_0: entered promiscuous mode
[  132.146391][ T7385] hsr_slave_1: entered promiscuous mode
[  132.149572][ T7385] debugfs: 'hsr0' already exists in 'hsr'
[  132.151870][ T7385] Cannot create hsr debugfs directory
[  132.189579][  T221] tipc: Left network mode
[  132.201403][ T6010] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  132.222163][  T842] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  132.329752][ T5955] Bluetooth: hci0: command tx timeout
[  132.359886][ T6010] usb 10-1: Using ep0 maxpacket: 8
[  132.362799][ T6010] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.366018][ T6010] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  132.370426][ T6010] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  132.374034][ T6010] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  132.377862][ T6010] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  132.381505][  T842] usb 7-1: Using ep0 maxpacket: 8
[  132.383617][ T6010] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.387838][  T842] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.399271][  T842] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  132.405314][  T842] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  132.412167][  T842] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  132.417846][ T6010] hub 10-1:1.0: bad descriptor, ignoring hub
[  132.420701][ T6010] hub 10-1:1.0: probe with driver hub failed with error -5
[  132.423857][ T6010] cdc_wdm 10-1:1.0: skipping garbage
[  132.425653][ T6010] cdc_wdm 10-1:1.0: skipping garbage
[  132.427935][  T842] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  132.428753][ T7385] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  132.431394][ T6010] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  132.436125][  T842] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.442965][ T6010] cdc_wdm 10-1:1.0: Unknown control protocol
[  132.449819][  T842] hub 7-1:1.0: bad descriptor, ignoring hub
[  132.451788][  T842] hub 7-1:1.0: probe with driver hub failed with error -5
[  132.454458][  T842] cdc_wdm 7-1:1.0: skipping garbage
[  132.456290][  T842] cdc_wdm 7-1:1.0: skipping garbage
[  132.459436][  T842] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device
[  132.461676][  T842] cdc_wdm 7-1:1.0: Unknown control protocol
[  132.468617][  T221] hsr_slave_0: left promiscuous mode
[  132.471996][  T221] hsr_slave_1: left promiscuous mode
[  132.475085][  T221] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.478397][  T221] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.482960][  T221] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.486315][  T221] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.490397][  T221] batman_adv: batadv0: Removing interface: team0
[  132.504775][  T221] veth1_macvtap: left promiscuous mode
[  132.507250][  T221] veth0_macvtap: left promiscuous mode
[  132.509932][  T221] veth1_vlan: left promiscuous mode
[  132.513264][  T221] veth0_vlan: left promiscuous mode
[  132.672209][   T49] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  132.809780][  T221] team0 (unregistering): Port device team_slave_1 removed
[  132.829980][  T221] team0 (unregistering): Port device team_slave_0 removed
[  132.841530][   T49] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.845193][   T49] usb 11-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  132.848099][   T49] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.853683][   T49] usb 11-1: config 0 descriptor??
[  133.037182][ T7385] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  133.043901][ T7385] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  133.049657][ T7385] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  133.062742][  T842] usb 7-1: USB disconnect, device number 5
[  133.070553][   T49] usbhid 11-1:0.0: can't add hid device: -71
[  133.072640][   T49] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  133.079325][   T49] usb 11-1: USB disconnect, device number 2
[  133.106323][ T7385] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.118707][ T7385] 8021q: adding VLAN 0 to HW filter on device team0
[  133.128145][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.130646][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.139116][ T4536] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.142272][ T4536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.289668][ T7385] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.447036][ T7385] veth0_vlan: entered promiscuous mode
[  133.453520][ T7385] veth1_vlan: entered promiscuous mode
[  133.472453][ T7385] veth0_macvtap: entered promiscuous mode
[  133.476490][ T7385] veth1_macvtap: entered promiscuous mode
[  133.488487][ T7385] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.497927][ T7385] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.505393][   T46] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.509353][   T46] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.514120][   T46] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.517945][   T46] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.541844][    T9] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  133.581732][  T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.584965][  T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.599787][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.603597][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.700990][    T9] usb 11-1: Using ep0 maxpacket: 32
[  133.704408][    T9] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.708344][    T9] usb 11-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  133.712578][    T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.717921][    T9] usb 11-1: config 0 descriptor??
[  133.725387][    T9] ldusb 11-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  133.734613][    T9] ldusb 11-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  134.421943][ T5955] Bluetooth: hci0: command tx timeout
[  136.040340][ T7521] ubi: mtd0 is already attached to ubi31
[  136.205787][ T7444] cdc_wdm 10-1:1.0: Error autopm - -16
[  136.207959][ T6476] usb 10-1: USB disconnect, device number 2
[  136.263526][  T842] usb 11-1: USB disconnect, device number 3
[  136.268541][  T842] ldusb 11-1:0.0: LD USB Device #1 now disconnected
[  136.493827][ T5955] Bluetooth: hci0: command tx timeout
[  136.627844][ T7535] FAULT_INJECTION: forcing a failure.
[  136.627844][ T7535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.633457][ T7535] CPU: 3 UID: 0 PID: 7535 Comm: syz.5.329 Not tainted syzkaller #0 PREEMPT(full) 
[  136.633473][ T7535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  136.633480][ T7535] Call Trace:
[  136.633484][ T7535]  <TASK>
[  136.633488][ T7535]  dump_stack_lvl+0x16c/0x1f0
[  136.633505][ T7535]  should_fail_ex+0x512/0x640
[  136.633520][ T7535]  _copy_from_user+0x2e/0xd0
[  136.633547][ T7535]  vt_compat_ioctl+0x306/0x4e0
[  136.633562][ T7535]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  136.633573][ T7535]  ? hook_file_ioctl_common+0x145/0x410
[  136.633591][ T7535]  ? __fget_files+0x20e/0x3c0
[  136.633605][ T7535]  ? __pfx_fput+0x10/0x10
[  136.633614][ T7535]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  136.633626][ T7535]  tty_compat_ioctl+0x2f1/0x4d0
[  136.633641][ T7535]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  136.633656][ T7535]  __ia32_compat_sys_ioctl+0x242/0x370
[  136.633671][ T7535]  __do_fast_syscall_32+0xe8/0x680
[  136.633686][ T7535]  do_fast_syscall_32+0x32/0x80
[  136.633699][ T7535]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  136.633713][ T7535] RIP: 0023:0xf70bd579
[  136.633721][ T7535] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  136.633732][ T7535] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  136.633743][ T7535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72
[  136.633749][ T7535] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  136.633755][ T7535] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  136.633761][ T7535] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  136.633767][ T7535] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  136.633781][ T7535]  </TASK>
[  137.617727][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  137.620690][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  138.586406][ T5955] Bluetooth: hci0: command tx timeout
[  139.184548][ T7597] netlink: 12 bytes leftover after parsing attributes in process `syz.2.341'.
[  139.192683][ T7597] netlink: 72 bytes leftover after parsing attributes in process `syz.2.341'.
[  139.306747][   T54] usb 12-1: new low-speed USB device number 2 using dummy_hcd
[  139.337019][ T7605] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  139.499468][   T54] usb 12-1: config 0 has an invalid interface number: 1 but max is 0
[  139.503243][   T54] usb 12-1: config 0 has no interface number 0
[  139.506496][   T54] usb 12-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  139.511298][   T54] usb 12-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  139.516226][   T54] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  139.520346][   T54] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.533683][   T54] usb 12-1: config 0 descriptor??
[  139.539616][ T7584] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  139.573727][   T54] iowarrior 12-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  140.409784][   T34] usb 12-1: USB disconnect, device number 2
[  140.649756][ T7622] blktrace: Concurrent blktraces are not allowed on nullb0
[  140.955924][ T7632] FAULT_INJECTION: forcing a failure.
[  140.955924][ T7632] name failslab, interval 1, probability 0, space 0, times 0
[  140.989971][ T7632] CPU: 0 UID: 0 PID: 7632 Comm: syz.7.347 Not tainted syzkaller #0 PREEMPT(full) 
[  140.989988][ T7632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.989994][ T7632] Call Trace:
[  140.989998][ T7632]  <TASK>
[  140.990003][ T7632]  dump_stack_lvl+0x16c/0x1f0
[  140.990025][ T7632]  should_fail_ex+0x512/0x640
[  140.990039][ T7632]  ? __kmalloc_noprof+0xca/0x870
[  140.990051][ T7632]  should_failslab+0xc2/0x120
[  140.990067][ T7632]  __kmalloc_noprof+0xdd/0x870
[  140.990089][ T7632]  ? sock_kmalloc+0x111/0x170
[  140.990107][ T7632]  ? sock_kmalloc+0x111/0x170
[  140.990119][ T7632]  sock_kmalloc+0x111/0x170
[  140.990134][ T7632]  skcipher_recvmsg+0x48d/0x1030
[  140.990150][ T7632]  ? __lock_acquire+0x433/0x22f0
[  140.990162][ T7632]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  140.990174][ T7632]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  140.990189][ T7632]  sock_recvmsg+0x1f9/0x250
[  140.990204][ T7632]  ____sys_recvmsg+0x218/0x6b0
[  140.990220][ T7632]  ? __pfx_____sys_recvmsg+0x10/0x10
[  140.990234][ T7632]  ? import_iovec+0x86/0xb0
[  140.990253][ T7632]  ? __lock_acquire+0x433/0x22f0
[  140.990266][ T7632]  ___sys_recvmsg+0x114/0x1a0
[  140.990280][ T7632]  ? __pfx____sys_recvmsg+0x10/0x10
[  140.990293][ T7632]  ? find_held_lock+0x2b/0x80
[  140.990316][ T7632]  __sys_recvmsg+0x16a/0x220
[  140.990329][ T7632]  ? __pfx___sys_recvmsg+0x10/0x10
[  140.990350][ T7632]  __do_fast_syscall_32+0xe8/0x680
[  140.990365][ T7632]  do_fast_syscall_32+0x32/0x80
[  140.990379][ T7632]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  140.990392][ T7632] RIP: 0023:0xf7f16579
[  140.990401][ T7632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  140.990411][ T7632] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  140.990422][ T7632] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800005c0
[  140.990428][ T7632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  140.990434][ T7632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  140.990440][ T7632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  140.990446][ T7632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  140.990460][ T7632]  </TASK>
[  141.398572][  T842] usb 12-1: new full-speed USB device number 3 using dummy_hcd
[  141.574760][  T842] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.579456][  T842] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 2
[  141.583159][  T842] usb 12-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  141.586197][  T842] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.597968][  T842] usb 12-1: config 0 descriptor??
[  141.605518][  T842] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  141.608192][  T842] dvb-usb: bulk message failed: -22 (3/0)
[  141.622404][  T842] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  141.627123][  T842] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  141.630479][  T842] usb 12-1: media controller created
[  141.635243][  T842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  141.647445][  T842] dvb-usb: bulk message failed: -22 (6/0)
[  141.655075][  T842] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  141.660626][  T842] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb12/12-1/input/input7
[  141.693289][  T842] dvb-usb: schedule remote query interval to 150 msecs.
[  141.706202][  T842] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  141.809042][  T842] usb 12-1: USB disconnect, device number 3
[  141.831391][  T842] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  143.052898][ T7674] netlink: 12 bytes leftover after parsing attributes in process `syz.6.354'.
[  143.643495][ T7688] netlink: 76 bytes leftover after parsing attributes in process `syz.5.356'.
[  143.823020][ T7697] syzkaller0: entered promiscuous mode
[  143.825214][ T7697] syzkaller0: entered allmulticast mode
[  143.970476][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz.5.358'.
[  144.076478][ T7705] netlink: 56 bytes leftover after parsing attributes in process `syz.5.360'.
