last executing test programs:

6.43899214s ago: executing program 2 (id=193):
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_vhci(&(0x7f0000000940)=ANY=[@ANYBLOB="041817aaaaaaaaaa108159f0e5c0780ef0b120b450683339b304"], 0x1a)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0xc0844123, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_emit_vhci(0x0, 0x7)
socket(0x36, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB], 0xf2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
syz_io_uring_setup(0x44f, &(0x7f0000000140)={0x0, 0x0, 0x10100}, 0x0, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x4000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x10000, 0x0, 0x0, 0x4000, 0x1de6b9})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000004c0)={0x48})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)

6.306903292s ago: executing program 2 (id=194):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x5}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x24, &(0x7f0000000000)=0x400, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000280)=ANY=[@ANYBLOB="f1d07eeac7cfae9712b211cf47fe49a4148045dab7fd819a67d1d6344d6d3b18d7cd90a65c7685fc0baf1e1d6f81351faae6755119675b90d4ee752661f1a546b00a5fc7fa0902f044d37496e2bddedbf5f69e7d79c4cd5ec28cf1a2117520234607197f2fae1f44032e9ad2e7feec9c1f053eb62fd7d69969555ee353f78b6b8d2c0038fb9d568350a6037535"], 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
chdir(0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x275a, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

6.072839391s ago: executing program 4 (id=195):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
r3 = eventfd2(0x0, 0x80000)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3})
io_setup(0x4, &(0x7f00000001c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
fchdir(r5)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r7, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
connect$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25)
r8 = dup(r1)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7", 0x42}], 0x1, 0x0, 0x0, 0x0)
r10 = socket(0x1f, 0x6, 0xfffffffc)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c)
r12 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})

6.029921444s ago: executing program 2 (id=196):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x4c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x4c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0xc01e}, {&(0x7f0000000200)=""/77, 0x118}, {&(0x7f00000007c0)=""/154, 0x5f0}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

5.838089626s ago: executing program 2 (id=199):
syz_emit_ethernet(0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="d9b655e027df6831bbe78d54810021008848000000002fc200327215425af7375e6af2daa476b81c992baf1392d61b997427cd213b5eeaf2c6fdffffffa52513a443a84599d5fb1a87b186be7d70ce4eb85ea1c8e5a17bd30388d64d9b3c177149bcd6496cf280b9188b0f6c976378e1d3cf1511a13c2369616be7889c0c1432b7bc66ccc6f036d359708ad8b1a38a2d0e05dee670d0e05e3555c3d0b877ba9c212e8dc52cff15"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$packet(0x11, 0x0, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00')
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @private}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2}}}}}, 0x0)
pread64(r2, &(0x7f0000000440)=""/249, 0xf9, 0x359)
prlimit64(0x0, 0x0, &(0x7f0000000380)={0x8}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

5.272918174s ago: executing program 0 (id=201):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080), 0x1001000, &(0x7f0000000500)={[{@nfs_export_off}, {@metacopy_on}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, 'GPL\x00'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@euid_lt}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_gt}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ip6_vti0\x00'}}, {@flag='posixacl'}, {@func={'func', 0x3d, 'POLICY_CHECK'}}, {@smackfshat={'smackfshat', 0x3d, ':k#\xf4-\\'}}, {@euid_lt}]})
chdir(&(0x7f0000000140)='./bus\x00')
chmod(&(0x7f0000000080)='./file1\x00', 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000280)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = fcntl$getown(0xffffffffffffffff, 0x9)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r2, 0x0, 0x41, 0x0, 0x0)
r3 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00'})
setsockopt$packet_int(r3, 0x107, 0x0, 0x0, 0x0)
socket(0x26, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES16=r1], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080))

5.272378975s ago: executing program 1 (id=202):
syz_clone3(&(0x7f0000000500)={0x200, 0x0, &(0x7f0000000180)=<r0=>0x0, &(0x7f0000000300), {0x13}, &(0x7f0000000340)=""/20, 0x14, &(0x7f0000000440)=""/156, &(0x7f00000003c0)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x6}, 0x58)
ptrace$setsig(0x4203, r0, 0x5, &(0x7f0000000580)={0xb, 0x0, 0x7b5f})
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)

5.070292393s ago: executing program 4 (id=203):
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x82)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) (fail_nth: 4)
socket$inet6_sctp(0xa, 0x0, 0x84)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x0, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
pread64(r1, &(0x7f0000000300)=""/150, 0x96, 0x0)

5.030914324s ago: executing program 2 (id=204):
socket(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a07c33fc", 0xff6d}, {&(0x7f0000000100)="3a10bd003aba0c7026336b", 0xb}], 0x2, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb8f568438917ebd0699be96bd1485f6aaa8486e00000000e301f2e09aebda6eeb1c61f96b6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b6bbdfb37747cc7411886fdba55bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc960ee263e82e3232edea82b9736d65309e0ad2922ecbb7cde9ce78555fabb941d114e83b37255d6b43b2927696e4f4cf3b23086021fe4e33d049de5318ef3803ceacddc02734c96a9765486a9bf8d65791b000000000000000000000000000000000000000009d97cea3f950d55b265e480ff02c27bda4848c64ca7dcbcd060b9c0dea483c6069d2cdc473cfacc9052cc2c9e3ee037042fd329173c5e7c9ef8800a51332df5a08602a72a553035711cb9159757303a5e7d389786df44441dc82a9d32c56db8a8b3578cd0faabfa23fb46e22b45a464e35315d8c2dd3fae8b530cf8eb0d8dcb682772bed766be5208e61eab965c6c9a217a4e13f0085626c0408f381205251c18a8f6a44"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000008c40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/33, 0x21}], 0x1}}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000000580)=""/227, 0xe3}, {&(0x7f0000000680)=""/181, 0xb5}, {&(0x7f0000001d80)=""/245, 0xf5}, {&(0x7f00000004c0)=""/106, 0x6a}, {&(0x7f0000001e80)=""/222, 0xde}, {&(0x7f0000001f80)=""/11, 0xb}], 0x6}}, {{0x0, 0x0, &(0x7f0000002340)=[{&(0x7f0000002100)=""/157, 0x9d}, {&(0x7f00000021c0)=""/163, 0xa3}, {&(0x7f0000000400)=""/138, 0x8a}], 0x3}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003400)=""/124, 0x7c}, {&(0x7f00000034c0)=""/36, 0x24}, {&(0x7f0000003500)=""/248, 0xf8}, {&(0x7f0000003600)=""/163, 0xa3}, {&(0x7f0000000a40)=""/134, 0x86}], 0x5}}, {{0x0, 0x0, &(0x7f0000004b40)=[{&(0x7f0000009ec0)=""/4101, 0xfffffffffffffd0b}, {&(0x7f0000004800)=""/146, 0x92}, {&(0x7f0000004900)=""/241, 0xf1}, {&(0x7f0000004a00)=""/183, 0xb7}, {&(0x7f0000004ac0)=""/99, 0x63}], 0x5}}, {{0x0, 0x0, &(0x7f0000006040)=[{&(0x7f0000004c80)=""/217, 0xd9}, {&(0x7f0000004d80)=""/59, 0x3b}, {&(0x7f0000005dc0)=""/96, 0x60}, {&(0x7f0000005e40)=""/238, 0xee}, {&(0x7f0000005f40)=""/9, 0x9}, {&(0x7f0000005f80)=""/137, 0x89}], 0x6}}, {{0x0, 0x0, &(0x7f0000008580)=[{&(0x7f0000000240)=""/13}, {&(0x7f0000006180)=""/131, 0x83}, {&(0x7f0000000940)=""/243, 0xf3}, {&(0x7f0000007340)=""/181, 0xb5}, {&(0x7f0000000300)=""/75, 0x4b}], 0x5}}], 0x7, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000e500010109023b000101000000360000000000000000052406000005240000000d240000000000000000090582020002000000090d030220398629c8"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000500)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01030000000000000000320000000c0042010000000000000000ab24cc4e424cfcc2d12f9d955f097b7ff0e1bf45d1e4569d845a6dbfb9bf5dbc49e1d7fcbb31808a5ed1bf2dd0993465eefa3a33aab3df377a9f7885645692ac9cd6c521108fbbf064f19bcd0300c736bf394421944982fdb7b71449c285170c37ad654eea8468d78d5c105375ead5396461a1724eb71c252ef1d4f08c48023f39194358c932ee00"/175], 0x20}}, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r8, 0x400, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xffff8001, 0x72}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xff}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0xfffff52d, 0x7, 0x0, 0x0, r4, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r9, &(0x7f0000000300), 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x38)
mkdir(0x0, 0x180)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00')
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000040)}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000280))

4.580494046s ago: executing program 0 (id=205):
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x0)
ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000001100)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a2992fd]})
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x46, 0x2}, @cond})
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250)
ioctl$EVIOCGKEY(r0, 0x80404518, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000020000402505a1a440010100000109023b000101000000090400001202060000052406000005240000000d240f01000000000000000000090582120002000000090503"], 0x0)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x3)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f0000000280))
r2 = getpgid(0xffffffffffffffff)
setpriority(0x2, r2, 0xfffffffffdfff001)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r4 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
write$binfmt_script(r4, &(0x7f00000001c0)={'#! ', './file0', [{0x20, 'Wlbl'}]}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r5)
rmdir(&(0x7f0000000200)='./file0/../file0/file0\x00')

4.414607723s ago: executing program 1 (id=207):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x5}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x24, &(0x7f0000000000)=0x400, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000280)=ANY=[@ANYBLOB="f1d07eeac7cfae9712b211cf47fe49a4148045dab7fd819a67d1d6344d6d3b18d7cd90a65c7685fc0baf1e1d6f81351faae6755119675b90d4ee752661f1a546b00a5fc7fa0902f044d37496e2bddedbf5f69e7d79c4cd5ec28cf1a2117520234607197f2fae1f44032e9ad2e7feec9c1f053eb62fd7d69969555ee353f78b6b8d2c0038fb9d568350a6037535"], 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

4.368649857s ago: executing program 3 (id=208):
sched_setscheduler(0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x40, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast}, 0x0, 0x0, @random, @void, @void}}]}, 0x40}}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x80000001}}, 0x18)
getpeername$unix(r6, &(0x7f0000000080), &(0x7f0000000000)=0x6e)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r9)
close(r8)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$rxrpc(0x21, 0x2, 0xa)
connect$pppl2tp(r9, &(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x26)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r10=>0x0})
setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
set_tid_address(&(0x7f0000000440))