[  144.122193][  T842] usb 12-1: new high-speed USB device number 4 using dummy_hcd
[  144.291330][  T842] usb 12-1: Using ep0 maxpacket: 8
[  144.303118][  T842] usb 12-1: config index 0 descriptor too short (expected 301, got 45)
[  144.306585][  T842] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  144.310102][  T842] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  144.316692][  T842] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  144.321243][  T842] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  144.326036][  T842] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  144.330288][  T842] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.548277][ T7713] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  144.675892][  T842] usb 12-1: GET_CAPABILITIES returned 0
[  144.693411][  T842] usbtmc 12-1:16.0: can't read capabilities
[  145.044578][ T7697] usbtmc 12-1:16.0: usb_control_msg returned -71
[  145.050733][ T7715] usbtmc 12-1:16.0: send_request_dev_dep_msg_in returned -90
[  145.054766][  T842] usb 12-1: USB disconnect, device number 4
[  145.554405][ T7723] netlink: 32 bytes leftover after parsing attributes in process `syz.2.364'.
[  146.110341][ T7740] FAULT_INJECTION: forcing a failure.
[  146.110341][ T7740] name failslab, interval 1, probability 0, space 0, times 0
[  146.114753][ T7740] CPU: 3 UID: 0 PID: 7740 Comm: syz.7.367 Not tainted syzkaller #0 PREEMPT(full) 
[  146.114768][ T7740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.114774][ T7740] Call Trace:
[  146.114779][ T7740]  <TASK>
[  146.114784][ T7740]  dump_stack_lvl+0x16c/0x1f0
[  146.114801][ T7740]  should_fail_ex+0x512/0x640
[  146.114814][ T7740]  ? __kmalloc_cache_noprof+0x5f/0x770
[  146.114826][ T7740]  should_failslab+0xc2/0x120
[  146.114841][ T7740]  __kmalloc_cache_noprof+0x72/0x770
[  146.114852][ T7740]  ? snd_pcm_oss_change_params_locked+0x247/0x3a40
[  146.114871][ T7740]  ? snd_pcm_oss_change_params_locked+0x247/0x3a40
[  146.114887][ T7740]  snd_pcm_oss_change_params_locked+0x247/0x3a40
[  146.114906][ T7740]  ? __mutex_lock+0x27b/0x1b10
[  146.114922][ T7740]  ? snd_pcm_oss_read+0x378/0x760
[  146.114937][ T7740]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  146.114955][ T7740]  ? __pfx___mutex_lock+0x10/0x10
[  146.114973][ T7740]  ? get_pid_task+0xfc/0x250
[  146.114986][ T7740]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  146.115003][ T7740]  snd_pcm_oss_read+0x39a/0x760
[  146.115019][ T7740]  ? security_file_permission+0x71/0x210
[  146.115040][ T7740]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  146.115057][ T7740]  vfs_read+0x1e4/0xcf0
[  146.115074][ T7740]  ? __pfx_vfs_read+0x10/0x10
[  146.115086][ T7740]  ? find_held_lock+0x2b/0x80
[  146.115102][ T7740]  ? __fget_files+0x204/0x3c0
[  146.115118][ T7740]  ? __fget_files+0x20e/0x3c0
[  146.115130][ T7740]  ? count_memcg_events_mm.constprop.0+0xf0/0x2a0
[  146.115147][ T7740]  ksys_read+0x12a/0x250
[  146.115161][ T7740]  ? __pfx_ksys_read+0x10/0x10
[  146.115178][ T7740]  __do_fast_syscall_32+0xe8/0x680
[  146.115193][ T7740]  do_fast_syscall_32+0x32/0x80
[  146.115206][ T7740]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  146.115220][ T7740] RIP: 0023:0xf7f16579
[  146.115229][ T7740] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  146.115239][ T7740] RSP: 002b:00000000f53e555c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  146.115250][ T7740] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800063c0
[  146.115256][ T7740] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  146.115262][ T7740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  146.115268][ T7740] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  146.115274][ T7740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  146.115287][ T7740]  </TASK>
[  149.716677][ T7758] syz_tun: entered allmulticast mode
[  149.758083][ T7757] syz_tun: left allmulticast mode
[  149.787368][ T7762] fuseblk: Unknown parameter 'rootïÅŒ'
[  149.836023][ T7760] netlink: 12 bytes leftover after parsing attributes in process `syz.7.372'.
[  149.871551][ T7773] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5)
[  149.873854][ T7773] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  149.877649][ T7773] vhci_hcd vhci_hcd.0: Device attached
[  149.880403][ T7775] vhci_hcd: connection closed
[  149.880591][   T46] vhci_hcd: stop threads
[  149.883706][   T46] vhci_hcd: release socket
[  149.885260][   T46] vhci_hcd: disconnect device
[  150.611381][ T7413] usb usb42-port1: attempt power cycle
[  150.833955][   T40] audit: type=1400 audit(1764749579.127:6): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F0413
[  151.060576][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.6.386'.
[  151.096547][ T7812] netlink: 'syz.6.386': attribute type 30 has an invalid length.
[  151.234427][ T7413] usb usb42-port1: unable to enumerate USB device
[  152.308791][ T6203] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  152.317220][ T6203] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  152.323403][ T6203] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  152.326885][ T6203] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  152.344865][ T7823] capability: warning: `syz.7.388' uses 32-bit capabilities (legacy support in use)
[  153.539803][ T6028] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  153.702693][ T6028] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.716216][ T6028] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  153.719375][ T6028] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  153.726502][ T6028] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.740035][ T6028] usb 7-1: config 0 descriptor??
[  153.743389][ T6028] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  153.745617][ T6028] dvb-usb: bulk message failed: -22 (3/0)
[  153.757883][ T6028] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  153.770342][ T6028] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  153.772686][ T6028] usb 7-1: media controller created
[  153.775444][ T6028] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  153.787458][ T6028] dvb-usb: bulk message failed: -22 (6/0)
[  153.789465][ T6028] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  153.800203][ T6028] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input8
[  153.815652][ T6028] dvb-usb: schedule remote query interval to 150 msecs.
[  153.817983][ T6028] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  153.838774][ T7859] openvswitch: netlink: Multiple metadata blocks provided
[  153.981633][   T29] dvb-usb: bulk message failed: -22 (1/0)
[  153.983697][   T29] dvb-usb: error while querying for an remote control event.
[  154.065284][ T7867] blktrace: Concurrent blktraces are not allowed on nullb0
[  154.149289][   T29] dvb-usb: bulk message failed: -22 (1/0)
[  154.196669][   T29] dvb-usb: error while querying for an remote control event.
[  154.372610][   T29] dvb-usb: bulk message failed: -22 (1/0)
[  154.374961][   T29] dvb-usb: error while querying for an remote control event.
[  154.530616][   T29] dvb-usb: bulk message failed: -22 (1/0)
[  154.532650][   T29] dvb-usb: error while querying for an remote control event.
[  154.814288][   T29] dvb-usb: bulk message failed: -22 (1/0)
[  154.816392][   T29] dvb-usb: error while querying for an remote control event.
[  154.885036][ T7890] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(11)
[  154.887296][ T7890] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  154.890312][ T7890] vhci_hcd vhci_hcd.0: Device attached
[  154.971283][ T6028] dvb-usb: bulk message failed: -22 (1/0)
[  154.975577][ T6028] dvb-usb: error while querying for an remote control event.
[  155.182521][ T6028] dvb-usb: bulk message failed: -22 (1/0)
[  155.184831][ T6028] dvb-usb: error while querying for an remote control event.
[  155.188599][   T29] usb 50-1: SetAddress Request (2) to port 0
[  155.191390][   T29] usb 50-1: new SuperSpeed USB device number 2 using vhci_hcd
[  155.356674][ T6028] dvb-usb: bulk message failed: -22 (1/0)
[  155.365020][ T6028] dvb-usb: error while querying for an remote control event.
[  155.373989][ T7898] bridge_slave_0: left allmulticast mode
[  155.376339][ T7898] bridge_slave_0: left promiscuous mode
[  155.381293][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.389165][ T7898] bridge_slave_1: left allmulticast mode
[  155.393231][ T7898] bridge_slave_1: left promiscuous mode
[  155.395872][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.404234][ T7898] bond0: (slave bond_slave_0): Releasing backup interface
[  155.409977][ T7898] bond0: (slave bond_slave_1): Releasing backup interface
[  155.423655][ T7898] team0: Port device team_slave_0 removed
[  155.429808][ T7898] team0: Port device team_slave_1 removed
[  155.433471][ T7898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.436590][ T7898] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.440427][ T7898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.443807][ T7898] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.447160][ T7898] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  155.459542][ T7891] vhci_hcd: connection reset by peer
[  155.464539][   T13] vhci_hcd: stop threads
[  155.466314][   T13] vhci_hcd: release socket
[  155.468490][   T13] vhci_hcd: disconnect device
[  155.513507][ T7901] can0: slcan on ttyS3.
[  155.541650][ T6028] dvb-usb: bulk message failed: -22 (1/0)
[  155.543668][ T6028] dvb-usb: error while querying for an remote control event.
[  155.592652][ T7901] can0 (unregistered): slcan off ttyS3.
[  155.711735][ T6028] dvb-usb: bulk message failed: -22 (1/0)
[  155.713763][ T6028] dvb-usb: error while querying for an remote control event.
[  155.862997][ T6028] usb 7-1: USB disconnect, device number 6
[  155.888777][ T6028] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  156.232774][ T7921] blktrace: Concurrent blktraces are not allowed on nullb0
[  157.663577][ T7937] FAULT_INJECTION: forcing a failure.
[  157.663577][ T7937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  157.667921][ T7937] CPU: 1 UID: 0 PID: 7937 Comm: syz.5.413 Not tainted syzkaller #0 PREEMPT(full) 
[  157.667942][ T7937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  157.667952][ T7937] Call Trace:
[  157.667957][ T7937]  <TASK>
[  157.667961][ T7937]  dump_stack_lvl+0x16c/0x1f0
[  157.667979][ T7937]  should_fail_ex+0x512/0x640
[  157.667994][ T7937]  _copy_from_iter+0x2a4/0x16c0
[  157.668009][ T7937]  ? __alloc_skb+0x200/0x380
[  157.668020][ T7937]  ? __pfx__copy_from_iter+0x10/0x10
[  157.668033][ T7937]  ? netlink_autobind.isra.0+0x158/0x370
[  157.668052][ T7937]  netlink_sendmsg+0x820/0xdd0
[  157.668067][ T7937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.668082][ T7937]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  157.668096][ T7937]  ____sys_sendmsg+0xa5d/0xc30
[  157.668112][ T7937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  157.668126][ T7937]  ? get_compat_msghdr+0x11a/0x170
[  157.668145][ T7937]  ___sys_sendmsg+0x134/0x1d0
[  157.668158][ T7937]  ? __pfx____sys_sendmsg+0x10/0x10
[  157.668175][ T7937]  ? find_held_lock+0x2b/0x80
[  157.668202][ T7937]  __sys_sendmsg+0x16d/0x220
[  157.668220][ T7937]  ? __pfx___sys_sendmsg+0x10/0x10
[  157.668242][ T7937]  __do_fast_syscall_32+0xe8/0x680
[  157.668258][ T7937]  do_fast_syscall_32+0x32/0x80
[  157.668271][ T7937]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  157.668285][ T7937] RIP: 0023:0xf70bd579
[  157.668294][ T7937] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  157.668305][ T7937] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  157.668315][ T7937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  157.668322][ T7937] RDX: 000000002404c080 RSI: 0000000000000000 RDI: 0000000000000000
[  157.668328][ T7937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  157.668334][ T7937] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  157.668340][ T7937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  157.668352][ T7937]  </TASK>
[  157.886080][   T40] audit: type=1326 audit(1764749586.170:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  157.989032][   T40] audit: type=1326 audit(1764749586.180:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  157.999709][   T40] audit: type=1326 audit(1764749586.180:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.009945][   T40] audit: type=1326 audit(1764749586.180:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.017664][   T40] audit: type=1326 audit(1764749586.180:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.027816][   T40] audit: type=1326 audit(1764749586.180:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.037999][   T40] audit: type=1326 audit(1764749586.180:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.048190][   T40] audit: type=1326 audit(1764749586.180:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.058232][   T40] audit: type=1326 audit(1764749586.180:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.068413][   T40] audit: type=1326 audit(1764749586.180:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.6.412" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  158.184331][ T7952] FAULT_INJECTION: forcing a failure.
[  158.184331][ T7952] name failslab, interval 1, probability 0, space 0, times 0
[  158.194145][ T7952] CPU: 0 UID: 0 PID: 7952 Comm: syz.7.416 Not tainted syzkaller #0 PREEMPT(full) 
[  158.194165][ T7952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.194172][ T7952] Call Trace:
[  158.194176][ T7952]  <TASK>
[  158.194181][ T7952]  dump_stack_lvl+0x16c/0x1f0
[  158.194198][ T7952]  should_fail_ex+0x512/0x640
[  158.194211][ T7952]  ? kmem_cache_alloc_node_noprof+0x65/0x7b0
[  158.194225][ T7952]  should_failslab+0xc2/0x120
[  158.194241][ T7952]  kmem_cache_alloc_node_noprof+0x78/0x7b0
[  158.194252][ T7952]  ? alloc_vmap_area+0xd97/0x29a0
[  158.194266][ T7952]  ? __pfx___might_resched+0x10/0x10
[  158.194285][ T7952]  ? alloc_vmap_area+0xd97/0x29a0
[  158.194297][ T7952]  alloc_vmap_area+0xd97/0x29a0
[  158.194316][ T7952]  ? __pfx_alloc_vmap_area+0x10/0x10
[  158.194333][ T7952]  __get_vm_area_node+0x1ca/0x330
[  158.194351][ T7952]  __vmalloc_node_range_noprof+0x271/0x1480
[  158.194367][ T7952]  ? bpf_prog_alloc_no_stats+0x58/0x600
[  158.194380][ T7952]  ? __pfx___might_resched+0x10/0x10
[  158.194399][ T7952]  ? bpf_prog_alloc_no_stats+0x58/0x600
[  158.194412][ T7952]  ? trace_mm_page_alloc+0x11b/0x180
[  158.194428][ T7952]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  158.194445][ T7952]  ? is_bpf_text_address+0x8a/0x1a0
[  158.194460][ T7952]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  158.194472][ T7952]  ? bpf_prog_alloc_no_stats+0x58/0x600
[  158.194484][ T7952]  __vmalloc_node_noprof+0xad/0xf0
[  158.194499][ T7952]  ? bpf_prog_alloc_no_stats+0x58/0x600
[  158.194514][ T7952]  bpf_prog_alloc_no_stats+0x58/0x600
[  158.194526][ T7952]  ? security_capable+0x7e/0x260
[  158.194539][ T7952]  bpf_prog_alloc+0x3b/0x230
[  158.194551][ T7952]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  158.194567][ T7952]  bpf_prog_load+0x1d71/0x2a40
[  158.194587][ T7952]  ? __pfx_bpf_prog_load+0x10/0x10
[  158.194605][ T7952]  ? find_held_lock+0x2b/0x80
[  158.194630][ T7952]  __sys_bpf+0x3e72/0x4980
[  158.194648][ T7952]  ? __pfx___sys_bpf+0x10/0x10
[  158.194664][ T7952]  ? find_held_lock+0x2b/0x80
[  158.194681][ T7952]  ? find_held_lock+0x2b/0x80
[  158.194699][ T7952]  ? __mutex_unlock_slowpath+0x161/0x790
[  158.194720][ T7952]  ? fput+0x70/0xf0
[  158.194729][ T7952]  ? ksys_write+0x1ac/0x250
[  158.194743][ T7952]  ? __pfx_ksys_write+0x10/0x10
[  158.194759][ T7952]  __ia32_sys_bpf+0x76/0xe0
[  158.194768][ T7952]  ? lockdep_hardirqs_on+0x7c/0x110
[  158.194780][ T7952]  __do_fast_syscall_32+0xe8/0x680
[  158.194795][ T7952]  do_fast_syscall_32+0x32/0x80
[  158.194808][ T7952]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.194822][ T7952] RIP: 0023:0xf7f16579
[  158.194830][ T7952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.194841][ T7952] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  158.194851][ T7952] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080
[  158.194857][ T7952] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  158.194869][ T7952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.194875][ T7952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.194880][ T7952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.194893][ T7952]  </TASK>
[  158.780164][ T7959] Bluetooth: MGMT ver 1.23
[  158.907595][ T7962] netlink: 'syz.6.419': attribute type 1 has an invalid length.
[  158.964795][ T7962] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.026139][ T7964] bond1: (slave geneve2): making interface the new active one
[  159.030877][ T7964] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  159.451538][ T7980] netlink: 12 bytes leftover after parsing attributes in process `syz.7.426'.
[  159.488195][ T7980] bond1: entered promiscuous mode
[  159.490110][ T7980] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.509294][ T7980] netlink: 20 bytes leftover after parsing attributes in process `syz.7.426'.
[  159.512657][ T7980] netlink: 12 bytes leftover after parsing attributes in process `syz.7.426'.
[  159.524518][ T7980] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.527573][ T7980] bond1: (slave gtp0): The slave device specified does not support setting the MAC address
[  159.532210][ T7980] bond1: (slave gtp0): Error -95 calling set_mac_address
[  159.635528][ T7985] netlink: 132 bytes leftover after parsing attributes in process `syz.6.428'.
[  159.851222][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  159.862788][ T5951] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  159.872664][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  159.877441][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  159.883767][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  159.954600][ T8002] program syz.6.429 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  160.097986][ T4772] bond0 (unregistering): Released all slaves
[  160.102496][ T4772] bond1 (unregistering): Released all slaves
[  160.190807][ T4772] tipc: Disabling bearer <eth:team0>
[  160.208510][ T4772] tipc: Left network mode
[  160.225916][  T843] usb 12-1: new high-speed USB device number 5 using dummy_hcd
[  160.276295][   T29] usb 50-1: device descriptor read/8, error -110
[  160.303812][ T7994] chnl_net:caif_netlink_parms(): no params data found
[  160.375998][  T843] usb 12-1: Using ep0 maxpacket: 8
[  160.379980][  T843] usb 12-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  160.384362][  T843] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 2
[  160.390064][  T843] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  160.395659][  T843] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  160.401446][  T843] usb 12-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  160.404176][ T7994] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.405565][  T843] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.407844][ T7994] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.413727][ T7994] bridge_slave_0: entered allmulticast mode
[  160.424752][ T7994] bridge_slave_0: entered promiscuous mode
[  160.427296][  T843] hub 12-1:1.0: bad descriptor, ignoring hub
[  160.427319][  T843] hub 12-1:1.0: probe with driver hub failed with error -5
[  160.427679][  T843] cdc_wdm 12-1:1.0: skipping garbage
[  160.431672][ T7994] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.440432][ T7994] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.442104][  T843] cdc_wdm 12-1:1.0: skipping garbage
[  160.443635][ T7994] bridge_slave_1: entered allmulticast mode
[  160.448422][  T843] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device
[  160.448776][ T7994] bridge_slave_1: entered promiscuous mode
[  160.451034][  T843] cdc_wdm 12-1:1.0: Unknown control protocol
[  160.466454][ T6028] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  160.511033][ T4772] hsr_slave_0: left promiscuous mode
[  160.513925][ T4772] hsr_slave_1: left promiscuous mode
[  160.524811][ T4772] pimreg (unregistering): left allmulticast mode
[  160.626244][ T6028] usb 10-1: Using ep0 maxpacket: 8
[  160.631733][ T6028] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  160.636415][ T6028] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  160.640219][ T6028] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  160.645035][ T6028] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  160.649904][ T6028] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  160.654156][ T6028] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.672487][ T6028] hub 10-1:1.0: bad descriptor, ignoring hub
[  160.676191][ T6028] hub 10-1:1.0: probe with driver hub failed with error -5
[  160.680803][ T6028] cdc_wdm 10-1:1.0: skipping garbage
[  160.684181][ T6028] cdc_wdm 10-1:1.0: skipping garbage
[  160.687927][   T29] usb usb50-port1: attempt power cycle
[  160.709845][ T6028] cdc_wdm 10-1:1.0: cdc-wdm1: USB WDM device
[  160.712544][ T6028] cdc_wdm 10-1:1.0: Unknown control protocol
[  160.787084][ T8026] FAULT_INJECTION: forcing a failure.
[  160.787084][ T8026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.792789][ T8026] CPU: 3 UID: 0 PID: 8026 Comm: syz.6.434 Not tainted syzkaller #0 PREEMPT(full) 
[  160.792811][ T8026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.792821][ T8026] Call Trace:
[  160.792828][ T8026]  <TASK>
[  160.792835][ T8026]  dump_stack_lvl+0x16c/0x1f0
[  160.792858][ T8026]  should_fail_ex+0x512/0x640
[  160.792879][ T8026]  _copy_from_iter+0x2a4/0x16c0
[  160.792902][ T8026]  ? __alloc_skb+0x200/0x380
[  160.792917][ T8026]  ? __pfx__copy_from_iter+0x10/0x10
[  160.792934][ T8026]  ? __lock_acquire+0x433/0x22f0
[  160.792953][ T8026]  ? __pfx___might_resched+0x10/0x10
[  160.792986][ T8026]  netlink_sendmsg+0x820/0xdd0
[  160.793013][ T8026]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.793036][ T8026]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  160.793061][ T8026]  ____sys_sendmsg+0xa5d/0xc30
[  160.793087][ T8026]  ? __pfx_____sys_sendmsg+0x10/0x10
[  160.793116][ T8026]  ? get_compat_msghdr+0x11a/0x170
[  160.793146][ T8026]  ___sys_sendmsg+0x134/0x1d0
[  160.793167][ T8026]  ? __pfx____sys_sendmsg+0x10/0x10
[  160.793197][ T8026]  ? find_held_lock+0x2b/0x80
[  160.793237][ T8026]  __sys_sendmsg+0x16d/0x220
[  160.793257][ T8026]  ? __pfx___sys_sendmsg+0x10/0x10
[  160.793291][ T8026]  __do_fast_syscall_32+0xe8/0x680
[  160.793317][ T8026]  do_fast_syscall_32+0x32/0x80
[  160.793339][ T8026]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.793361][ T8026] RIP: 0023:0xf70dd579
[  160.793375][ T8026] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  160.793393][ T8026] RSP: 002b:00000000f54ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  160.793411][ T8026] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  160.793422][ T8026] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  160.793432][ T8026] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  160.793442][ T8026] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  160.793451][ T8026] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.793475][ T8026]  </TASK>
[  161.012981][ T8027] overlayfs: overlapping lowerdir path
[  161.202853][ T7994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.219746][ T7994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.227717][ T8029] overlayfs: overlapping lowerdir path
[  161.256483][ T8033] netlink: 72 bytes leftover after parsing attributes in process `syz.6.435'.
[  161.269325][   T29] usb usb50-port1: unable to enumerate USB device
[  161.281370][ T7994] team0: Port device team_slave_0 added
[  161.289709][ T7994] team0: Port device team_slave_1 added
[  161.325062][ T7994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.328348][ T7994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  161.339825][ T7994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.348597][ T7994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.351564][ T7994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  161.365794][ T7994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.418210][ T7994] hsr_slave_0: entered promiscuous mode
[  161.421485][ T7994] hsr_slave_1: entered promiscuous mode
[  161.533730][ T8049] FAULT_INJECTION: forcing a failure.