4.208857612s ago: executing program 3 (id=209):
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x8000, 0x3, 0x1, 0x80000000}, {0x4, 0x0, 0x2, 0x1}, {0x400, 0x95, 0xff, 0x100}, {0x7, 0xf7, 0x8a, 0x2}, {0x7f, 0x2, 0x6, 0x5}]}) (async)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x40000, 0x20)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000000c0)={0x5000, 0x10000}) (async)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm_base(ctr-serpent-sse2,md4-generic))\x00'}, 0x58)
pipe2$watch_queue(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0xff}, 0x8) (async)
mq_timedreceive(r0, &(0x7f0000000200)=""/139, 0x8b, 0x8, 0x0)
write$binfmt_script(r0, &(0x7f00000002c0)={'#! ', './file0/file0', [{0x20, 'rfc4543(gcm_base(ctr-serpent-sse2,md4-generic))\x00'}, {}, {0x20, '+*%:'}, {0x20, '\xed'}, {0x20, 'rfc4543(gcm_base(ctr-serpent-sse2,md4-generic))\x00'}], 0xa, "3bfb08328e7214c3a9ed7b0be84918e7fbe3f3e690a46ce2c798de038d778eaeb1b6e66e9f6c0e9db67dd770ae5fc04447305a46fb59033e7c8160a085dfc3ea705a736a2b415f3bd8c0d04cb27f981385675736deb51691852721c9176533ee3f474dfd96c34b8734d0c0f111553a8db69585c78590492f294caf6a5d70f5b26b035c68a218574559363b5f3475a75b243204e14808585055f409ef38885851160062a48f44d58ec7f8fde468b5015785f6ef9dbd6d859174e04493d47cb1741f7665c0c6a28e70ab6b745480897922e2aff9eb2965b830f86c4240a5ec"}, 0x159)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x6, &(0x7f0000000440)=[{0x101, 0x6e, 0xff, 0x6}, {0x4, 0x7f, 0x3, 0x2}, {0x3, 0x3, 0x63, 0x8}, {0x800, 0x65, 0x7b, 0x4}, {0x2, 0x9, 0x1, 0x800}, {0x0, 0x6, 0xd, 0xbd}]}) (async)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000004c0)={0x0, 0x3, 0x10, 0x9, 0x7, 0x5}, &(0x7f0000000500)=0x14)
write$UHID_CREATE2(r0, &(0x7f0000000540)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x9, 0x3, 0x2, 0x2, 0x8001, 0x6, "f7068cffe89f696a37"}}, 0x121) (async)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
ioctl$FICLONE(r0, 0x40049409, r1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000680)={0xfff, <r3=>r2, 0x1})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000780)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {<r5=>0xee00, 0xee01}}, './file0/file0\x00'})
mount$9p_unix(&(0x7f00000006c0)='./file0/file0\x00', &(0x7f0000000700)='./file0/file0\x00', &(0x7f0000000740), 0x2000800, &(0x7f00000007c0)={'trans=unix,', {[{@dfltgid}, {@aname={'aname', 0x3d, '\'\x9d'}}, {@version_L}, {@debug={'debug', 0x3d, 0xfffffffffffffffa}}, {@cache_none}, {@debug={'debug', 0x3d, 0x3}}, {@access_user}, {@dfltuid={'dfltuid', 0x3d, r5}}], [{@seclabel}]}}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000880)={{0x2, 0x4e20, @empty}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x35}}, 'veth0_to_batadv\x00'}) (async)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000900)={0x8, 0x9a, 0xd6, 0x8, 0x80, 0x9, 0x8d, 0x6, 0xff, 0xdc, 0x0, 0x2, 0xc3}, 0xe) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000940), 0x2840, 0x0) (async)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000980)=<r7=>0x0)
quotactl_fd$Q_GETQUOTA(r6, 0xffffffff80000700, r7, &(0x7f00000009c0)) (async)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000000a40)) (async)
ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f0000000a80)) (async)
accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000ac0), 0x80000)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000b00)=[@in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e23, 0xec, @mcast2, 0x8001}, @in={0x2, 0x4e24, @empty}, @in6={0xa, 0x4e23, 0xe64c, @local, 0x401}, @in6={0xa, 0x4e24, 0x5, @local, 0x101}, @in6={0xa, 0x4e22, 0x2, @private2}], 0x90)
getsockname$packet(r2, &(0x7f0000000bc0)={0x11, 0x0, <r8=>0x0}, &(0x7f0000000c00)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000cc0)={'ip6gre0\x00', &(0x7f0000000c40)={'ip6tnl0\x00', r8, 0x2f, 0x9, 0xfb, 0x5, 0x11, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, 0x40, 0x7810, 0x6, 0x800}})

4.162817374s ago: executing program 4 (id=210):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@private, @in6=@remote}, {@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}, @mark={0xc}]}, 0x154}}, 0x0)
prctl$PR_SET_THP_DISABLE(0x41, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000380)={0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14d27c, 0x1a6)
fallocate(r2, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x16c})
read(r3, &(0x7f0000000140)=""/237, 0xed)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
close(r3)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32, @ANYBLOB="a9418aab7463eb923f536a7c261c6c67d09c2ab00cc5b1329334f78b66bb6cd8b683ba7a475ebbbe36f8b2a43fd4d78b6722"], 0x1c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000000340)=<r5=>0x0)
sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000000c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x4c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f00000013c0)=ANY=[@ANYBLOB="b4000000000000007910480000000000c6000000000000009500000c000000008f39cb215da0d8f19147aa257ff41433a0b519c3fb8ec1cad914e19a4e01c2442415b20a3c70c5bc99e107e8e4c8904828b187218b9bc6d3912c48a40ed51ad3106c15caaadcdb940f96a816f25db1e06dd6290a396f89160b03d1102902f977e9131ac5664ac13809bcea4eb3c2f6d7236c96e507e11125eb65e2e9305b"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x9}, 0x10}, 0x90)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080), 0x200000, 0x4)
ftruncate(r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

4.106617645s ago: executing program 3 (id=211):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
chdir(0x0)
r1 = socket(0x11, 0xa, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000a80)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
sendmsg$can_bcm(r1, &(0x7f0000000140)={&(0x7f0000000040), 0x10, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x44}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r4}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0}, 0x20)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000ff020002000200000800040001000000", 0x24)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_STREAMON(r6, 0x40045612, &(0x7f0000000040)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.510541134s ago: executing program 1 (id=212):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000100000000000000000071122500000000009502d709"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000300))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d0000000000291dec98850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="02c82041003d0001000e01030000001f02090400090009001001040000000c000642040004008eff071104007500ffb00e3f03000000000e090300feffa30f08040000021f00"], 0x46)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)

2.409199707s ago: executing program 4 (id=213):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
r3 = eventfd2(0x0, 0x80000)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3})
io_setup(0x4, &(0x7f00000001c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
fchdir(r5)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r7, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
connect$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25)
r8 = dup(r1)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7", 0x42}], 0x1, 0x0, 0x0, 0x0)
r10 = socket(0x1f, 0x6, 0xfffffffc)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c)
r12 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})

2.360715737s ago: executing program 1 (id=214):
syz_emit_ethernet(0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="d9b655e027df6831bbe78d54810021008848000000002fc200327215425af7375e6af2daa476b81c992baf1392d61b997427cd213b5eeaf2c6fdffffffa52513a443a84599d5fb1a87b186be7d70ce4eb85ea1c8e5a17bd30388d64d9b3c177149bcd6496cf280b9188b0f6c976378e1d3cf1511a13c2369616be7889c0c1432b7bc66ccc6f036d359708ad8b1a38a2d0e05dee670d0e05e3555c3d0b877ba9c212e8dc52cff15"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$packet(0x11, 0x0, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00')
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @private}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2}}}}}, 0x0)
pread64(r2, &(0x7f0000000440)=""/249, 0xf9, 0x359)
prlimit64(0x0, 0x0, &(0x7f0000000380)={0x8}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet_udplite(0x2, 0x2, 0x88)

2.344658799s ago: executing program 3 (id=215):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f0000002140)=""/62, 0x3e}], 0x1, 0x0, 0x0, 0x0)

2.263612359s ago: executing program 0 (id=216):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00')
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
r2 = gettid()
waitid(0x2, r2, &(0x7f0000000400), 0x1, &(0x7f0000000480))
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10)
process_vm_writev(r2, &(0x7f0000000040)=[{&(0x7f0000002140)=""/62, 0x3e}, {&(0x7f0000000000)=""/28, 0x1c}, {&(0x7f0000000200)=""/196, 0xc4}, {&(0x7f0000000300)=""/199, 0xc7}], 0x4, &(0x7f0000002640)=[{&(0x7f0000002600)=""/13, 0xd}], 0x1, 0x0)
lseek(r1, 0x4, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8)
r3 = gettid()
tkill(r3, 0x12)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[], 0xb0)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
connect$pppl2tp(r4, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
writev(r4, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f0000000300)={&(0x7f0000000100), 0x8})

2.208707095s ago: executing program 3 (id=217):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r3}, &(0x7f0000001c00), &(0x7f0000001c40)=r4}, 0x20)
r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r6 = dup2(r5, r5)
getpeername$packet(r6, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000680)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000740)={'ip6_vti0\x00', &(0x7f00000006c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x7, 0x1f, 0x7, 0x20, @remote, @empty, 0x10, 0x8, 0x10000, 0x7}})
getsockopt$inet_mreqn(r6, 0x0, 0x24, &(0x7f0000000780)={@local, @broadcast}, &(0x7f0000000880)=0xc)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000940)={'ip6gre0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x0, 0x81, 0x2, 0x8, @mcast2, @mcast2, 0x1db97a77fdedc305, 0x8, 0xffffffe1, 0x1ff}})
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000000140)={'wg2\x00', <r9=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)={0x34, r7, 0x1, 0x0, 0x0, {0x1a}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x34}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r10, 0x8008f512, &(0x7f00000001c0))
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{}, [@TCA_NETEM_CORR={0x10}, @TCA_NETEM_REORDER={0xc}]}}}]}, 0x68}}, 0x0)
read$FUSE(r6, 0x0, 0x0)
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0}, 0x2}, 0x0)

2.01879708s ago: executing program 1 (id=218):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r0, 0x300}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0}, 0x38)

1.990048458s ago: executing program 0 (id=219):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080), 0x1001000, &(0x7f0000000500)={[{@nfs_export_off}, {@metacopy_on}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, 'GPL\x00'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@euid_lt}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_gt}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ip6_vti0\x00'}}, {@flag='posixacl'}, {@func={'func', 0x3d, 'POLICY_CHECK'}}, {@smackfshat={'smackfshat', 0x3d, ':k#\xf4-\\'}}, {@euid_lt}]})
chdir(&(0x7f0000000140)='./bus\x00')
chmod(&(0x7f0000000080)='./file1\x00', 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000280)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = fcntl$getown(0xffffffffffffffff, 0x9)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r2, 0x0, 0x41, 0x0, 0x0)
r3 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00'})
setsockopt$packet_int(r3, 0x107, 0x0, 0x0, 0x0)
socket(0x26, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES16=r1], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000001c0)=0xe)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080))