[  161.533730][ T8049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.538313][ T8049] CPU: 3 UID: 0 PID: 8049 Comm: syz.6.440 Not tainted syzkaller #0 PREEMPT(full) 
[  161.538329][ T8049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.538335][ T8049] Call Trace:
[  161.538339][ T8049]  <TASK>
[  161.538344][ T8049]  dump_stack_lvl+0x16c/0x1f0
[  161.538367][ T8049]  should_fail_ex+0x512/0x640
[  161.538390][ T8049]  _copy_from_iter+0x2a4/0x16c0
[  161.538406][ T8049]  ? __alloc_skb+0x200/0x380
[  161.538417][ T8049]  ? __pfx__copy_from_iter+0x10/0x10
[  161.538431][ T8049]  ? netlink_autobind.isra.0+0x158/0x370
[  161.538449][ T8049]  netlink_sendmsg+0x820/0xdd0
[  161.538465][ T8049]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.538479][ T8049]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  161.538494][ T8049]  ____sys_sendmsg+0xa5d/0xc30
[  161.538510][ T8049]  ? __pfx_____sys_sendmsg+0x10/0x10
[  161.538524][ T8049]  ? get_compat_msghdr+0x11a/0x170
[  161.538541][ T8049]  ___sys_sendmsg+0x134/0x1d0
[  161.538554][ T8049]  ? __pfx____sys_sendmsg+0x10/0x10
[  161.538571][ T8049]  ? find_held_lock+0x2b/0x80
[  161.538595][ T8049]  __sys_sendmsg+0x16d/0x220
[  161.538607][ T8049]  ? __pfx___sys_sendmsg+0x10/0x10
[  161.538630][ T8049]  ? fput+0x70/0xf0
[  161.538645][ T8049]  __do_fast_syscall_32+0xe8/0x680
[  161.538661][ T8049]  do_fast_syscall_32+0x32/0x80
[  161.538674][ T8049]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.538688][ T8049] RIP: 0023:0xf70dd579
[  161.538697][ T8049] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  161.538707][ T8049] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  161.538718][ T8049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  161.538724][ T8049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  161.538730][ T8049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.538736][ T8049] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.538742][ T8049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.538756][ T8049]  </TASK>
[  161.540070][ T8049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  161.559036][ T7994] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  161.586273][ T8049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  161.637724][ T7994] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  161.644644][ T7994] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  161.651927][ T7994] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  161.717799][ T7994] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.731293][ T7994] 8021q: adding VLAN 0 to HW filter on device team0
[  161.740789][ T4772] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.743171][ T4772] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.751705][ T4772] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.754379][ T4772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.881621][ T7994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.967955][ T5951] Bluetooth: hci1: command tx timeout
[  162.043973][ T7994] veth0_vlan: entered promiscuous mode
[  162.054566][ T7994] veth1_vlan: entered promiscuous mode
[  162.077279][ T7994] veth0_macvtap: entered promiscuous mode
[  162.083128][ T7994] veth1_macvtap: entered promiscuous mode
[  162.095460][ T7994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.105135][ T7994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.112797][ T1222] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.115810][ T1222] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.119519][ T1222] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.123408][ T1222] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.189089][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.192668][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.209719][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.213227][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.375277][ T8084] blktrace: Concurrent blktraces are not allowed on nullb0
[  163.202232][    C1] cdc_wdm 12-1:1.0: nonzero urb status received: -71
[  163.203910][ T3332] usb 12-1: USB disconnect, device number 5
[  163.205523][    C1] cdc_wdm 12-1:1.0: wdm_int_callback - 0 bytes
[  163.210885][    C1] cdc_wdm 12-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  163.214937][    C1] dummy_hcd dummy_hcd.7: timer fired with no URBs pending?
[  163.328732][  T842] usb 10-1: USB disconnect, device number 3
[  163.585407][ T8112] netlink: 56 bytes leftover after parsing attributes in process `syz.8.446'.
[  163.678473][ T8119] netlink: 44 bytes leftover after parsing attributes in process `syz.8.446'.
[  163.701814][ T8120] 9pnet_virtio: no channels available for device syz
[  163.847650][   T49] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  163.967130][ T8142] tipc: Started in network mode
[  163.971648][ T8142] tipc: Node identity 76a9dc66058e, cluster identity 4711
[  163.974883][ T8142] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  163.978181][ T8143] syzkaller0: entered promiscuous mode
[  163.983049][ T8143] syzkaller0: entered allmulticast mode
[  163.987273][ T8142] ecryptfs: Unknown parameter '/dev/net/tun'
[  164.021083][ T8142] tipc: Resetting bearer <eth:syzkaller0>
[  164.040086][ T8142] tipc: Disabling bearer <eth:syzkaller0>
[  164.040776][ T5951] Bluetooth: hci1: command tx timeout
[  164.489929][   T29] usb 12-1: new high-speed USB device number 6 using dummy_hcd
[  164.518214][ T8193] blktrace: Concurrent blktraces are not allowed on nullb0
[  164.671127][   T29] usb 12-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  164.677183][   T29] usb 12-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  164.680583][   T29] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  164.683271][   T29] usb 12-1: Product: syz
[  164.684676][   T29] usb 12-1: Manufacturer: syz
[  164.686256][   T29] usb 12-1: SerialNumber: syz
[  164.894470][   T29] usblp 12-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  165.097247][   T29] usb 12-1: USB disconnect, device number 6
[  165.101430][   T29] usblp0: removed
[  166.121325][ T5955] Bluetooth: hci1: command tx timeout
[  168.203202][ T5955] Bluetooth: hci1: command 0x0419 tx timeout
[  170.285073][ T5951] Bluetooth: hci1: command 0x0419 tx timeout
[  174.432605][ T8241] netlink: 'syz.8.459': attribute type 3 has an invalid length.
[  174.489438][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.8.459'.
[  174.513016][ T8244] netlink: 16 bytes leftover after parsing attributes in process `syz.8.459'.
[  174.596441][ T8246] ref_ctr_offset mismatch. inode: 0x109 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  174.816707][ T8255] netlink: 4 bytes leftover after parsing attributes in process `syz.5.462'.
[  174.824764][ T8255] netlink: 4 bytes leftover after parsing attributes in process `syz.5.462'.
[  175.211208][   T40] kauditd_printk_skb: 315 callbacks suppressed
[  175.211224][   T40] audit: type=1800 audit(1764749603.485:332): pid=8260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.464" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  175.380516][ T8269] FAULT_INJECTION: forcing a failure.
[  175.380516][ T8269] name failslab, interval 1, probability 0, space 0, times 0
[  175.385549][ T8269] CPU: 3 UID: 0 PID: 8269 Comm: syz.8.469 Not tainted syzkaller #0 PREEMPT(full) 
[  175.385570][ T8269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.385579][ T8269] Call Trace:
[  175.385586][ T8269]  <TASK>
[  175.385593][ T8269]  dump_stack_lvl+0x16c/0x1f0
[  175.385616][ T8269]  should_fail_ex+0x512/0x640
[  175.385633][ T8269]  ? __kmalloc_cache_noprof+0x5f/0x770
[  175.385651][ T8269]  should_failslab+0xc2/0x120
[  175.385673][ T8269]  __kmalloc_cache_noprof+0x72/0x770
[  175.385688][ T8269]  ? drm_atomic_state_alloc+0xb8/0x120
[  175.385705][ T8269]  ? __kasan_save_free_info+0x3b/0x60
[  175.385722][ T8269]  ? drm_atomic_state_alloc+0xb8/0x120
[  175.385738][ T8269]  drm_atomic_state_alloc+0xb8/0x120
[  175.385755][ T8269]  drm_mode_atomic_ioctl+0x393/0x2600
[  175.385785][ T8269]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  175.385803][ T8269]  ? __lock_acquire+0x433/0x22f0
[  175.385831][ T8269]  ? drm_is_current_master+0x2c/0x40
[  175.385849][ T8269]  ? do_raw_spin_unlock+0x172/0x230
[  175.385871][ T8269]  drm_ioctl_kernel+0x1f4/0x3e0
[  175.385884][ T8269]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  175.385903][ T8269]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  175.385932][ T8269]  drm_ioctl+0x5c9/0xc30
[  175.385948][ T8269]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  175.385967][ T8269]  ? __pfx_drm_ioctl+0x10/0x10
[  175.385996][ T8269]  drm_compat_ioctl+0x327/0x460
[  175.386015][ T8269]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  175.386034][ T8269]  __ia32_compat_sys_ioctl+0x242/0x370
[  175.386060][ T8269]  __do_fast_syscall_32+0xe8/0x680
[  175.386081][ T8269]  do_fast_syscall_32+0x32/0x80
[  175.386100][ T8269]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  175.386118][ T8269] RIP: 0023:0xf703d579
[  175.386130][ T8269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  175.386145][ T8269] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  175.386160][ T8269] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000c03864bc
[  175.386170][ T8269] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  175.386179][ T8269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  175.386187][ T8269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  175.386195][ T8269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  175.386215][ T8269]  </TASK>
[  175.604740][ T8275] blktrace: Concurrent blktraces are not allowed on nullb0
[  175.631508][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.634281][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.717826][ T8279] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.786395][ T8281] netlink: 4 bytes leftover after parsing attributes in process `syz.7.468'.
[  175.790047][ T8281] netlink: 4 bytes leftover after parsing attributes in process `syz.7.468'.
[  176.265802][ T8285] netlink: 12 bytes leftover after parsing attributes in process `syz.6.473'.
[  176.784962][ T8301] netlink: 4 bytes leftover after parsing attributes in process `syz.7.476'.
[  176.980835][  T842] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  177.138916][  T842] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  177.161708][  T842] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  177.194571][ T8303] netlink: 4 bytes leftover after parsing attributes in process `syz.8.478'.
[  177.194920][  T842] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  177.246164][  T842] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  177.274706][  T842] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  177.294008][  T842] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  177.302898][  T842] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  177.313960][  T842] usb 11-1: Product: syz
[  177.318425][  T842] usb 11-1: Manufacturer: syz
[  177.361946][  T842] cdc_wdm 11-1:1.0: skipping garbage
[  177.370742][  T842] cdc_wdm 11-1:1.0: skipping garbage
[  177.397725][  T842] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device
[  177.400546][  T842] cdc_wdm 11-1:1.0: Unknown control protocol
[  178.108430][ T8320] netlink: 8 bytes leftover after parsing attributes in process `syz.7.481'.
[  178.383657][ T7413] usb 11-1: USB disconnect, device number 4
[  178.759631][   T40] audit: type=1800 audit(1764749607.022:333): pid=8330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.482" name="bus" dev="overlay" ino=276 res=0 errno=0
[  179.517545][ T8342] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  179.529512][ T8342] netlink: 40 bytes leftover after parsing attributes in process `syz.6.484'.
[  180.503807][ T6476] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  180.653898][ T6476] usb 10-1: Using ep0 maxpacket: 8
[  180.657087][ T6476] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  180.660782][ T6476] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  180.663756][ T6476] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.669596][ T6476] usb 10-1: config 0 descriptor??
[  181.107993][ T6476] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  181.975054][ T6476] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  181.995213][ T7413] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  182.145041][ T8380] orangefs_mount: mount request failed with -4
[  182.156844][ T6476] usb 12-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  182.165209][ T7413] usb 11-1: Using ep0 maxpacket: 8
[  182.178018][ T6476] usb 12-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  182.186421][ T7413] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.190815][ T7413] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2
[  182.194399][ T7413] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  182.203599][ T6476] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  182.208539][ T6476] usb 12-1: Product: syz
[  182.210893][ T6476] usb 12-1: Manufacturer: syz
[  182.213291][ T6476] usb 12-1: SerialNumber: syz
[  182.216592][ T7413] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  182.222216][ T7413] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  182.229207][ T7413] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.260190][ T7413] hub 11-1:1.0: bad descriptor, ignoring hub
[  182.262680][ T7413] hub 11-1:1.0: probe with driver hub failed with error -5
[  182.269213][ T7413] cdc_wdm 11-1:1.0: skipping garbage
[  182.271392][ T7413] cdc_wdm 11-1:1.0: skipping garbage
[  182.280803][ T7413] cdc_wdm 11-1:1.0: cdc-wdm1: USB WDM device
[  182.283298][ T7413] cdc_wdm 11-1:1.0: Unknown control protocol
[  182.470421][ T6476] usblp 12-1:1.0: usblp2: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  182.672946][ T8387] overlayfs: overlapping lowerdir path
[  182.686995][    T9] usb 12-1: USB disconnect, device number 7
[  182.695090][    T9] usblp2: removed
[  182.796709][ T6476] usb 11-1: USB disconnect, device number 5
[  183.530197][ T7291] usb 10-1: USB disconnect, device number 4
[  183.649382][ T8396] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  183.655515][ T8396] netlink: 40 bytes leftover after parsing attributes in process `syz.6.495'.
[  183.668919][ T8399] netlink: 24 bytes leftover after parsing attributes in process `syz.8.494'.
[  183.677259][ T8399] netlink: 40 bytes leftover after parsing attributes in process `syz.8.494'.
[  184.056850][ T7291] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  184.215514][ T8407] ksmbd: Unknown IPC event: 3, ignore.
[  184.305158][ T7291] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  184.317928][ T7291] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  184.338934][ T7291] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  184.352748][ T7291] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  184.368953][ T7291] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  184.389653][ T7291] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  184.392707][ T7291] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  184.407495][ T7291] usb 10-1: Product: syz
[  184.414020][ T7291] usb 10-1: Manufacturer: syz
[  184.459081][ T7291] cdc_wdm 10-1:1.0: skipping garbage
[  184.471586][ T7291] cdc_wdm 10-1:1.0: skipping garbage
[  184.503548][ T7291] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  184.509510][ T5316] usb 12-1: new high-speed USB device number 8 using dummy_hcd
[  184.523606][ T7291] cdc_wdm 10-1:1.0: Unknown control protocol
[  184.697903][ T8411] netlink: 36 bytes leftover after parsing attributes in process `syz.8.499'.
[  184.700992][ T8411] netlink: 40 bytes leftover after parsing attributes in process `syz.8.499'.
[  184.739300][ T5316] usb 12-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  184.775263][ T5316] usb 12-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  184.802008][ T5316] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 66
[  184.840392][ T5316] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  184.868608][ T5316] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  184.908056][ T5316] usb 12-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  184.926874][ T5316] usb 12-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  184.945084][ T5316] usb 12-1: Product: syz
[  184.955217][ T5316] usb 12-1: Manufacturer: syz
[  185.024761][ T5316] cdc_wdm 12-1:1.0: skipping garbage
[  185.036678][ T5316] cdc_wdm 12-1:1.0: skipping garbage
[  185.066956][ T5316] cdc_wdm 12-1:1.0: cdc-wdm1: USB WDM device
[  185.080496][ T5316] cdc_wdm 12-1:1.0: Unknown control protocol
[  185.258873][ T8415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  185.294284][ T8415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  185.955368][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  185.955472][ T6010] usb 10-1: USB disconnect, device number 5
[  185.957738][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  185.957751][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  186.425333][ T8427] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  186.453872][ T8427] netlink: 40 bytes leftover after parsing attributes in process `syz.8.502'.
[  187.700051][ T6476] usb 12-1: USB disconnect, device number 8
[  187.874797][ T4536] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  187.879117][ T4536] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.892249][ T8452] process 'syz.5.511' launched './file0' with NULL argv: empty string added
[  187.963516][ T4536] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  187.968096][ T4536] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.167913][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  188.172130][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  188.175553][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  188.179116][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  188.182795][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  188.211864][ T4536] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  188.214654][ T8458] FAULT_INJECTION: forcing a failure.
[  188.214654][ T8458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.215445][ T4536] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.220076][ T8458] CPU: 3 UID: 0 PID: 8458 Comm: syz.8.514 Not tainted syzkaller #0 PREEMPT(full) 
[  188.220092][ T8458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  188.220098][ T8458] Call Trace:
[  188.220103][ T8458]  <TASK>
[  188.220108][ T8458]  dump_stack_lvl+0x16c/0x1f0
[  188.220127][ T8458]  should_fail_ex+0x512/0x640
[  188.220142][ T8458]  _copy_from_iter+0x2a4/0x16c0
[  188.220157][ T8458]  ? __alloc_skb+0x200/0x380
[  188.220168][ T8458]  ? __pfx__copy_from_iter+0x10/0x10
[  188.220181][ T8458]  ? netlink_autobind.isra.0+0x158/0x370
[  188.220200][ T8458]  netlink_sendmsg+0x820/0xdd0
[  188.220216][ T8458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.220231][ T8458]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  188.220246][ T8458]  ____sys_sendmsg+0xa5d/0xc30
[  188.220262][ T8458]  ? __pfx_____sys_sendmsg+0x10/0x10
[  188.220276][ T8458]  ? get_compat_msghdr+0x11a/0x170
[  188.220293][ T8458]  ___sys_sendmsg+0x134/0x1d0
[  188.220306][ T8458]  ? __pfx____sys_sendmsg+0x10/0x10
[  188.220338][ T8458]  ? find_held_lock+0x2b/0x80
[  188.220363][ T8458]  __sys_sendmsg+0x16d/0x220
[  188.220374][ T8458]  ? __pfx___sys_sendmsg+0x10/0x10
[  188.220395][ T8458]  __do_fast_syscall_32+0xe8/0x680
[  188.220411][ T8458]  do_fast_syscall_32+0x32/0x80
[  188.220424][ T8458]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.220438][ T8458] RIP: 0023:0xf703d579
[  188.220447][ T8458] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  188.220458][ T8458] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  188.220468][ T8458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  188.220475][ T8458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  188.220481][ T8458] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.220487][ T8458] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  188.220492][ T8458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.220506][ T8458]  </TASK>
[  188.355645][ T4536] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  188.359441][ T4536] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.433061][ T8455] chnl_net:caif_netlink_parms(): no params data found
[  188.615214][ T4536] bridge_slave_1: left allmulticast mode
[  188.617756][ T4536] bridge_slave_1: left promiscuous mode
[  188.619865][ T4536] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.626641][ T4536] bridge_slave_0: left allmulticast mode
[  188.628547][ T4536] bridge_slave_0: left promiscuous mode
[  188.630474][ T4536] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.912341][ T4536] bond1 (unregistering): (slave geneve2): Releasing active interface
[  189.023338][ T8479] /dev/nullb0: Can't open blockdev
[  189.037528][ T4536] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  189.043657][ T4536] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.048672][ T4536] bond0 (unregistering): Released all slaves
[  189.112510][ T4536] bond1 (unregistering): Released all slaves
[  189.136526][ T8479] netlink: 4 bytes leftover after parsing attributes in process `syz.5.518'.
[  189.181486][ T5316] IPVS: starting estimator thread 0...
[  189.281444][ T8480] IPVS: using max 44 ests per chain, 105600 per kthread
[  189.359522][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.362265][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.365039][ T8455] bridge_slave_0: entered allmulticast mode
[  189.369097][ T8455] bridge_slave_0: entered promiscuous mode
[  189.385072][ T8478] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.390840][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.395995][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.405318][ T8455] bridge_slave_1: entered allmulticast mode
[  189.414434][ T8478] netlink: 40 bytes leftover after parsing attributes in process `syz.7.519'.
[  189.602324][ T8455] bridge_slave_1: entered promiscuous mode
[  189.651168][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.664677][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.691523][ T8455] team0: Port device team_slave_0 added
[  189.695852][ T8455] team0: Port device team_slave_1 added
[  189.726567][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.728974][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.741086][ T8496] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.759416][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.766272][ T4536] hsr_slave_0: left promiscuous mode
[  189.768625][ T4536] hsr_slave_1: left promiscuous mode
[  189.770733][ T4536] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.773262][ T4536] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.776153][ T4536] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.776746][ T8496] netlink: 40 bytes leftover after parsing attributes in process `syz.8.521'.
[  189.778720][ T4536] batman_adv: batadv0: Removing interface: batadv_slave_1
[  189.798472][ T4536] veth1_macvtap: left promiscuous mode
[  189.800565][ T4536] veth0_macvtap: left promiscuous mode
[  189.803405][ T4536] veth1_vlan: left promiscuous mode
[  189.805772][ T4536] veth0_vlan: left promiscuous mode
[  190.048463][ T8511] netlink: 8 bytes leftover after parsing attributes in process `syz.5.523'.
[  190.236415][ T5951] Bluetooth: hci2: command tx timeout
[  190.240565][ T4536] team0 (unregistering): Port device team_slave_1 removed
[  190.264670][ T4536] team0 (unregistering): Port device team_slave_0 removed
[  190.574486][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.577109][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.586509][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.625798][ T8455] hsr_slave_0: entered promiscuous mode
[  190.629037][ T8455] hsr_slave_1: entered promiscuous mode
[  190.631966][ T8455] debugfs: 'hsr0' already exists in 'hsr'
[  190.634586][ T8455] Cannot create hsr debugfs directory
[  190.736441][ T8455] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  190.740677][ T8455] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  190.745464][ T8455] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  190.751268][ T8455] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  190.846322][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.857044][ T8533] FAULT_INJECTION: forcing a failure.
[  190.857044][ T8533] name failslab, interval 1, probability 0, space 0, times 0
[  190.862238][ T8533] CPU: 3 UID: 0 PID: 8533 Comm: syz.7.526 Not tainted syzkaller #0 PREEMPT(full) 
[  190.862257][ T8533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  190.862268][ T8533] Call Trace:
[  190.862275][ T8533]  <TASK>
[  190.862281][ T8533]  dump_stack_lvl+0x16c/0x1f0
[  190.862303][ T8533]  should_fail_ex+0x512/0x640
[  190.862324][ T8533]  should_failslab+0xc2/0x120
[  190.862350][ T8533]  kmem_cache_alloc_noprof+0x75/0x720
[  190.862371][ T8533]  ? dst_alloc+0x99/0x1a0
[  190.862395][ T8533]  ? __pfx_ip6_dst_gc+0x10/0x10
[  190.862414][ T8533]  ? dst_alloc+0x99/0x1a0
[  190.862429][ T8533]  dst_alloc+0x99/0x1a0
[  190.862449][ T8533]  ip6_pol_route+0x96b/0x1230
[  190.862470][ T8533]  ? __pfx_ip6_pol_route+0x10/0x10
[  190.862498][ T8533]  ? __local_bh_enable_ip+0xa4/0x120
[  190.862528][ T8533]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  190.862544][ T8533]  fib6_rule_lookup+0x536/0x720
[  190.862586][ T8533]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  190.862614][ T8533]  ? nf_nat_ipv6_fn+0xff/0x2e0
[  190.862642][ T8533]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  190.862668][ T8533]  ? inet6_ehashfn+0x87/0x4f0
[  190.862692][ T8533]  ? __pfx_inet6_ehashfn+0x10/0x10
[  190.862716][ T8533]  ? ip6table_mangle_hook+0xcb/0x770
[  190.862738][ T8533]  ip6_route_input+0x662/0xc70
[  190.862755][ T8533]  ? __inet6_lookup_established+0x66e/0xc60
[  190.862781][ T8533]  ? __pfx_ip6_route_input+0x10/0x10
[  190.862805][ T8533]  ? __pfx___inet6_lookup_established+0x10/0x10
[  190.862831][ T8533]  ? tcp_v6_early_demux+0x3f3/0xbe0
[  190.862857][ T8533]  ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0
[  190.862875][ T8533]  ipv6_rcv+0x1e8/0x650
[  190.862896][ T8533]  ? __pfx_ipv6_rcv+0x10/0x10
[  190.862909][ T8533]  __netif_receive_skb_one_core+0x12d/0x1e0
[  190.862926][ T8533]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  190.862944][ T8533]  ? lock_acquire+0x179/0x330
[  190.862964][ T8533]  ? __phys_addr+0xe8/0x180
[  190.862992][ T8533]  __netif_receive_skb+0x1d/0x160
[  190.863007][ T8533]  netif_receive_skb+0x137/0x760
[  190.863021][ T8533]  ? __pfx_netif_receive_skb+0x10/0x10
[  190.863047][ T8533]  tun_rx_batched.isra.0+0x3ee/0x740
[  190.863070][ T8533]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  190.863095][ T8533]  ? tun_get_user+0x1ded/0x3cc0
[  190.863116][ T8533]  ? rcu_is_watching+0x12/0xc0
[  190.863148][ T8533]  tun_get_user+0x28b2/0x3cc0
[  190.863183][ T8533]  ? __pfx_tun_get_user+0x10/0x10
[  190.863208][ T8533]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  190.863239][ T8533]  ? find_held_lock+0x2b/0x80
[  190.863266][ T8533]  ? tun_get+0x191/0x370
[  190.863293][ T8533]  tun_chr_write_iter+0xdc/0x210
[  190.863319][ T8533]  vfs_write+0x7d3/0x11d0
[  190.863344][ T8533]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  190.863370][ T8533]  ? __pfx_vfs_write+0x10/0x10
[  190.863392][ T8533]  ? find_held_lock+0x2b/0x80
[  190.863434][ T8533]  ksys_write+0x12a/0x250
[  190.863458][ T8533]  ? __pfx_ksys_write+0x10/0x10
[  190.863490][ T8533]  __do_fast_syscall_32+0xe8/0x680
[  190.863516][ T8533]  do_fast_syscall_32+0x32/0x80
[  190.863540][ T8533]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  190.863560][ T8533] RIP: 0023:0xf7f16579
[  190.863571][ T8533] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  190.863585][ T8533] RSP: 002b:00000000f5406520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  190.863599][ T8533] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000080
[  190.863664][ T8533] RDX: 000000000000004a RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  190.863673][ T8533] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  190.863682][ T8533] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  190.863692][ T8533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.863716][ T8533]  </TASK>
[  191.041500][ T8455] 8021q: adding VLAN 0 to HW filter on device team0
[  191.070263][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.072672][ T8476] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.087851][  T221] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.091049][  T221] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.131936][ T8455] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.141052][ T8455] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.568485][ T8562] openvswitch: netlink: Flow key attr not present in new flow.