1.958662816s ago: executing program 4 (id=220):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r1 = io_uring_setup(0x2e34, &(0x7f0000000180))
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r2, 0x0)
r3 = dup(r2)
accept$alg(r3, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000003c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000180)=0x10)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x25, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r5, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x7}, 0x8)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r10=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r8, 0x84, 0x1, &(0x7f0000000040)={r10, 0xfff}, 0x14)
sendmmsg$inet_sctp(r4, &(0x7f0000002680)=[{&(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000480)=[{&(0x7f00000006c0)="aae44dbf80a78cd16a64c5f8b54409c08188bea37d9e6daf642c2b57b6e71c26eb061e87ab8fb4c69b519311855ea2d96aba6e24f6fbbbe65ea18fec6f1ce02e5aa81df49c05774f758e0c940bf06ac03f3380b7052d23909ca53b07db16f256b65c32e75822440213caa3b13f412be8a60cb61f6fccb36e6ff05fc7367498d5cdf567f3", 0x84}, {&(0x7f0000000300)="7ee4337f594674a449d4a3c59e000c31c38de5da62cf5a72ce7e5791571670faff8ee890b79383e2cd7392be732827d4bd524214e112fa1ac249b3a98113984e8133fbb57debfd6303286c", 0x4b}, {&(0x7f0000000a80)="421676ba0b95420248a3c1a122e66a8b03a00d44c33382be514930f49c486d1e69b736ff5deff6a04bb83882b4fdc825f86cecf5c263510c45345283c665ebc2d77c558af9bfeb49345a5abbaaeb48638cd0233c288e0d384a346618033afaec73373fa2e49825005ab56c5ae3ed296e6b5417c70dafc09521a05cd046d53745a7d98629e433c25c9af35eb0f1cf66e8d197", 0x92}], 0x3, &(0x7f0000002780)=ANY=[@ANYBLOB="1800000000000000840000000000000007000200ff7f050018000000000000008400000005000000000000000500000018000000000000008400000005000000300000000008000018000000000000008400000000000000020003006502040018000000000000008400000000000000a9000000060020003000000000f8ffff83000000010000001f7fae00048000000500000001800000010001000000000007000000a3be9258abd8134667bf", @ANYRES32], 0xa8, 0x4844}, {&(0x7f0000000580)=@in6={0xa, 0x4e23, 0x619, @empty, 0x2}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000880)="c7226a1e86558ddc9c73937fad724584c92ef3b1762b8cc025d247d4aa7e591668016c7540290794fbc81cdc907322aaf2f7a8b190c0e2e6357c9ab637fc11a487fa5fca088ff9dc3d86944ea64f62c96ec0dca5e01a", 0x56}, {&(0x7f0000000d00)="ffd9763f496a355816727d40b5a64a704a99acf7c58dd52b0b23c58a977b2c05a3b5678651463418e64374e3b3e24514a91f06b2979b5e0e1269dcceaebc896069ecef9b52e47065", 0x48}, {&(0x7f0000000dc0)}], 0x3, &(0x7f0000000e80)=ANY=[@ANYBLOB="3000000000000000840000000100000001001f00000000003f00000007000000f8ffffff00000000020000", @ANYRES32=0x0, @ANYBLOB="2000000000f92c22b7210a4b590000000000000000000000000000c3000000000118000000000000008400000097414a7b38c23ad9104f2c"], 0x68, 0x4040841}, {&(0x7f0000000940)=@in={0x2, 0x4e24, @private=0xa010100}, 0x10, &(0x7f0000000f00)=[{&(0x7f0000001fc0)="237f0898aeb3107f2d7b5aca0a199e6dddc1bd0fe8673e1dccd851c5ac6acbe4003b30f9bd9e3d763d48fb520fd7bdeaae8fe3c1949f0c0338292472d2077cfe157995963a5338446f087694ecd60e56f157aa3d2127b03da96c27c7f5f58757c300b6dea4a3c173c96a374674ba7aa2ed596d43cc9e07df3ab15b6691e692514a3d3833a77e859c2ca1df1e78d8e5079253ea839f3be35a68395aabc6e537191b8271049bbc4a90e7aa21a1723e9369b9f176ce5f60e6e7b1f1f51b220ff8b288808c8d4262f6bcf94f1174890dc654d5b2995fde552719f7daaac5b9f535001d", 0xe1}, {&(0x7f00000020c0)="29d4887b55bd240cdfe78edadeb2fe0057c882f1b949fea6ea0044e38b947c61475cf2b1c62104d7935f19733308f06eebc6f442ae9259619e0fe7398717216d6bb54e1c7b84a5ad456bf2804f7527a4a411a94ab16d9a3dac14e7b8dd8b30bfa8421bfb9291ad328cacedde93a04eb1383a8f717897b30b27448f6dd717640a998cee4f4f8db743afd4f57ef51296811d5f437bde2d5d87f3af68326db877ddf844079727fb545a94be1194f38487bcdd006838ab56dbc4a5fb7b832ccc4e4c5350f067d7d2e858a873adb2df4f8c3cfd56e2c7f5", 0xd5}, {&(0x7f00000021c0)="f5a286e621c028f05069cdf89358dea6d77320419d96c62f2ec48c29fb51b7c1b3c7ea11a36ead2517ff1b35eb7a0a97e57950f63962a6aa1602b2233c8386adab3827a8ea61d83bd0d218c40828a20400b5eba767e5154f35d2305c73901482c1d6d498f85e4a37e6acb2b117100343ae7a7bdd08e0d530bf23d58b5a817608bb205c658e105e9c39fd6549b9bcecd261be25c6b26d2f95274d71d7a9bb27a15263ae7bb8f6b9260c541f5ad680c4d97f6d5eb09a16c251790b7c044740c04c6e266110bc270e891ac1101545d84022eac89bb3516cdbd60a7073038e9ad4ff99de4d30ca70b2952e30dfbecaac312c38f229", 0xf3}], 0x3, &(0x7f00000022c0)=ANY=[@ANYBLOB="1800000000000000840000000000000004000800ff01000030000000000000008400000001000000010009000282000001ffffff75000000020000004b00000000004000", @ANYRES32=r10, @ANYRES32=0x0], 0xb0, 0x40050}, {&(0x7f0000000f40)=@in6={0xa, 0x4e23, 0x80000001, @empty, 0x3f}, 0x1c, &(0x7f0000000f80)=[{&(0x7f0000002380)="2d24486036688479812a54db62cfc7a185e650e5b91c82bcafbff373a1864ae404bb6a90fde8cbface77b6b423d31ee07c26e5c3223b143ddaf65a70aed99e542646e41396bc6680a8d7b533fba83d5166d04b801a1f04dde264a6132e89cc8c32fed4e846ea2466a11d57d460fce2cc8d1ad69572c93bfccb1bb6fd2b", 0x7d}, {&(0x7f0000002400)}, {0x0}, {&(0x7f0000002540)="7fc6ca1cc64a242bfda84b1688d6d077f481ccdb4956b94f72cc1ca5cdd7e2ba731fbf5623b90f083628dbcdc5351eb43e989dbca1d5d782e3490be6e3fa54b4e2d2bbf70799c9c25516daf7bd9cf9509c9967185ecd1628ce1916e79bd46fe801c640c49d1317592d9367dce85809ad4c", 0x71}], 0x4, &(0x7f0000002640)=ANY=[@ANYBLOB="180000000000000084000000000000004a1babfb7f09080018000000000098fc000020306473000002"], 0x30, 0x80}], 0x4, 0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00'})

1.785023701s ago: executing program 1 (id=221):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000022000000000000000000000f01"], 0x0, 0x26}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x5000})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e20, @local}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x9c)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.717816332s ago: executing program 0 (id=222):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x5}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x24, &(0x7f0000000000)=0x400, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000280)=ANY=[@ANYBLOB="f1d07eeac7cfae9712b211cf47fe49a4148045dab7fd819a67d1d6344d6d3b18d7cd90a65c7685fc0baf1e1d6f81351faae6755119675b90d4ee752661f1a546b00a5fc7fa0902f044d37496e2bddedbf5f69e7d79c4cd5ec28cf1a2117520234607197f2fae1f44032e9ad2e7feec9c1f053eb62fd7d69969555ee353f78b6b8d2c0038fb9d568350a6037535"], 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

1.713816738s ago: executing program 4 (id=223):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@private, @in6=@remote}, {@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}, @mark={0xc}]}, 0x154}}, 0x0)
prctl$PR_SET_THP_DISABLE(0x41, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000380)={0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14d27c, 0x1a6)
fallocate(r2, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x16c})
read(r3, &(0x7f0000000140)=""/237, 0xed)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
close(r3)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32, @ANYBLOB="a9418aab7463eb923f536a7c261c6c67d09c2ab00cc5b1329334f78b66bb6cd8b683ba7a475ebbbe36f8b2a43fd4d78b6722"], 0x1c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000000340)=<r5=>0x0)
sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000000c0), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x4c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f00000013c0)=ANY=[@ANYBLOB="b4000000000000007910480000000000c6000000000000009500000c000000008f39cb215da0d8f19147aa257ff41433a0b519c3fb8ec1cad914e19a4e01c2442415b20a3c70c5bc99e107e8e4c8904828b187218b9bc6d3912c48a40ed51ad3106c15caaadcdb940f96a816f25db1e06dd6290a396f89160b03d1102902f977e9131ac5664ac13809bcea4eb3c2f6d7236c96e507e11125eb65e2e9305b"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x9}, 0x10}, 0x90)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080), 0x200000, 0x4)
ftruncate(r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.312590902s ago: executing program 3 (id=224):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x4048b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x38}}, 0x0)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r7=>0x0})
read$alg(r4, &(0x7f0000000340)=""/40, 0x28)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r8, @ANYBLOB="010065bd7000fcdbdf254f00000008000300", @ANYRES32=r7, @ANYBLOB="48007a8014000100c396d979a8f802a09c5d7bfaeb3575f21c0002002c8b2ddcc0a3a020196b852ff1e5776edd2fed6a243a33220c000300b38b3e2d8514cc07080004000500000030007a800800040007000000240001006b367eca9776d5c92ac3b99cce28c8dbdebd62217f9c5f46d4b1a11c682b40d61c007a800c000300e028aa46e44ee6830c0003009cf7debf7cdf5a207c007a80080004003465e91c0c0003004a159160a275d9fa08000400ff0f00000800040007000000140001"], 0x12c}}, 0x0)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000540)={0xf0, r5, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0xfffd}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x8a63}, @NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}]}, @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x10}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0xdc}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x2}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x81}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xf}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xe2}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x81}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2d}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3c}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x4}}, @NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x5}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xbe}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x70}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xfffffffffffffffd}, @NL80211_MESHCONF_AUTO_OPEN_PLINKS={0x5, 0x7, 0x8}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x2b}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7c, 0x46}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xfffffff7, 0x69}}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x2}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x14}, 0x20000000)
sendmsg$inet(r0, &(0x7f0000000640)={&(0x7f0000000440)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000500)=[{&(0x7f00000004c0)="9e01", 0x2}], 0x1, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @local}}}], 0x20}, 0x0)