[  191.745153][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.248965][ T8455] veth0_vlan: entered promiscuous mode
[  192.262957][ T8455] veth1_vlan: entered promiscuous mode
[  192.290283][ T8455] veth0_macvtap: entered promiscuous mode
[  192.296806][ T8455] veth1_macvtap: entered promiscuous mode
[  192.309758][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.314633][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.330804][ T5951] Bluetooth: hci2: command tx timeout
[  192.537389][ T8596] netlink: 24 bytes leftover after parsing attributes in process `syz.5.531'.
[  192.592952][  T101] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.628110][  T101] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.631096][  T101] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.634018][  T101] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.834919][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.838588][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.873401][ T8476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.877641][ T8476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.964442][ T6028] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  193.247533][ T6028] usb 13-1: config 4 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 32
[  193.251107][ T6028] usb 13-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  193.260637][ T6028] usb 13-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  193.263776][ T6028] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.281795][ T8619] netlink: 24 bytes leftover after parsing attributes in process `syz.9.533'.
[  193.303666][ T6028] usb 13-1: Product: syz
[  193.305261][ T6028] usb 13-1: Manufacturer: syz
[  193.306921][ T6028] usb 13-1: SerialNumber: syz
[  193.318878][ T8595] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  193.325113][ T6028] usblp0: Disabling reads from problematic bidirectional printer
[  193.610323][ T8621] bond1: entered promiscuous mode
[  193.618504][ T6028] usblp 13-1:4.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x03F0 pid 0x0004
[  193.649834][ T8621] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  193.653883][ T8621] bond1: (slave macvlan2): Enslaving as an active interface with a down link
[  193.664550][ T8621] bridge0: port 1(syz_tun) entered blocking state
[  193.667427][ T8621] bridge0: port 1(syz_tun) entered disabled state
[  193.669861][ T8621] syz_tun: entered allmulticast mode
[  193.672639][ T8621] syz_tun: entered promiscuous mode
[  193.678048][ T8621] bridge0: port 1(syz_tun) entered blocking state
[  193.680434][ T8621] bridge0: port 1(syz_tun) entered forwarding state
[  193.688826][ T8621] netlink: 'syz.5.535': attribute type 10 has an invalid length.
[  193.696665][ T8621] bridge0: port 1(syz_tun) entered disabled state
[  193.702602][ T8621] bridge0: port 1(syz_tun) entered blocking state
[  193.704922][ T8621] bridge0: port 1(syz_tun) entered forwarding state
[  193.709881][ T8621] bridge0: entered promiscuous mode
[  193.714023][ T8621] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  193.730038][ T8621] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:a8aa:aaff:feaa:aa0c error=-28
[  193.734937][ T8621] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:18dd:ffff:fe1c:eee0 error=-28
[  193.842855][    C1] usblp0: nonzero write bulk status received: -71
[  193.869012][ T8621] infiniband syz1: set active
[  193.870785][ T8621] infiniband syz1: added syz_tun
[  194.127181][ T8641] netlink: 12 bytes leftover after parsing attributes in process `syz.9.536'.
[  194.136911][ T8621] RDS/IB: syz1: added
[  194.141219][ T8621] smc: adding ib device syz1 with port count 1
[  194.144997][ T8621] smc:    ib device syz1 port 1 has no pnetid
[  194.385690][ T5951] Bluetooth: hci2: command tx timeout
[  194.624504][ T8667] FAULT_INJECTION: forcing a failure.
[  194.624504][ T8667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.631975][ T8667] CPU: 0 UID: 0 PID: 8667 Comm: syz.9.540 Not tainted syzkaller #0 PREEMPT(full) 
[  194.631992][ T8667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  194.631998][ T8667] Call Trace:
[  194.632003][ T8667]  <TASK>
[  194.632007][ T8667]  dump_stack_lvl+0x16c/0x1f0
[  194.632026][ T8667]  should_fail_ex+0x512/0x640
[  194.632048][ T8667]  _copy_from_iter+0x2a4/0x16c0
[  194.632064][ T8667]  ? rcu_is_watching+0x12/0xc0
[  194.632088][ T8667]  ? __pfx__copy_from_iter+0x10/0x10
[  194.632102][ T8667]  ? __asan_memset+0x23/0x50
[  194.632116][ T8667]  ? __build_skb_around+0x278/0x390
[  194.632134][ T8667]  ? is_vmalloc_addr+0x86/0xa0
[  194.632147][ T8667]  netlink_sendmsg+0x820/0xdd0
[  194.632164][ T8667]  ? __pfx_netlink_sendmsg+0x10/0x10
[  194.632180][ T8667]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  194.632196][ T8667]  __sys_sendto+0x4a3/0x520
[  194.632207][ T8667]  ? __pfx___sys_sendto+0x10/0x10
[  194.632229][ T8667]  ? ksys_write+0x1ac/0x250
[  194.632244][ T8667]  ? __pfx_ksys_write+0x10/0x10
[  194.632260][ T8667]  __ia32_sys_sendto+0xdd/0x1b0
[  194.632271][ T8667]  ? __do_fast_syscall_32+0x9a/0x680
[  194.632285][ T8667]  ? lockdep_hardirqs_on+0x7c/0x110
[  194.632299][ T8667]  __do_fast_syscall_32+0xe8/0x680
[  194.632315][ T8667]  do_fast_syscall_32+0x32/0x80
[  194.632329][ T8667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  194.632344][ T8667] RIP: 0023:0xf703d579
[  194.632352][ T8667] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  194.632363][ T8667] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  194.632375][ T8667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  194.632382][ T8667] RDX: 0000000000010a73 RSI: 0000000000000800 RDI: 0000000000000000
[  194.632388][ T8667] RBP: 000000005a5de35b R08: 0000000000000000 R09: 0000000000000000
[  194.632398][ T8667] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  194.632407][ T8667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  194.632421][ T8667]  </TASK>
[  195.208791][ T8683] lo speed is unknown, defaulting to 1000
[  195.211710][ T8683] lo speed is unknown, defaulting to 1000
[  195.219498][ T8683] lo speed is unknown, defaulting to 1000
[  195.239046][ T8683] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  195.273794][ T8683] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  195.410042][ T6028] usb 13-1: USB disconnect, device number 2
[  195.415028][ T6028] usblp0: removed
[  195.426171][ T8683] lo speed is unknown, defaulting to 1000
[  195.430423][ T8683] lo speed is unknown, defaulting to 1000
[  195.434248][ T8683] lo speed is unknown, defaulting to 1000
[  195.451428][ T8683] lo speed is unknown, defaulting to 1000
[  196.020527][ T8688] netlink: 'syz.8.544': attribute type 2 has an invalid length.
[  196.023225][ T8698] FAULT_INJECTION: forcing a failure.
[  196.023225][ T8698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.039996][ T8698] CPU: 1 UID: 0 PID: 8698 Comm: syz.9.547 Not tainted syzkaller #0 PREEMPT(full) 
[  196.040025][ T8698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  196.040031][ T8698] Call Trace:
[  196.040036][ T8698]  <TASK>
[  196.040040][ T8698]  dump_stack_lvl+0x16c/0x1f0
[  196.040058][ T8698]  should_fail_ex+0x512/0x640
[  196.040073][ T8698]  _copy_from_user+0x2e/0xd0
[  196.040087][ T8698]  copy_mount_options+0x76/0x190
[  196.040100][ T8698]  __ia32_sys_mount+0x1ab/0x310
[  196.040110][ T8698]  ? __pfx___ia32_sys_mount+0x10/0x10
[  196.040123][ T8698]  __do_fast_syscall_32+0xe8/0x680
[  196.040139][ T8698]  do_fast_syscall_32+0x32/0x80
[  196.040152][ T8698]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  196.040166][ T8698] RIP: 0023:0xf703d579
[  196.040175][ T8698] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  196.040185][ T8698] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  196.040196][ T8698] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000
[  196.040202][ T8698] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000080000140
[  196.040208][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  196.040214][ T8698] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  196.040220][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  196.040234][ T8698]  </TASK>
[  196.467629][ T5951] Bluetooth: hci2: command tx timeout
[  197.110218][ T8708] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(6)
[  197.113102][ T8708] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  197.117797][ T8708] vhci_hcd vhci_hcd.0: Device attached
[  197.354735][ T8718] netlink: 12 bytes leftover after parsing attributes in process `syz.8.553'.
[  197.368327][   T54] usb 55-1: new low-speed USB device number 2 using vhci_hcd
[  197.442558][ T8722] syz_tun: entered allmulticast mode
[  197.448075][ T8721] syz_tun: left allmulticast mode
[  197.623383][ T8709] vhci_hcd: connection reset by peer
[  197.625988][  T221] vhci_hcd: stop threads
[  197.627401][  T221] vhci_hcd: release socket
[  197.632473][  T221] vhci_hcd: disconnect device
[  197.778554][ T3332] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  197.933116][ T3332] usb 13-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  197.937215][ T3332] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.941126][ T3332] usb 13-1: Product: syz
[  197.943149][ T3332] usb 13-1: Manufacturer: syz
[  197.945283][ T3332] usb 13-1: SerialNumber: syz
[  197.951081][ T3332] usb 13-1: config 0 descriptor??
[  197.963533][   T40] audit: type=1326 audit(1764749626.215:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8739 comm="syz.5.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  197.970980][   T40] audit: type=1326 audit(1764749626.215:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8739 comm="syz.5.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  197.980764][   T40] audit: type=1326 audit(1764749626.225:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8739 comm="syz.5.560" exe="/syz-executor" sig=0 arch=40000003 syscall=246 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  197.990506][   T40] audit: type=1326 audit(1764749626.225:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8739 comm="syz.5.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  198.000782][   T40] audit: type=1326 audit(1764749626.225:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8739 comm="syz.5.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  198.078065][ T8743] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  198.333381][ T8746] Device name cannot be null; rc = [-22]
[  198.396152][   T24] IPVS: starting estimator thread 0...
[  198.479153][ T8749] IPVS: using max 22 ests per chain, 52800 per kthread
[  198.963141][ T3332] usb 13-1: non-Atmel transceiver xxxxd800
[  199.111748][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  199.113918][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  199.165944][ T3332] usb 13-1: Firmware version (0.0) predates our first public release.
[  199.168745][ T3332] usb 13-1: Please update to version 0.2 or newer
[  199.171373][ T3332] usb 13-1: atusb_probe: initialization failed, error = -19
[  199.175733][ T3332] usb 13-1: USB disconnect, device number 3
[  201.497927][ T8826] syz.7.587 uses obsolete (PF_INET,SOCK_PACKET)
[  202.434909][ T4772] Bluetooth: Error in BCSP hdr checksum
[  202.462710][   T54] vhci_hcd: vhci_device speed not set
[  202.694078][ T7946] Bluetooth: Error in BCSP hdr checksum
[  204.234201][ T5955] Bluetooth: hci4: command 0x1003 tx timeout
[  204.234375][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  205.727524][ T8915] netlink: 'syz.8.608': attribute type 8 has an invalid length.
[  205.730656][ T8915] netlink: 64 bytes leftover after parsing attributes in process `syz.8.608'.
[  205.734339][ T8915] block nbd0: not configured, cannot reconfigure
[  207.099812][ T8942] netlink: 4 bytes leftover after parsing attributes in process `syz.5.616'.
[  207.106466][ T8942] netlink: 4 bytes leftover after parsing attributes in process `syz.5.616'.
[  207.997056][ T5955] Bluetooth: hci4: command 0x1003 tx timeout
[  207.997285][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  208.556866][ T8987] =======================================================
[  208.556866][ T8987] WARNING: The mand mount option has been deprecated and
[  208.556866][ T8987]          and is ignored by this kernel. Remove the mand
[  208.556866][ T8987]          option from the mount to silence this warning.
[  208.556866][ T8987] =======================================================
[  208.782835][ T8989] netlink: 52 bytes leftover after parsing attributes in process `syz.5.634'.
[  209.867505][ T9009] netlink: 'syz.9.641': attribute type 10 has an invalid length.
[  209.877585][ T9009] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  210.038172][ T9020] netlink: 27 bytes leftover after parsing attributes in process `syz.5.647'.
[  210.599837][ T9035] random: crng reseeded on system resumption
[  211.114790][ T5951] Bluetooth: hci1: unexpected event for opcode 0x203d
[  211.516083][ T1145] Bluetooth: hci4: Frame reassembly failed (-84)
[  211.519173][ T1145] Bluetooth: hci4: Frame reassembly failed (-84)
[  211.910276][  T843] usb 13-1: new low-speed USB device number 4 using dummy_hcd
[  212.095364][  T843] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  212.098873][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  212.110392][  T843] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  212.114875][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  212.119119][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  212.132902][  T843] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  212.136284][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  212.144290][  T843] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  212.152582][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  212.156238][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  212.170521][  T843] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  212.173141][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  212.176652][  T843] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  212.189533][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  212.194071][  T843] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  212.200453][  T843] usb 13-1: string descriptor 0 read error: -22
[  212.202546][  T843] usb 13-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  212.205651][  T843] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.231064][  T843] adutux 13-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  213.521585][ T5955] Bluetooth: hci4: command 0x1003 tx timeout
[  213.525021][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  214.554046][ T9092] can0: slcan on ttyS3.
[  214.644483][ T9091] can0 (unregistered): slcan off ttyS3.
[  214.893358][ T6321] usb 13-1: USB disconnect, device number 4
[  215.170031][ T9106] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  215.182955][ T9106] block device autoloading is deprecated and will be removed.
[  215.863259][ T9121] netlink: 4 bytes leftover after parsing attributes in process `syz.9.676'.
[  215.871783][ T9121] warning: `syz.9.676' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  216.346417][ T9135] mmap: syz.7.681 (9135) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  219.368287][ T9209] IPVS: sync thread started: state = BACKUP, mcast_ifn = team0, syncid = 4, id = 0
[  219.719304][ T9216] netlink: 72 bytes leftover after parsing attributes in process `syz.7.708'.
[  220.542296][ T9244] No control pipe specified
[  220.557233][ T6034] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  220.710873][ T6034] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.715840][ T6034] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.722151][ T6034] usb 10-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  220.726033][ T6034] usb 10-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  220.729996][ T6034] usb 10-1: Manufacturer: syz
[  220.733471][ T6034] usb 10-1: config 0 descriptor??
[  221.442642][ T9261] ptrace attach of "/syz-executor exec"[7385] was attempted by "/syz-executor exec"[9261]
[  221.535811][ T9265] can0: slcan on ttyS3.
[  221.698188][ T9264] can0 (unregistered): slcan off ttyS3.
[  221.862350][ T6034] uclogic 0003:256C:006D.0003: v1 frame probing failed: -71
[  221.864948][ T6034] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  221.867488][ T6034] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71
[  221.884161][ T6034] usb 10-1: USB disconnect, device number 6
[  223.075843][ T9292] can0: slcan on ttyS3.
[  223.139603][ T9291] can0 (unregistered): slcan off ttyS3.
[  223.577972][ T9316] can0: slcan on ttyS3.
[  223.680402][ T9315] can0 (unregistered): slcan off ttyS3.
[  223.825781][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.7.745'.
[  223.861446][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.7.745'.
[  224.581903][ T9346] can0: slcan on ttyS3.
[  224.651358][ T9345] can0 (unregistered): slcan off ttyS3.
[  225.838552][ T9378] can0: slcan on ttyS3.
[  225.912244][ T9377] can0 (unregistered): slcan off ttyS3.
[  226.932364][ T5948] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  227.082426][ T5948] usb 10-1: Using ep0 maxpacket: 8
[  227.086928][ T5948] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  227.090523][ T5948] usb 10-1: config 0 has no interface number 0
[  227.094292][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  227.098848][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  227.104049][ T5948] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  227.109103][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  227.115999][ T5948] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  227.120082][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.126837][ T5948] usb 10-1: config 0 descriptor??
[  227.137068][ T5948] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  227.202490][   T54] usb 14-1: new full-speed USB device number 2 using dummy_hcd
[  227.384104][   T54] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  227.387477][   T54] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  227.391828][   T54] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.397502][   T10] usb 10-1: USB disconnect, device number 7
[  227.397554][    C0] ldusb 10-1:0.55: usb_submit_urb failed (-19)
[  227.402649][   T54] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.417582][ T9397] ldusb: No device or device unplugged -19
[  227.417584][   T10] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  227.418700][ T9412] can0: slcan on ttyS3.
[  227.503187][ T9411] can0 (unregistered): slcan off ttyS3.
[  227.711319][   T54] usb 14-1: usb_control_msg returned -32
[  227.714594][   T54] usbtmc 14-1:16.0: can't read capabilities
[  227.943231][   T10] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  228.075747][ T9419] usbtmc 14-1:16.0: usb_control_msg returned -32
[  228.080062][  T843] usb 14-1: USB disconnect, device number 2
[  228.095980][   T10] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  228.100712][   T10] usb 13-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  228.104715][   T10] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  228.110982][   T10] usb 13-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  228.114608][   T10] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.117587][   T10] usb 13-1: Product: syz
[  228.119131][   T10] usb 13-1: Manufacturer: syz
[  228.120914][   T10] usb 13-1: SerialNumber: syz
[  228.126728][   T10] usb 13-1: config 0 descriptor??
[  228.131522][ T9418] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  228.139654][ T9418] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  228.149693][   T10] usb 13-1: ucan: probing device on interface #0
[  228.350847][   T10] usb 13-1: ucan: device protocol version 45315 is not supported
[  228.353564][   T10] usb 13-1: ucan: probe failed; try to update the device firmware
[  228.643845][ T7291] usb 12-1: new full-speed USB device number 9 using dummy_hcd
[  228.759332][   T40] audit: type=1326 audit(1764749656.980:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.766532][   T40] audit: type=1326 audit(1764749656.980:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.773449][   T40] audit: type=1326 audit(1764749656.980:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.780742][   T40] audit: type=1326 audit(1764749656.980:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.787954][   T40] audit: type=1326 audit(1764749656.980:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.795030][   T40] audit: type=1326 audit(1764749656.980:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.802077][   T40] audit: type=1326 audit(1764749656.980:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.809877][   T40] audit: type=1326 audit(1764749656.980:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.817632][ T7291] usb 12-1: config 0 has an invalid interface number: 107 but max is 0
[  228.820360][ T7291] usb 12-1: config 0 has no interface number 0
[  228.822372][ T7291] usb 12-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  228.826569][   T40] audit: type=1326 audit(1764749656.980:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.826883][ T7291] usb 12-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  228.834766][   T40] audit: type=1326 audit(1764749656.980:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9430 comm="syz.9.785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  228.849105][ T7291] usb 12-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  228.852563][ T7291] usb 12-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  228.855864][ T7291] usb 12-1: Product: syz
[  228.857369][ T7291] usb 12-1: Manufacturer: syz
[  228.859017][ T7291] usb 12-1: SerialNumber: syz
[  228.861840][ T7291] usb 12-1: config 0 descriptor??
[  228.865437][ T7291] keyspan 12-1:0.107: Keyspan 4 port adapter converter detected
[  228.868162][ T7291] keyspan 12-1:0.107: found no endpoint descriptor for endpoint 81
[  228.871516][ T7291] keyspan 12-1:0.107: found no endpoint descriptor for endpoint 1
[  228.877634][ T7291] usb 12-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  228.881670][ T7291] keyspan 12-1:0.107: found no endpoint descriptor for endpoint 2
[  228.885581][ T7291] usb 12-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  228.889416][ T7291] keyspan 12-1:0.107: found no endpoint descriptor for endpoint 4
[  228.893043][ T7291] usb 12-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  228.897259][ T7291] keyspan 12-1:0.107: found no endpoint descriptor for endpoint 6
[  228.900958][ T7291] usb 12-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  229.067158][ T7291] usb 12-1: USB disconnect, device number 9
[  229.076761][ T7291] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  229.085679][ T7291] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  229.096044][ T7291] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  229.106073][ T7291] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  229.109595][ T7291] keyspan 12-1:0.107: device disconnected
[  229.784887][ T6034] usb 14-1: new high-speed USB device number 3 using dummy_hcd
[  229.913065][ T9451] netlink: 4 bytes leftover after parsing attributes in process `syz.7.792'.
[  229.917753][ T9451] netlink: 4 bytes leftover after parsing attributes in process `syz.7.792'.
[  229.944686][ T6034] usb 14-1: Using ep0 maxpacket: 8
[  229.955796][ T6034] usb 14-1: config 0 has no interfaces?
[  229.960161][ T6034] usb 14-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  229.963128][ T6034] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.966008][ T6034] usb 14-1: Product: syz
[  229.967661][ T6034] usb 14-1: Manufacturer: syz
[  229.969728][ T6034] usb 14-1: SerialNumber: syz
[  229.985509][ T6034] usb 14-1: config 0 descriptor??
[  230.074507][ T9453] can0: slcan on ttyS3.
[  230.134895][ T9452] can0 (unregistered): slcan off ttyS3.
[  230.198474][   T54] usb 14-1: USB disconnect, device number 3
[  230.209621][ T9459] bridge0: port 1(syz_tun) entered disabled state
[  230.327036][  T843] syz1: Port: 1 Link DOWN
[  230.327223][ T4772] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.328583][   T10] lo speed is unknown, defaulting to 1000
[  230.331610][ T4772] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.333655][   T10] syz0: Port: 1 Link DOWN
[  230.338420][ T4772] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.341795][ T4772] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.586943][   T10] usb 13-1: USB disconnect, device number 5
[  231.560395][ T9499] netlink: 16 bytes leftover after parsing attributes in process `syz.8.805'.
[  231.893018][ T9519] random: crng reseeded on system resumption
[  233.301999][ T8476] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.421077][ T8476] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.437537][ T9569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  233.458717][   T34] usb 12-1: new high-speed USB device number 10 using dummy_hcd
[  233.491408][ T8476] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.563797][ T8476] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.579944][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  233.584082][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  233.589552][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  233.594021][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  233.599055][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  233.628266][   T34] usb 12-1: Using ep0 maxpacket: 16
[  233.632271][   T34] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  233.638633][   T34] usb 12-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  233.641985][   T34] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.644754][   T34] usb 12-1: Product: syz
[  233.646194][   T34] usb 12-1: Manufacturer: syz
[  233.648391][   T34] usb 12-1: SerialNumber: syz
[  233.692869][   T34] usb 12-1: config 0 descriptor??