1.232073427s ago: executing program 2 (id=225):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000100000000000000000071122500000000009502d709"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000300))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d0000000000291dec98850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="02c82041003d0001000e01030000001f02090400090009001001040000000c000642040004008eff071104007500ffb00e3f03000000000e090300feffa30f08040000021f00"], 0x46)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)

0s ago: executing program 0 (id=226):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0x2000011a)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80), 0x200000, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r1, 0xc0045401, &(0x7f0000000ac0)=0xea)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec8500000000000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={@ifindex, r4, 0x3, 0x2009, 0xffffffffffffffff, @prog_fd=r4}, 0x20)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts.
[   53.128601][ T5068] cgroup: Unknown subsys name 'net'
[   53.293616][ T5068] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   54.772527][ T5068] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   58.533182][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   58.541495][ T5081] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   58.550121][ T5081] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   58.557111][ T5085] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   58.565088][ T5085] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   58.572741][ T5081] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   58.573417][ T5085] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   58.590855][ T5085] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   58.617349][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   58.624592][ T5097] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   58.627396][ T5090] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   58.639777][ T5097] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   58.641612][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   58.647700][ T5097] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   58.661991][ T5097] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   58.662764][ T5090] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   58.670128][ T5097] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   58.678993][ T5098] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   58.685456][ T5097] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   58.691112][ T5090] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   58.698434][ T5097] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   58.706225][ T5090] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   58.712174][ T5097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   58.725442][ T5097] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   58.732270][ T5090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   58.732995][ T5097] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   58.739859][ T5090] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   58.746651][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.753896][ T5090] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   58.774731][ T5092] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   59.336551][ T5084] chnl_net:caif_netlink_parms(): no params data found
[   59.375364][ T5077] chnl_net:caif_netlink_parms(): no params data found
[   59.401820][ T5079] chnl_net:caif_netlink_parms(): no params data found
[   59.461356][ T5082] chnl_net:caif_netlink_parms(): no params data found
[   59.520324][ T5086] chnl_net:caif_netlink_parms(): no params data found
[   59.663496][ T5084] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.671772][ T5084] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.679921][ T5084] bridge_slave_0: entered allmulticast mode
[   59.687513][ T5084] bridge_slave_0: entered promiscuous mode
[   59.695472][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.702659][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.710026][ T5077] bridge_slave_0: entered allmulticast mode
[   59.716771][ T5077] bridge_slave_0: entered promiscuous mode
[   59.747325][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.754491][ T5084] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.761856][ T5084] bridge_slave_1: entered allmulticast mode
[   59.769288][ T5084] bridge_slave_1: entered promiscuous mode
[   59.776676][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.783787][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.791010][ T5077] bridge_slave_1: entered allmulticast mode
[   59.797965][ T5077] bridge_slave_1: entered promiscuous mode
[   59.881393][ T5079] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.888810][ T5079] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.896466][ T5079] bridge_slave_0: entered allmulticast mode
[   59.903228][ T5079] bridge_slave_0: entered promiscuous mode
[   59.911802][ T5079] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.919352][ T5079] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.930321][ T5079] bridge_slave_1: entered allmulticast mode
[   59.937236][ T5079] bridge_slave_1: entered promiscuous mode
[   59.955304][ T5086] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.962490][ T5086] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.969860][ T5086] bridge_slave_0: entered allmulticast mode
[   59.976684][ T5086] bridge_slave_0: entered promiscuous mode
[   60.015359][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.022742][ T5082] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.029976][ T5082] bridge_slave_0: entered allmulticast mode
[   60.037745][ T5082] bridge_slave_0: entered promiscuous mode
[   60.055608][ T5086] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.063475][ T5086] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.073763][ T5086] bridge_slave_1: entered allmulticast mode
[   60.080898][ T5086] bridge_slave_1: entered promiscuous mode
[   60.101631][ T5084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.114574][ T5084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.127701][ T5077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.137291][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.144407][ T5082] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.151831][ T5082] bridge_slave_1: entered allmulticast mode
[   60.158975][ T5082] bridge_slave_1: entered promiscuous mode
[   60.177859][ T5079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.190591][ T5079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.222064][ T5077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.255431][ T5086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.291158][ T5082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.311714][ T5086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.324125][ T5084] team0: Port device team_slave_0 added
[   60.343559][ T5082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.355338][ T5079] team0: Port device team_slave_0 added
[   60.367355][ T5079] team0: Port device team_slave_1 added
[   60.384818][ T5084] team0: Port device team_slave_1 added
[   60.406600][ T5077] team0: Port device team_slave_0 added
[   60.457974][ T5086] team0: Port device team_slave_0 added
[   60.476487][ T5077] team0: Port device team_slave_1 added
[   60.502169][ T5079] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.509359][ T5079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.535902][ T5079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.551247][ T5086] team0: Port device team_slave_1 added
[   60.570346][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.577433][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.604358][ T5084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.630018][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.637236][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.663192][ T5077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.679114][ T5082] team0: Port device team_slave_0 added
[   60.685669][ T5079] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.692909][ T5079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.718896][ T5079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.742493][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.749725][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.775682][ T5084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.793534][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.796819][ T5100] Bluetooth: hci1: command tx timeout
[   60.800670][ T5099] Bluetooth: hci0: command tx timeout
[   60.806110][ T5081] Bluetooth: hci2: command tx timeout
[   60.811810][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.843554][ T5077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.856619][ T5082] team0: Port device team_slave_1 added
[   60.868351][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.875305][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.901403][ T5081] Bluetooth: hci4: command tx timeout
[   60.906997][ T5100] Bluetooth: hci3: command tx timeout
[   60.907333][ T5086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.926604][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.933551][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.959773][ T5086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.044470][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.051709][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.078001][ T5082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.091019][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.098043][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.124071][ T5082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.149872][ T5084] hsr_slave_0: entered promiscuous mode
[   61.156891][ T5084] hsr_slave_1: entered promiscuous mode
[   61.193228][ T5077] hsr_slave_0: entered promiscuous mode
[   61.199899][ T5077] hsr_slave_1: entered promiscuous mode
[   61.206916][ T5077] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.214740][ T5077] Cannot create hsr debugfs directory
[   61.254877][ T5086] hsr_slave_0: entered promiscuous mode
[   61.261573][ T5086] hsr_slave_1: entered promiscuous mode
[   61.268115][ T5086] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.275667][ T5086] Cannot create hsr debugfs directory
[   61.302051][ T5079] hsr_slave_0: entered promiscuous mode
[   61.308751][ T5079] hsr_slave_1: entered promiscuous mode
[   61.314971][ T5079] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.322829][ T5079] Cannot create hsr debugfs directory
[   61.390734][ T5082] hsr_slave_0: entered promiscuous mode
[   61.400017][ T5082] hsr_slave_1: entered promiscuous mode
[   61.406289][ T5082] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.413835][ T5082] Cannot create hsr debugfs directory
[   61.857021][ T5086] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   61.872561][ T5086] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.883001][ T5086] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.896251][ T5086] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   61.957850][ T5077] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.970941][ T5077] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.981915][ T5077] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.992549][ T5077] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.068556][ T5082] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.080816][ T5082] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.093356][ T5082] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.111271][ T5082] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.181108][ T5084] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.202603][ T5084] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.214270][ T5084] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.240600][ T5084] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.339388][ T5079] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   62.353956][ T5086] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.368630][ T5079] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   62.381541][ T5079] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   62.392895][ T5079] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   62.455158][ T5086] 8021q: adding VLAN 0 to HW filter on device team0
[   62.494691][ T5077] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.571280][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.578677][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.607753][ T5135] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.614961][ T5135] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.652932][ T5077] 8021q: adding VLAN 0 to HW filter on device team0
[   62.664696][ T5082] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.684406][ T5082] 8021q: adding VLAN 0 to HW filter on device team0
[   62.694508][ T5084] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.738304][ T5086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.750423][ T5086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.775005][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.782166][ T5089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.795084][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.802186][ T5089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.831358][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.838511][ T5089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.854402][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.861524][ T5089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.876019][ T5081] Bluetooth: hci1: command tx timeout
[   62.881442][ T5081] Bluetooth: hci2: command tx timeout
[   62.887096][ T5100] Bluetooth: hci0: command tx timeout
[   62.910991][ T5084] 8021q: adding VLAN 0 to HW filter on device team0
[   62.956774][ T5081] Bluetooth: hci4: command tx timeout
[   62.962245][ T5081] Bluetooth: hci3: command tx timeout
[   63.004508][ T5135] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.011685][ T5135] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.028005][ T5135] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.035138][ T5135] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.109416][ T5082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.200720][ T5077] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.225126][ T5079] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.251807][ T5086] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.313830][ T5079] 8021q: adding VLAN 0 to HW filter on device team0
[   63.380589][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.387815][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.435754][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.442898][ T5089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.532179][ T5082] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.590076][ T5086] veth0_vlan: entered promiscuous mode
[   63.639917][ T5077] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.688276][ T5086] veth1_vlan: entered promiscuous mode
[   63.703655][ T5084] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.838581][ T5086] veth0_macvtap: entered promiscuous mode
[   63.883656][ T5082] veth0_vlan: entered promiscuous mode
[   63.905034][ T5079] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.915128][ T5084] veth0_vlan: entered promiscuous mode
[   63.936920][ T5086] veth1_macvtap: entered promiscuous mode
[   63.956988][ T5077] veth0_vlan: entered promiscuous mode
[   63.978889][ T5082] veth1_vlan: entered promiscuous mode
[   63.992686][ T5077] veth1_vlan: entered promiscuous mode
[   64.005286][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.015352][ T5084] veth1_vlan: entered promiscuous mode
[   64.050122][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.104079][ T5086] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.121377][ T5086] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.134306][ T5086] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.143477][ T5086] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.205367][ T5082] veth0_macvtap: entered promiscuous mode
[   64.234274][ T5082] veth1_macvtap: entered promiscuous mode
[   64.257325][ T5077] veth0_macvtap: entered promiscuous mode
[   64.267239][ T5084] veth0_macvtap: entered promiscuous mode
[   64.301182][ T5077] veth1_macvtap: entered promiscuous mode
[   64.331304][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.343290][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.354732][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.370036][ T5084] veth1_macvtap: entered promiscuous mode
[   64.397150][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.408186][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.420004][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.453071][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.463800][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.474244][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.485122][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.496856][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.511507][ T5082] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.520796][ T5082] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.530725][ T5082] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.539652][ T5082] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.551296][ T5079] veth0_vlan: entered promiscuous mode
[   64.573006][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.574233][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.584867][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.602027][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.613003][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.623846][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.642615][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.655275][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.668303][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.678477][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.689152][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.699735][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.710262][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.724372][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.753195][ T5077] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.762253][ T5077] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.771568][ T5077] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.783675][ T5077] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.794565][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.805859][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.815659][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.827014][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.837219][ T5084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.847713][ T5084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.859415][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.873215][ T5084] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.884059][ T5084] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.893189][ T5084] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.902179][ T5084] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.932269][ T5079] veth1_vlan: entered promiscuous mode
[   64.956289][ T5081] Bluetooth: hci2: command tx timeout
[   64.961711][ T5081] Bluetooth: hci0: command tx timeout
[   64.967459][ T5100] Bluetooth: hci1: command tx timeout
[   64.985662][ T2407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.994575][ T2407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.036363][ T5100] Bluetooth: hci4: command tx timeout
[   65.041847][ T5081] Bluetooth: hci3: command tx timeout
[   65.096867][ T5079] veth0_macvtap: entered promiscuous mode
[   65.147599][ T5079] veth1_macvtap: entered promiscuous mode
[   65.183958][ T2486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.205155][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.220831][ T2486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.234450][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.250500][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.261237][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.271369][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.285249][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.301368][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.312404][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.324483][ T5079] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.340995][ T2407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.344551][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.360583][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.364722][ T2407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.371471][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.389153][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.399338][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.410025][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.420987][ T5079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.431560][ T5079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.442683][ T5079] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.514872][ T5079] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.536386][ T5079] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.545111][ T5079] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.554055][ T5079] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.589329][ T2486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.633549][ T2450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.635191][ T2486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.650534][ T2450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.752981][ T2450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.772843][ T2407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.789811][ T2450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.795277][ T2407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.873612][ T2407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.898773][ T2407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.036846][ T5174] FAULT_INJECTION: forcing a failure.
[   66.036846][ T5174] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   66.050606][ T5173] Zero length message leads to an empty skb
[   66.066682][ T5174] CPU: 1 PID: 5174 Comm: syz.3.7 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   66.076496][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   66.086552][ T5174] Call Trace:
[   66.089817][ T5174]  <TASK>
[   66.092729][ T5174]  dump_stack_lvl+0x241/0x360
[   66.097407][ T5174]  ? __pfx_dump_stack_lvl+0x10/0x10
[   66.102589][ T5174]  ? __pfx__printk+0x10/0x10
[   66.107164][ T5174]  ? __pfx_lock_release+0x10/0x10
[   66.112170][ T5174]  should_fail_ex+0x3b0/0x4e0
[   66.116834][ T5174]  _copy_from_iter+0x1f6/0x1960
[   66.121661][ T5174]  ? __virt_addr_valid+0x183/0x530
[   66.126758][ T5174]  ? __pfx_lock_release+0x10/0x10
[   66.131771][ T5174]  ? __alloc_skb+0x28f/0x440
[   66.136347][ T5174]  ? __pfx__copy_from_iter+0x10/0x10
[   66.141615][ T5174]  ? __virt_addr_valid+0x183/0x530
[   66.146708][ T5174]  ? __virt_addr_valid+0x183/0x530
[   66.151799][ T5174]  ? __virt_addr_valid+0x45f/0x530
[   66.156894][ T5174]  ? __check_object_size+0x49c/0x900
[   66.162163][ T5174]  netlink_sendmsg+0x743/0xcb0
[   66.166936][ T5174]  ? __pfx_netlink_sendmsg+0x10/0x10
[   66.172201][ T5174]  ? __import_iovec+0x536/0x820
[   66.177036][ T5174]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   66.182313][ T5174]  ? security_socket_sendmsg+0x87/0xb0
[   66.187755][ T5174]  ? __pfx_netlink_sendmsg+0x10/0x10
[   66.193021][ T5174]  __sock_sendmsg+0x221/0x270
[   66.197680][ T5174]  ____sys_sendmsg+0x525/0x7d0
[   66.202429][ T5174]  ? __pfx_____sys_sendmsg+0x10/0x10
[   66.207706][ T5174]  __sys_sendmsg+0x2b0/0x3a0
[   66.212279][ T5174]  ? __pfx___sys_sendmsg+0x10/0x10
[   66.217371][ T5174]  ? vfs_write+0x7c4/0xc90
[   66.221791][ T5174]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   66.228101][ T5174]  ? do_syscall_64+0x100/0x230
[   66.232866][ T5174]  ? do_syscall_64+0xb6/0x230
[   66.237552][ T5174]  do_syscall_64+0xf3/0x230
[   66.242041][ T5174]  ? clear_bhb_loop+0x35/0x90
[   66.246699][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.252583][ T5174] RIP: 0033:0x7fad90375bd9
[   66.256992][ T5174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.276578][ T5174] RSP: 002b:00007fad91126048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.284975][ T5174] RAX: ffffffffffffffda RBX: 00007fad90503f60 RCX: 00007fad90375bd9
[   66.292928][ T5174] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   66.300881][ T5174] RBP: 00007fad911260a0 R08: 0000000000000000 R09: 0000000000000000
[   66.308834][ T5174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.316786][ T5174] R13: 000000000000000b R14: 00007fad90503f60 R15: 00007ffed6d95d88
[   66.324766][ T5174]  </TASK>
[   66.354116][ T2486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.376824][ T2486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.651680][ T5179] IPv4: Oversized IP packet from 127.202.26.0
[   66.791649][ T5187] capability: warning: `syz.4.5' uses deprecated v2 capabilities in a way that may be insecure
[   66.859833][ T5187] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   67.037018][ T5100] Bluetooth: hci1: command tx timeout
[   67.037743][ T5099] Bluetooth: hci2: command tx timeout
[   67.042613][ T5081] Bluetooth: hci0: command tx timeout
[   67.116202][ T5081] Bluetooth: hci3: command tx timeout
[   67.116236][ T5099] Bluetooth: hci4: command tx timeout
[   67.258645][ T5199] FAULT_INJECTION: forcing a failure.
[   67.258645][ T5199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.305875][ T5199] CPU: 1 PID: 5199 Comm: syz.0.14 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   67.315807][ T5199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   67.325870][ T5199] Call Trace:
[   67.329155][ T5199]  <TASK>
[   67.332091][ T5199]  dump_stack_lvl+0x241/0x360
[   67.336791][ T5199]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.342007][ T5199]  ? __pfx__printk+0x10/0x10
[   67.346630][ T5199]  ? snprintf+0xda/0x120
[   67.350895][ T5199]  should_fail_ex+0x3b0/0x4e0
[   67.355595][ T5199]  _copy_to_user+0x2f/0xb0
[   67.360034][ T5199]  simple_read_from_buffer+0xca/0x150
[   67.365434][ T5199]  proc_fail_nth_read+0x1e9/0x250
[   67.370475][ T5199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   67.376038][ T5199]  ? rw_verify_area+0x520/0x6b0
[   67.380907][ T5199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   67.386476][ T5199]  vfs_read+0x204/0xbc0
[   67.390653][ T5199]  ? __pfx_lock_release+0x10/0x10
[   67.395694][ T5199]  ? __pfx_vfs_read+0x10/0x10
[   67.400391][ T5199]  ? __fget_files+0x29/0x470
[   67.404996][ T5199]  ? __fget_files+0x3f6/0x470
[   67.409698][ T5199]  ksys_read+0x1a0/0x2c0
[   67.413965][ T5199]  ? __pfx_ksys_read+0x10/0x10
[   67.418749][ T5199]  ? do_syscall_64+0x100/0x230
[   67.423533][ T5199]  ? do_syscall_64+0xb6/0x230
[   67.428230][ T5199]  do_syscall_64+0xf3/0x230
[   67.432750][ T5199]  ? clear_bhb_loop+0x35/0x90
[   67.437444][ T5199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.443358][ T5199] RIP: 0033:0x7f4b68f746bc
[   67.447785][ T5199] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[   67.467404][ T5199] RSP: 002b:00007f4b69d11040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   67.475830][ T5199] RAX: ffffffffffffffda RBX: 00007f4b69103f60 RCX: 00007f4b68f746bc
[   67.483800][ T5199] RDX: 000000000000000f RSI: 00007f4b69d110b0 RDI: 0000000000000004
[   67.491763][ T5199] RBP: 00007f4b69d110a0 R08: 0000000000000000 R09: 0000000000000000
[   67.499728][ T5199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.507695][ T5199] R13: 000000000000000b R14: 00007f4b69103f60 R15: 00007ffd66022178
[   67.515677][ T5199]  </TASK>
[   68.349492][ T5222] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.476623][   T25] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   68.610998][ T5229] FAULT_INJECTION: forcing a failure.
[   68.610998][ T5229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   68.645244][ T5229] CPU: 1 PID: 5229 Comm: syz.0.22 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   68.655162][ T5229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   68.665219][ T5229] Call Trace:
[   68.668505][ T5229]  <TASK>
[   68.671422][ T5229]  dump_stack_lvl+0x241/0x360
[   68.676092][ T5229]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.681275][ T5229]  ? __pfx__printk+0x10/0x10
[   68.685862][ T5229]  ? snprintf+0xda/0x120
[   68.690103][ T5229]  should_fail_ex+0x3b0/0x4e0
[   68.694807][ T5229]  _copy_to_user+0x2f/0xb0
[   68.699230][ T5229]  simple_read_from_buffer+0xca/0x150
[   68.704603][ T5229]  proc_fail_nth_read+0x1e9/0x250
[   68.709615][ T5229]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   68.715144][ T5229]  ? rw_verify_area+0x520/0x6b0
[   68.719984][ T5229]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   68.725515][ T5229]  vfs_read+0x204/0xbc0
[   68.729670][ T5229]  ? __pfx_lock_release+0x10/0x10
[   68.734679][ T5229]  ? __pfx_vfs_read+0x10/0x10
[   68.739337][ T5229]  ? kvm_vcpu_ioctl+0xa8a/0xd00
[   68.744167][ T5229]  ? __fget_files+0x29/0x470
[   68.748740][ T5229]  ? __fget_files+0x3f6/0x470
[   68.753403][ T5229]  ksys_read+0x1a0/0x2c0
[   68.757636][ T5229]  ? __pfx_ksys_read+0x10/0x10
[   68.762386][ T5229]  ? do_syscall_64+0x100/0x230
[   68.767136][ T5229]  ? do_syscall_64+0xb6/0x230
[   68.771794][ T5229]  do_syscall_64+0xf3/0x230
[   68.776301][ T5229]  ? clear_bhb_loop+0x35/0x90
[   68.780959][ T5229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.786834][ T5229] RIP: 0033:0x7f4b68f746bc
[   68.791232][ T5229] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[   68.810822][ T5229] RSP: 002b:00007f4b69d11040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   68.819218][ T5229] RAX: ffffffffffffffda RBX: 00007f4b69103f60 RCX: 00007f4b68f746bc
[   68.827170][ T5229] RDX: 000000000000000f RSI: 00007f4b69d110b0 RDI: 000000000000000d
[   68.835119][ T5229] RBP: 00007f4b69d110a0 R08: 0000000000000000 R09: 0000000000000000
[   68.843067][ T5229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.851017][ T5229] R13: 000000000000000b R14: 00007f4b69103f60 R15: 00007ffd66022178
[   68.858977][ T5229]  </TASK>
[   68.877170][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   68.896140][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   68.925219][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   68.947440][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   68.985996][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.005789][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   69.044060][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.082296][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   69.145187][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.189794][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   69.217755][ T5237] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.270921][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.285928][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   69.305766][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   69.317431][ T5240] netlink: 116 bytes leftover after parsing attributes in process `syz.0.25'.
[   69.325412][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.347991][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   69.404318][   T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   69.417238][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.425683][   T25] usb 4-1: Product: syz
[   69.431021][   T25] usb 4-1: Manufacturer: syz
[   69.436068][   T25] usb 4-1: SerialNumber: syz
[   69.847899][ T5247] =======================================================
[   69.847899][ T5247] WARNING: The mand mount option has been deprecated and
[   69.847899][ T5247]          and is ignored by this kernel. Remove the mand
[   69.847899][ T5247]          option from the mount to silence this warning.
[   69.847899][ T5247] =======================================================
[   70.103009][ T5089] usb 4-1: USB disconnect, device number 2
[   70.142558][ T5256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   70.192718][ T5256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.456123][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   70.775382][ T2407] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.006962][    T8] usb 1-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   71.044399][ T2407] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.056683][    T8] usb 1-1: language id specifier not provided by device, defaulting to English
[   71.063009][ T5268] syz.3.35 uses obsolete (PF_INET,SOCK_PACKET)
[   71.079615][    T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40
[   71.109386][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.137713][    T8] usb 1-1: Product: syz
[   71.146233][    T8] usb 1-1: Manufacturer: 靰ο»₯ε‚–α……γž΄ε²Όλ¨Šί§αš¨η­¨ι΄΄γ�ξ‘ˆλ ƒθˆŠι™Œη¬ΩΆε―₯ζ·΄ι§–μΌ§αΌ²ξΈ�γ―©θ­…γ―‚Φ«ε‡‘ο‘·αΆœιŽ£δŸ’α£‡ι‚›ΰΎ½β°¨κ’…Ε¦κ‚™μ„Ύε€žΰ‘’ξ•‰α…—νž‹δ’ΊβΏ°ζŒ±
[   71.209255][    T8] usb 1-1: SerialNumber: syz
[   71.227101][ T2407] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.268548][    T8] usbhid 1-1:250.0: couldn't find an input interrupt endpoint
[   71.279119][ T5272] FAULT_INJECTION: forcing a failure.
[   71.279119][ T5272] name failslab, interval 1, probability 0, space 0, times 1
[   71.322698][ T5272] CPU: 1 PID: 5272 Comm: syz.1.37 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   71.332626][ T5272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   71.342693][ T5272] Call Trace:
[   71.345983][ T5272]  <TASK>
[   71.348930][ T5272]  dump_stack_lvl+0x241/0x360
[   71.353633][ T5272]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.358856][ T5272]  ? __pfx__printk+0x10/0x10
[   71.363474][ T5272]  should_fail_ex+0x3b0/0x4e0
[   71.368177][ T5272]  ? security_file_alloc+0x28/0x130
[   71.373390][ T5272]  should_failslab+0x9/0x20
[   71.377910][ T5272]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   71.383304][ T5272]  security_file_alloc+0x28/0x130
[   71.388348][ T5272]  init_file+0x99/0x200
[   71.392522][ T5272]  alloc_empty_file+0xb8/0x1d0
[   71.397301][ T5272]  path_openat+0x105/0x35f0
[   71.401828][ T5272]  ? mark_lock+0x9a/0x350
[   71.406168][ T5272]  ? __pfx_stack_trace_save+0x10/0x10
[   71.411560][ T5272]  ? __lock_acquire+0x1346/0x1fd0
[   71.416607][ T5272]  ? __lock_acquire+0x1346/0x1fd0
[   71.421646][ T5272]  ? __pfx_path_openat+0x10/0x10
[   71.426616][ T5272]  do_filp_open+0x235/0x490
[   71.431141][ T5272]  ? __pfx_do_filp_open+0x10/0x10
[   71.436205][ T5272]  ? _raw_spin_unlock+0x28/0x50
[   71.441074][ T5272]  ? alloc_fd+0x5a1/0x640
[   71.445423][ T5272]  do_sys_openat2+0x13e/0x1d0
[   71.450114][ T5272]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   71.456111][ T5272]  ? __pfx_do_sys_openat2+0x10/0x10
[   71.461327][ T5272]  ? __fget_files+0x3f6/0x470
[   71.462613][ T5081] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.466015][ T5272]  __x64_sys_openat+0x247/0x2a0
[   71.466046][ T5272]  ? __pfx___x64_sys_openat+0x10/0x10
[   71.466073][ T5272]  ? do_syscall_64+0x100/0x230
[   71.466100][ T5272]  ? do_syscall_64+0xb6/0x230
[   71.466128][ T5272]  do_syscall_64+0xf3/0x230
[   71.466153][ T5272]  ? clear_bhb_loop+0x35/0x90
[   71.466173][ T5272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.466198][ T5272] RIP: 0033:0x7f9b88775bd9
[   71.466216][ T5272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.466230][ T5272] RSP: 002b:00007f9b89461048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   71.466251][ T5272] RAX: ffffffffffffffda RBX: 00007f9b88903f60 RCX: 00007f9b88775bd9
[   71.466265][ T5272] RDX: 0000000000200002 RSI: 0000000020000000 RDI: ffffffffffffff9c
[   71.466278][ T5272] RBP: 00007f9b894610a0 R08: 0000000000000000 R09: 0000000000000000
[   71.480098][ T5081] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.483446][ T5272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.483463][ T5272] R13: 000000000000000b R14: 00007f9b88903f60 R15: 00007ffeacb381a8
[   71.483489][ T5272]  </TASK>
[   71.489217][ T5081] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.611556][ T5081] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.619332][ T5081] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   71.626687][ T5081] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.682807][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[   71.689515][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[   73.756119][ T5081] Bluetooth: hci4: command tx timeout
[   74.086262][   T25] usb 1-1: USB disconnect, device number 2
[   74.114799][ T2407] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.197895][ T5289] netlink: 116 bytes leftover after parsing attributes in process `syz.4.40'.
[   74.340394][ T5298] netlink: 40 bytes leftover after parsing attributes in process `syz.4.44'.
[   74.527326][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   74.658952][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   75.420523][ T2407] bridge_slave_1: left allmulticast mode
[   75.436186][   T25] usb 1-1: Using ep0 maxpacket: 32
[   75.454140][ T2407] bridge_slave_1: left promiscuous mode
[   75.467672][ T2407] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.477818][   T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   75.502120][   T25] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   75.514651][ T2407] bridge_slave_0: left allmulticast mode
[   75.522597][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   75.534545][ T2407] bridge_slave_0: left promiscuous mode
[   75.546823][   T25] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   75.553541][ T2407] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.586716][   T25] usb 1-1: Product: syz
[   75.591041][   T25] usb 1-1: Manufacturer: syz
[   75.595889][   T25] usb 1-1: SerialNumber: syz
[   75.604557][   T25] usb 1-1: config 0 descriptor??
[   75.628450][ T5294] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   75.786169][ T5134] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   75.838273][ T5081] Bluetooth: hci4: command tx timeout
[   75.859218][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.946184][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   75.996136][ T5134] usb 2-1: Using ep0 maxpacket: 32
[   76.036917][ T5134] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[   76.218375][ T5315] Bluetooth: MGMT ver 1.22
[   76.392146][ T5134] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[   76.429211][ T5134] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.449818][ T5134] usb 2-1: Product: syz
[   76.458103][ T5134] usb 2-1: Manufacturer: syz
[   76.469808][ T5134] usb 2-1: SerialNumber: syz
[   76.472846][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.524731][ T5134] usb 2-1: config 0 descriptor??
[   76.543889][ T5306] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   76.572403][ T5134] hub 2-1:0.0: bad descriptor, ignoring hub
[   76.605541][ T5134] hub 2-1:0.0: probe with driver hub failed with error -5
[   76.689609][ T5134] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5
[   76.821155][  T785] cfg80211: failed to load regulatory.db
[   76.856884][ T2407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.866640][ T5131] usb 2-1: USB disconnect, device number 2
[   76.872470][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[   76.883031][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.912988][ T2407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.953883][ T2407] bond0 (unregistering): Released all slaves
[   77.066422][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.408687][ T5321] bad cache= option: none