[  233.704238][   T34] em28xx 12-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  233.707511][   T34] em28xx 12-1:0.0: DVB interface 0 found: bulk
[  233.716358][ T8476] bridge_slave_1: left allmulticast mode
[  233.718410][ T8476] bridge_slave_1: left promiscuous mode
[  233.720412][ T8476] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.725963][ T8476] bridge_slave_0: left allmulticast mode
[  233.728994][ T8476] bridge_slave_0: left promiscuous mode
[  233.731363][ T8476] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.948585][ T8476] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  233.952800][ T8476] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  233.956828][ T8476] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  233.964203][ T8476] bond0 (unregistering): Released all slaves
[  233.969315][ T9571] lo speed is unknown, defaulting to 1000
[  234.091710][ T8476] ------------[ cut here ]------------
[  234.094164][ T8476] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[  234.096803][ T8476] WARNING: net/mac80211/driver-ops.c:366 at 0x0, CPU#1: kworker/u32:17/8476
[  234.100694][ T8476] Modules linked in:
[  234.103787][ T8476] CPU: 1 UID: 0 PID: 8476 Comm: kworker/u32:17 Not tainted syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  234.108107][ T8476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.112951][ T8476] Workqueue: netns cleanup_net
[  234.115145][ T8476] RIP: 0010:drv_unassign_vif_chanctx+0x204/0x7f0
[  234.118044][ T8476] Code: 72 28 f4 f6 48 8b 74 24 10 48 81 c6 20 01 00 00 48 89 74 24 10 e8 5c 28 f4 f6 48 8d 3d 55 49 ac 05 8b 54 24 04 48 8b 74 24 10 <67> 48 0f b9 3a e8 42 28 f4 f6 4c 89 f2 48 b8 00 00 00 00 00 fc ff
[  234.126513][ T8476] RSP: 0018:ffffc90002e5f538 EFLAGS: 00010293
[  234.129309][ T8476] RAX: 0000000000000000 RBX: ffff888013074d80 RCX: ffffffff8ac91751
[  234.132829][ T8476] RDX: 0000000000000000 RSI: ffff888013074120 RDI: ffffffff90756110
[  234.135989][ T8476] RBP: ffff888025a30e80 R08: 0000000000000005 R09: 0000000000000000
[  234.139123][ T8476] R10: 0000000000000000 R11: 0000000013ae352f R12: ffff888013076ad8
[  234.141849][ T8476] R13: 0000000000000000 R14: ffff8880130757b8 R15: ffff888013076a80
[  234.144548][ T8476] FS:  0000000000000000(0000) GS:ffff888097aa5000(0000) knlGS:0000000000000000
[  234.147559][ T8476] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  234.149945][ T8476] CR2: 000000002f523ffc CR3: 000000000df84000 CR4: 0000000000352ef0
[  234.152657][ T8476] Call Trace:
[  234.153950][ T8476]  <TASK>
[  234.154980][ T8476]  ieee80211_assign_link_chanctx+0x3f1/0xf00
[  234.157098][ T8476]  __ieee80211_link_release_channel+0x273/0x4b0
[  234.159836][ T8476]  ieee80211_link_release_channel+0x128/0x200
[  234.162167][ T8476]  ? __pfx_ieee80211_uninit+0x10/0x10
[  234.164003][ T8476]  unregister_netdevice_many_notify+0x13f8/0x2570
[  234.166179][ T8476]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  234.168605][ T8476]  ? __call_rcu_common.constprop.0+0x3f0/0xa10
[  234.171295][ T8476]  ? find_held_lock+0x2b/0x80
[  234.172912][ T8476]  unregister_netdevice_queue+0x305/0x3c0
[  234.174847][ T8476]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  234.176996][ T8476]  _cfg80211_unregister_wdev+0x64b/0x800
[  234.179194][ T8476]  ieee80211_remove_interfaces+0x34e/0x700
[  234.181451][ T8476]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  234.183620][ T8476]  ieee80211_unregister_hw+0x55/0x3a0
[  234.185618][ T8476]  hwsim_exit_net+0x788/0x1590
[  234.187275][ T8476]  ? __pfx_hwsim_exit_net+0x10/0x10
[  234.189286][ T8476]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[  234.191188][ T8476]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[  234.193754][ T8476]  ? __pfx_hwsim_exit_net+0x10/0x10
[  234.196124][ T8476]  ops_undo_list+0x2ee/0xab0
[  234.198305][ T8476]  ? __pfx_ops_undo_list+0x10/0x10
[  234.200600][ T8476]  ? cleanup_net+0x347/0x830
[  234.202668][ T8476]  ? idr_destroy+0x62/0x2e0
[  234.204735][ T8476]  cleanup_net+0x41b/0x830
[  234.206728][ T8476]  ? __pfx_cleanup_net+0x10/0x10
[  234.209063][ T8476]  ? rcu_is_watching+0x12/0xc0
[  234.211266][ T8476]  process_one_work+0x9ba/0x1b20
[  234.213555][ T8476]  ? __pfx_process_one_work+0x10/0x10
[  234.216009][ T8476]  ? assign_work+0x1a0/0x250
[  234.217652][ T8476]  worker_thread+0x6c8/0xf10
[  234.219518][ T8476]  ? __kthread_parkme+0x19e/0x250
[  234.221234][ T8476]  ? __pfx_worker_thread+0x10/0x10
[  234.222971][ T8476]  kthread+0x3c5/0x780
[  234.224402][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.225980][ T8476]  ? rcu_is_watching+0x12/0xc0
[  234.227631][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.229438][ T8476]  ret_from_fork+0x983/0xb10
[  234.231073][ T8476]  ? __pfx_ret_from_fork+0x10/0x10
[  234.232834][ T8476]  ? __switch_to+0x7af/0x10d0
[  234.234436][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.236049][ T8476]  ret_from_fork_asm+0x1a/0x30
[  234.237696][ T8476]  </TASK>
[  234.238959][ T8476] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  234.242219][ T8476] CPU: 1 UID: 0 PID: 8476 Comm: kworker/u32:17 Not tainted syzkaller #0 PREEMPT(full) 
[  234.246491][ T8476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.251179][ T8476] Workqueue: netns cleanup_net
[  234.253356][ T8476] Call Trace:
[  234.254882][ T8476]  <TASK>
[  234.256262][ T8476]  dump_stack_lvl+0x3d/0x1f0
[  234.258325][ T8476]  vpanic+0x640/0x6f0
[  234.260093][ T8476]  panic+0xca/0xd0
[  234.261775][ T8476]  ? __pfx_panic+0x10/0x10
[  234.263784][ T8476]  ? check_panic_on_warn+0x1f/0xb0
[  234.266108][ T8476]  check_panic_on_warn+0xab/0xb0
[  234.268333][ T8476]  __warn+0x108/0x3c0
[  234.269757][ T8476]  __report_bug+0x2a0/0x520
[  234.271341][ T8476]  ? __pfx___report_bug+0x10/0x10
[  234.273560][ T8476]  ? drv_unassign_vif_chanctx+0x191/0x7f0
[  234.276154][ T8476]  ? __lock_acquire+0x433/0x22f0
[  234.278366][ T8476]  report_bug_entry+0xb2/0x220
[  234.280500][ T8476]  ? drv_unassign_vif_chanctx+0x204/0x7f0
[  234.283002][ T8476]  handle_bug+0x18a/0x260
[  234.284949][ T8476]  exc_invalid_op+0x17/0x50
[  234.286972][ T8476]  asm_exc_invalid_op+0x1a/0x20
[  234.289125][ T8476] RIP: 0010:drv_unassign_vif_chanctx+0x204/0x7f0
[  234.291938][ T8476] Code: 72 28 f4 f6 48 8b 74 24 10 48 81 c6 20 01 00 00 48 89 74 24 10 e8 5c 28 f4 f6 48 8d 3d 55 49 ac 05 8b 54 24 04 48 8b 74 24 10 <67> 48 0f b9 3a e8 42 28 f4 f6 4c 89 f2 48 b8 00 00 00 00 00 fc ff
[  234.299456][ T8476] RSP: 0018:ffffc90002e5f538 EFLAGS: 00010293
[  234.302059][ T8476] RAX: 0000000000000000 RBX: ffff888013074d80 RCX: ffffffff8ac91751
[  234.304732][ T8476] RDX: 0000000000000000 RSI: ffff888013074120 RDI: ffffffff90756110
[  234.307388][ T8476] RBP: ffff888025a30e80 R08: 0000000000000005 R09: 0000000000000000
[  234.310060][ T8476] R10: 0000000000000000 R11: 0000000013ae352f R12: ffff888013076ad8
[  234.312741][ T8476] R13: 0000000000000000 R14: ffff8880130757b8 R15: ffff888013076a80
[  234.315508][ T8476]  ? drv_unassign_vif_chanctx+0x191/0x7f0
[  234.317438][ T8476]  ? drv_unassign_vif_chanctx+0x1f4/0x7f0
[  234.319638][ T8476]  ieee80211_assign_link_chanctx+0x3f1/0xf00
[  234.321977][ T8476]  __ieee80211_link_release_channel+0x273/0x4b0
[  234.324175][ T8476]  ieee80211_link_release_channel+0x128/0x200
[  234.326452][ T8476]  ? __pfx_ieee80211_uninit+0x10/0x10
[  234.328440][ T8476]  unregister_netdevice_many_notify+0x13f8/0x2570
[  234.330801][ T8476]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  234.333234][ T8476]  ? __call_rcu_common.constprop.0+0x3f0/0xa10
[  234.335619][ T8476]  ? find_held_lock+0x2b/0x80
[  234.337344][ T8476]  unregister_netdevice_queue+0x305/0x3c0
[  234.339584][ T8476]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  234.342034][ T8476]  _cfg80211_unregister_wdev+0x64b/0x800
[  234.344113][ T8476]  ieee80211_remove_interfaces+0x34e/0x700
[  234.346421][ T8476]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  234.349113][ T8476]  ieee80211_unregister_hw+0x55/0x3a0
[  234.350958][ T8476]  hwsim_exit_net+0x788/0x1590
[  234.352628][ T8476]  ? __pfx_hwsim_exit_net+0x10/0x10
[  234.354484][ T8476]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[  234.356384][ T8476]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[  234.358276][ T8476]  ? __pfx_hwsim_exit_net+0x10/0x10
[  234.360046][ T8476]  ops_undo_list+0x2ee/0xab0
[  234.361643][ T8476]  ? __pfx_ops_undo_list+0x10/0x10
[  234.363570][ T8476]  ? cleanup_net+0x347/0x830
[  234.365252][ T8476]  ? idr_destroy+0x62/0x2e0
[  234.366821][ T8476]  cleanup_net+0x41b/0x830
[  234.368726][ T8476]  ? __pfx_cleanup_net+0x10/0x10
[  234.370715][ T8476]  ? rcu_is_watching+0x12/0xc0
[  234.372489][ T8476]  process_one_work+0x9ba/0x1b20
[  234.374178][ T8476]  ? __pfx_process_one_work+0x10/0x10
[  234.375987][ T8476]  ? assign_work+0x1a0/0x250
[  234.377531][ T8476]  worker_thread+0x6c8/0xf10
[  234.379122][ T8476]  ? __kthread_parkme+0x19e/0x250
[  234.380849][ T8476]  ? __pfx_worker_thread+0x10/0x10
[  234.382634][ T8476]  kthread+0x3c5/0x780
[  234.384016][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.385567][ T8476]  ? rcu_is_watching+0x12/0xc0
[  234.387160][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.388768][ T8476]  ret_from_fork+0x983/0xb10
[  234.390345][ T8476]  ? __pfx_ret_from_fork+0x10/0x10
[  234.392094][ T8476]  ? __switch_to+0x7af/0x10d0
[  234.393656][ T8476]  ? __pfx_kthread+0x10/0x10
[  234.395256][ T8476]  ret_from_fork_asm+0x1a/0x30
[  234.396888][ T8476]  </TASK>
[  234.398838][ T8476] Kernel Offset: disabled
[  234.400363][ T8476] Rebooting in 86400 seconds..