[   77.408687][ T5321] 
[   77.416165][ T5321] CIFS: VFS: bad cache= option: none

[   77.909272][   T25] usb 1-1: USB disconnect, device number 3
[   77.916227][ T5081] Bluetooth: hci4: command tx timeout
[   77.997833][ T5273] chnl_net:caif_netlink_parms(): no params data found
[   78.133747][ T2407] hsr_slave_0: left promiscuous mode
[   78.142155][ T2407] hsr_slave_1: left promiscuous mode
[   78.174913][ T2407] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   78.192700][ T2407] batman_adv: batadv0: Removing interface: batadv_slave_0
[   78.223090][ T2407] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   78.233004][ T2407] batman_adv: batadv0: Removing interface: batadv_slave_1
[   78.319508][ T2407] veth1_macvtap: left promiscuous mode
[   78.346746][ T2407] veth0_macvtap: left promiscuous mode
[   78.363674][ T2407] veth1_vlan: left promiscuous mode
[   78.378169][ T2407] veth0_vlan: left promiscuous mode
[   79.273758][ T5081] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3
[   79.462075][ T2407] team0 (unregistering): Port device team_slave_1 removed
[   79.554902][ T2407] team0 (unregistering): Port device team_slave_0 removed
[   79.764060][ T5366] netlink: 60 bytes leftover after parsing attributes in process `syz.3.57'.
[   80.006455][ T5355] netlink: 116 bytes leftover after parsing attributes in process `syz.1.53'.
[   80.015932][ T5081] Bluetooth: hci4: command tx timeout
[   80.033319][ T5368] netlink: 20 bytes leftover after parsing attributes in process `syz.3.57'.
[   80.125439][ T5370] netlink: 'syz.3.57': attribute type 4 has an invalid length.
[   81.008166][ T5367] netlink: 'syz.3.57': attribute type 4 has an invalid length.
[   81.065375][ T5367] syz.3.57 (5367) used greatest stack depth: 18800 bytes left
[   81.190384][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.216001][ T5273] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.232983][ T5273] bridge_slave_0: entered allmulticast mode
[   81.241720][ T5273] bridge_slave_0: entered promiscuous mode
[   81.256397][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.272086][ T5273] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.307163][  T785] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   81.320507][ T5273] bridge_slave_1: entered allmulticast mode
[   81.329156][ T5273] bridge_slave_1: entered promiscuous mode
[   81.386070][ T5131] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   81.432464][ T5273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.456458][ T5273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.517637][  T785] usb 5-1: Using ep0 maxpacket: 32
[   81.532905][  T785] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   81.555149][  T785] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   81.577579][  T785] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   81.597218][ T5131] usb 2-1: Using ep0 maxpacket: 32
[   81.607263][ T5273] team0: Port device team_slave_0 added
[   81.615870][  T785] usb 5-1: Product: syz
[   81.625963][ T5131] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[   81.640548][  T785] usb 5-1: Manufacturer: syz
[   81.651538][  T785] usb 5-1: SerialNumber: syz
[   81.660493][ T5131] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[   81.679325][ T5131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.679858][ T5273] team0: Port device team_slave_1 added
[   81.693519][ T5131] usb 2-1: Product: syz
[   81.699220][  T785] usb 5-1: config 0 descriptor??
[   81.712802][ T5131] usb 2-1: Manufacturer: syz
[   81.718408][ T5382] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   81.740750][ T5131] usb 2-1: SerialNumber: syz
[   81.765225][ T5131] usb 2-1: config 0 descriptor??
[   81.785219][ T5385] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   81.799580][ T5131] hub 2-1:0.0: bad descriptor, ignoring hub
[   81.821127][ T5131] hub 2-1:0.0: probe with driver hub failed with error -5
[   81.854856][ T5131] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6
[   81.883799][ T5273] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.921444][ T5273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.109814][ T5273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.199827][ T5081] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3
[   82.243551][  T785] usb 2-1: USB disconnect, device number 3
[   82.250533][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[   82.279375][ T5273] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.299865][ T5273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.365842][ T5273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.431632][    T8] usb 5-1: USB disconnect, device number 2
[   82.589690][ T5273] hsr_slave_0: entered promiscuous mode
[   82.624341][ T5273] hsr_slave_1: entered promiscuous mode
[   83.096476][ T5426] netlink: 12 bytes leftover after parsing attributes in process `syz.0.69'.
[   83.370056][ T5385] bad cache= option: none

[   83.370056][ T5385] 
[   83.388229][ T5385] CIFS: VFS: bad cache= option: none

[   83.476059][ T5089] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   83.503316][ T5440] fuse: Unknown parameter '0x0000000000000004'
[   83.669220][ T5089] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   83.707041][ T5089] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   83.745649][ T5089] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40
[   83.773356][ T5089] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[   83.788479][ T5089] usb 5-1: Manufacturer: syz
[   83.801481][ T5089] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[   83.903293][ T5273] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   83.935188][ T5273] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   83.993638][ T5273] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   84.070592][ T5273] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   84.213168][ T5089] usb 5-1: USB disconnect, device number 3
[   84.528701][ T5273] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.605383][ T5273] 8021q: adding VLAN 0 to HW filter on device team0
[   84.641387][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.648599][ T5131] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.697492][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.704996][ T5131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.731859][ T5467] netlink: 60 bytes leftover after parsing attributes in process `syz.0.75'.
[   84.867684][ T5467] netlink: 20 bytes leftover after parsing attributes in process `syz.0.75'.
[   84.909159][ T5273] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   84.951302][ T5467] netlink: 'syz.0.75': attribute type 4 has an invalid length.
[   85.067466][ T5474] netlink: 'syz.0.75': attribute type 4 has an invalid length.
[   85.287690][ T5482] FAULT_INJECTION: forcing a failure.
[   85.287690][ T5482] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.321284][ T5482] CPU: 0 PID: 5482 Comm: syz.4.78 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   85.331224][ T5482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   85.341295][ T5482] Call Trace:
[   85.344580][ T5482]  <TASK>
[   85.347521][ T5482]  dump_stack_lvl+0x241/0x360
[   85.352225][ T5482]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.357449][ T5482]  ? __pfx__printk+0x10/0x10
[   85.362062][ T5482]  ? __pfx_lock_release+0x10/0x10
[   85.367108][ T5482]  should_fail_ex+0x3b0/0x4e0
[   85.371811][ T5482]  _copy_from_iter+0x1f6/0x1960
[   85.376679][ T5482]  ? __virt_addr_valid+0x183/0x530
[   85.381808][ T5482]  ? __pfx_lock_release+0x10/0x10
[   85.386853][ T5482]  ? __alloc_skb+0x28f/0x440
[   85.391460][ T5482]  ? __pfx__copy_from_iter+0x10/0x10
[   85.396769][ T5482]  ? __virt_addr_valid+0x183/0x530
[   85.401899][ T5482]  ? __virt_addr_valid+0x183/0x530
[   85.407035][ T5482]  ? __virt_addr_valid+0x45f/0x530
[   85.412170][ T5482]  ? __check_object_size+0x49c/0x900
[   85.417095][ T5487] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   85.417460][ T5482]  netlink_sendmsg+0x743/0xcb0
[   85.429252][ T5482]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.434561][ T5482]  ? __import_iovec+0x536/0x820
[   85.439431][ T5482]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   85.444723][ T5482]  ? security_socket_sendmsg+0x87/0xb0
[   85.450207][ T5482]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.455509][ T5482]  __sock_sendmsg+0x221/0x270
[   85.460205][ T5482]  ____sys_sendmsg+0x525/0x7d0
[   85.464998][ T5482]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.470314][ T5482]  __sys_sendmsg+0x2b0/0x3a0
[   85.474923][ T5482]  ? __pfx___sys_sendmsg+0x10/0x10
[   85.480032][ T5482]  ? vfs_write+0x7c4/0xc90
[   85.484473][ T5482]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   85.490798][ T5482]  ? do_syscall_64+0x100/0x230
[   85.495558][ T5482]  ? do_syscall_64+0xb6/0x230
[   85.500228][ T5482]  do_syscall_64+0xf3/0x230
[   85.504721][ T5482]  ? clear_bhb_loop+0x35/0x90
[   85.509384][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.515271][ T5482] RIP: 0033:0x7f3296175bd9
[   85.519677][ T5482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.539277][ T5482] RSP: 002b:00007f3296f9c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.547686][ T5482] RAX: ffffffffffffffda RBX: 00007f3296303f60 RCX: 00007f3296175bd9
[   85.555647][ T5482] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
[   85.563607][ T5482] RBP: 00007f3296f9c0a0 R08: 0000000000000000 R09: 0000000000000000
[   85.571568][ T5482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.579528][ T5482] R13: 000000000000000b R14: 00007f3296303f60 R15: 00007ffec984ef28
[   85.587499][ T5482]  </TASK>
[   85.669385][   T25] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   85.690250][ T5491] FAULT_INJECTION: forcing a failure.
[   85.690250][ T5491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.746109][ T5491] CPU: 0 PID: 5491 Comm: syz.3.80 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   85.756031][ T5491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   85.766089][ T5491] Call Trace:
[   85.769372][ T5491]  <TASK>
[   85.772313][ T5491]  dump_stack_lvl+0x241/0x360
[   85.777012][ T5491]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.782225][ T5491]  ? __pfx__printk+0x10/0x10
[   85.786834][ T5491]  ? snprintf+0xda/0x120
[   85.791087][ T5491]  should_fail_ex+0x3b0/0x4e0
[   85.795788][ T5491]  _copy_to_user+0x2f/0xb0
[   85.800217][ T5491]  simple_read_from_buffer+0xca/0x150
[   85.805602][ T5491]  proc_fail_nth_read+0x1e9/0x250
[   85.810642][ T5491]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   85.816203][ T5491]  ? rw_verify_area+0x520/0x6b0
[   85.821061][ T5491]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   85.826617][ T5491]  vfs_read+0x204/0xbc0
[   85.830786][ T5491]  ? __pfx_lock_release+0x10/0x10
[   85.835820][ T5491]  ? __pfx_vfs_read+0x10/0x10
[   85.840502][ T5491]  ? kvm_vcpu_ioctl+0xa8a/0xd00
[   85.845362][ T5491]  ? __fget_files+0x29/0x470
[   85.849957][ T5491]  ? __fget_files+0x3f6/0x470
[   85.854645][ T5491]  ksys_read+0x1a0/0x2c0
[   85.858907][ T5491]  ? __pfx_ksys_read+0x10/0x10
[   85.863680][ T5491]  ? do_syscall_64+0x100/0x230
[   85.868460][ T5491]  ? do_syscall_64+0xb6/0x230
[   85.873151][ T5491]  do_syscall_64+0xf3/0x230
[   85.877666][ T5491]  ? clear_bhb_loop+0x35/0x90
[   85.882347][ T5491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.888247][ T5491] RIP: 0033:0x7fad903746bc
[   85.892662][ T5491] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[   85.912269][ T5491] RSP: 002b:00007fad91126040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.920693][ T5491] RAX: ffffffffffffffda RBX: 00007fad90503f60 RCX: 00007fad903746bc
[   85.928667][ T5491] RDX: 000000000000000f RSI: 00007fad911260b0 RDI: 0000000000000007
[   85.936639][ T5491] RBP: 00007fad911260a0 R08: 0000000000000000 R09: 0000000000000000
[   85.944609][ T5491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.952579][ T5491] R13: 000000000000000b R14: 00007fad90503f60 R15: 00007ffed6d95d88
[   85.960570][ T5491]  </TASK>
[   86.065935][   T25] usb 1-1: Using ep0 maxpacket: 32
[   86.079153][   T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   86.120492][   T25] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   86.130183][   T25] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   86.143698][   T25] usb 1-1: Product: syz
[   86.148009][   T25] usb 1-1: Manufacturer: syz
[   86.153218][   T25] usb 1-1: SerialNumber: syz
[   86.171937][   T25] usb 1-1: config 0 descriptor??
[   86.187143][ T5273] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.192993][ T5485] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   86.266206][ T5089] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   86.316421][ T5134] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   86.409424][ T5273] veth0_vlan: entered promiscuous mode
[   86.466267][ T5089] usb 2-1: Using ep0 maxpacket: 32
[   86.469098][ T5273] veth1_vlan: entered promiscuous mode
[   86.515914][ T5089] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   86.543399][ T5134] usb 5-1: Using ep0 maxpacket: 32
[   86.554205][ T5089] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[   86.557496][ T5134] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   86.590893][ T5273] veth0_macvtap: entered promiscuous mode
[   86.632000][ T5273] veth1_macvtap: entered promiscuous mode
[   86.649875][ T5134] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   86.673316][ T5134] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   86.674216][ T5089] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   86.717246][ T5134] usb 5-1: Product: syz
[   86.721408][ T5134] usb 5-1: Manufacturer: syz
[   86.734205][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.756381][ T5134] usb 5-1: SerialNumber: syz
[   86.782090][ T5134] usb 5-1: config 0 descriptor??
[   86.782889][ T5089] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   86.787595][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.809983][ T5089] usb 2-1: SerialNumber: syz
[   86.834282][ T5497] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[   86.848851][ T5131] usb 1-1: USB disconnect, device number 4
[   86.876369][ T5089] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[   86.884406][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.899472][ T5089] cdc_acm 2-1:1.0: This needs exactly 3 endpoints
[   86.908197][ T5089] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22
[   86.931009][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.975033][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   87.011103][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.045831][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   87.090413][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.108088][ T5273] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.130694][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   87.145600][ T5089] usb 5-1: USB disconnect, device number 4
[   87.171329][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.225731][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   87.245908][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.273910][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   87.297689][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.308171][ T5273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   87.319020][ T5273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.333070][ T5273] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.362778][ T5273] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.392294][ T5273] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.419588][ T5273] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.433315][ T5504] FAULT_INJECTION: forcing a failure.
[   87.433315][ T5504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.453110][ T5273] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.587121][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.625825][ T5504] CPU: 1 PID: 5504 Comm: syz.3.82 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   87.625878][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.635728][ T5504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   87.635741][ T5504] Call Trace:
[   87.635750][ T5504]  <TASK>
[   87.635758][ T5504]  dump_stack_lvl+0x241/0x360
[   87.635792][ T5504]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.635831][ T5504]  should_fail_ex+0x3b0/0x4e0
[   87.635860][ T5504]  _copy_from_user+0x2f/0xe0
[   87.635883][ T5504]  ____sys_sendmsg+0x2e4/0x7d0
[   87.635914][ T5504]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.635953][ T5504]  __sys_sendmsg+0x2b0/0x3a0
[   87.635978][ T5504]  ? __pfx___sys_sendmsg+0x10/0x10
[   87.636005][ T5504]  ? vfs_write+0x7c4/0xc90
[   87.636070][ T5504]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.636092][ T5504]  ? do_syscall_64+0x100/0x230
[   87.636120][ T5504]  ? do_syscall_64+0xb6/0x230
[   87.636147][ T5504]  do_syscall_64+0xf3/0x230
[   87.636172][ T5504]  ? clear_bhb_loop+0x35/0x90
[   87.636192][ T5504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.636216][ T5504] RIP: 0033:0x7fad90375bd9
[   87.636234][ T5504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.636249][ T5504] RSP: 002b:00007fad91126048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.636270][ T5504] RAX: ffffffffffffffda RBX: 00007fad90503f60 RCX: 00007fad90375bd9
[   87.636284][ T5504] RDX: 0000000000000000 RSI: 0000000020001600 RDI: 0000000000000003
[   87.636297][ T5504] RBP: 00007fad911260a0 R08: 0000000000000000 R09: 0000000000000000
[   87.636309][ T5504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.636321][ T5504] R13: 000000000000000b R14: 00007fad90503f60 R15: 00007ffed6d95d88
[   87.636349][ T5504]  </TASK>
[   87.998934][ T2407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.007104][ T2407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.580985][ T5131] usb 2-1: USB disconnect, device number 4
[   88.622542][ T5548] netlink: 'syz.2.88': attribute type 1 has an invalid length.
[   89.295858][ T5089] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   89.487072][ T5569] IPVS: sync thread started: state = BACKUP, mcast_ifn = ipvlan1, syncid = 1, id = 0
[   89.575836][ T5089] usb 3-1: Using ep0 maxpacket: 8
[   89.612908][ T5089] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   89.623713][ T5089] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   89.639099][ T5089] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[   89.656294][ T5089] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[   89.668777][ T5089] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   89.687274][ T5089] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   89.836833][ T5089] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.197147][  T785] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   90.207870][ T5574] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[   90.235640][ T5089] usb 3-1: GET_CAPABILITIES returned 0
[   90.264136][ T5089] usbtmc 3-1:16.0: can't read capabilities
[   90.406146][  T785] usb 5-1: Using ep0 maxpacket: 32
[   90.451016][  T785] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   90.453493][ T5555] FAULT_INJECTION: forcing a failure.
[   90.453493][ T5555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   90.483397][  T785] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   90.504959][  T785] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   90.513793][ T5555] CPU: 1 PID: 5555 Comm: syz.2.89 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   90.523707][ T5555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   90.532896][  T785] usb 5-1: Product: syz
[   90.533752][ T5555] Call Trace:
[   90.533768][ T5555]  <TASK>
[   90.544125][ T5555]  dump_stack_lvl+0x241/0x360
[   90.547993][  T785] usb 5-1: Manufacturer: syz
[   90.548812][ T5555]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.558590][ T5555]  ? __pfx__printk+0x10/0x10
[   90.562253][  T785] usb 5-1: SerialNumber: syz
[   90.563183][ T5555]  ? __pfx_lock_release+0x10/0x10
[   90.572788][ T5555]  should_fail_ex+0x3b0/0x4e0
[   90.577499][ T5555]  _copy_from_user+0x2f/0xe0
[   90.582109][ T5555]  core_sys_select+0x508/0x910
[   90.586898][ T5555]  ? __pfx_core_sys_select+0x10/0x10
[   90.592197][ T5555]  ? rcu_read_lock_any_held+0xb7/0x160
[   90.597676][ T5555]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   90.603349][ T5555]  ? __pfx_set_user_sigmask+0x10/0x10
[   90.608736][ T5555]  ? __pfx_do_sys_openat2+0x10/0x10
[   90.613955][ T5555]  __se_sys_pselect6+0x319/0x3f0
[   90.618920][ T5555]  ? __pfx___se_sys_pselect6+0x10/0x10
[   90.624394][ T5555]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   90.628674][  T785] usb 5-1: config 0 descriptor??
[   90.630716][ T5555]  ? do_syscall_64+0x100/0x230
[   90.640412][ T5555]  ? __x64_sys_pselect6+0x21/0xf0
[   90.645447][ T5555]  do_syscall_64+0xf3/0x230
[   90.649960][ T5555]  ? clear_bhb_loop+0x35/0x90
[   90.654631][ T5555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.660521][ T5555] RIP: 0033:0x7fd1d6b75bd9
[   90.664928][ T5555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.684523][ T5555] RSP: 002b:00007fd1d79d3048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[   90.692930][ T5555] RAX: ffffffffffffffda RBX: 00007fd1d6d03f60 RCX: 00007fd1d6b75bd9
[   90.700898][ T5555] RDX: 0000000020000080 RSI: 0000000020000000 RDI: 0000000000000040
[   90.708862][ T5555] RBP: 00007fd1d79d30a0 R08: 0000000000000000 R09: 0000000000000000
[   90.716830][ T5555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.724791][ T5555] R13: 000000000000000b R14: 00007fd1d6d03f60 R15: 00007ffe8ce7d588
[   90.732764][ T5555]  </TASK>
[   90.750645][ T5566] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   90.851197][ T5585] netlink: 20 bytes leftover after parsing attributes in process `syz.1.96'.
[   90.921792][ T5596] FAULT_INJECTION: forcing a failure.
[   90.921792][ T5596] name failslab, interval 1, probability 0, space 0, times 0
[   90.921830][ T5596] CPU: 1 PID: 5596 Comm: syz.0.99 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   90.921850][ T5596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   90.921861][ T5596] Call Trace:
[   90.921869][ T5596]  <TASK>
[   90.921878][ T5596]  dump_stack_lvl+0x241/0x360
[   90.921912][ T5596]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.921939][ T5596]  ? __pfx__printk+0x10/0x10
[   90.921966][ T5596]  ? ref_tracker_alloc+0x332/0x490
[   90.921999][ T5596]  should_fail_ex+0x3b0/0x4e0
[   90.922028][ T5596]  ? skb_clone+0x20c/0x390
[   90.922052][ T5596]  should_failslab+0x9/0x20
[   90.922072][ T5596]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   90.922099][ T5596]  skb_clone+0x20c/0x390
[   90.922126][ T5596]  __netlink_deliver_tap+0x3cc/0x7c0
[   90.922162][ T5596]  ? netlink_deliver_tap+0x2e/0x1b0
[   90.922185][ T5596]  netlink_deliver_tap+0x19d/0x1b0
[   90.922211][ T5596]  netlink_unicast+0x7b8/0x980
[   90.922243][ T5596]  ? __pfx_netlink_unicast+0x10/0x10
[   90.922264][ T5596]  ? __virt_addr_valid+0x183/0x530
[   90.922295][ T5596]  ? __check_object_size+0x49c/0x900
[   90.922316][ T5596]  ? bpf_lsm_netlink_send+0x9/0x10
[   90.922344][ T5596]  netlink_sendmsg+0x8db/0xcb0
[   90.922381][ T5596]  ? __pfx_netlink_sendmsg+0x10/0x10
[   90.922413][ T5596]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   90.922430][ T5596]  ? security_socket_sendmsg+0x87/0xb0
[   90.922458][ T5596]  ? __pfx_netlink_sendmsg+0x10/0x10
[   90.922487][ T5596]  __sock_sendmsg+0x221/0x270
[   90.922509][ T5596]  sock_write_iter+0x2dd/0x400
[   90.922537][ T5596]  ? __pfx_sock_write_iter+0x10/0x10
[   90.922580][ T5596]  do_iter_readv_writev+0x5a4/0x800
[   90.922606][ T5596]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   90.922629][ T5596]  ? bpf_lsm_file_permission+0x9/0x10
[   90.922648][ T5596]  ? security_file_permission+0x7f/0xa0
[   90.922671][ T5596]  ? rw_verify_area+0x1d2/0x6b0
[   90.922699][ T5596]  vfs_writev+0x37c/0xbb0
[   90.922733][ T5596]  ? __pfx_lock_acquire+0x10/0x10
[   90.922753][ T5596]  ? __pfx_vfs_writev+0x10/0x10
[   90.922773][ T5596]  ? vfs_write+0x7c4/0xc90
[   90.922811][ T5596]  ? __fget_files+0x29/0x470
[   90.922847][ T5596]  do_writev+0x1b1/0x350
[   90.922875][ T5596]  ? __pfx_do_writev+0x10/0x10
[   90.922897][ T5596]  ? do_syscall_64+0x100/0x230
[   90.922925][ T5596]  ? do_syscall_64+0xb6/0x230
[   90.922952][ T5596]  do_syscall_64+0xf3/0x230
[   90.922977][ T5596]  ? clear_bhb_loop+0x35/0x90
[   90.922997][ T5596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.923022][ T5596] RIP: 0033:0x7f4b68f75bd9
[   90.923039][ T5596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.923053][ T5596] RSP: 002b:00007f4b69d11048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   90.923075][ T5596] RAX: ffffffffffffffda RBX: 00007f4b69103f60 RCX: 00007f4b68f75bd9
[   90.923090][ T5596] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006
[   90.923101][ T5596] RBP: 00007f4b69d110a0 R08: 0000000000000000 R09: 0000000000000000
[   90.923113][ T5596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.923125][ T5596] R13: 000000000000000b R14: 00007f4b69103f60 R15: 00007ffd66022178
[   90.923154][ T5596]  </TASK>
[   90.950705][ T5596] netlink: 'syz.0.99': attribute type 4 has an invalid length.
[   91.270447][ T5131] usb 3-1: USB disconnect, device number 2
[   91.463474][   T45] usb 5-1: USB disconnect, device number 5
[   91.538154][ T5599] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   91.654114][ T5604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.101'.
[   91.668938][ T5604] netlink: 12 bytes leftover after parsing attributes in process `syz.1.101'.
[   91.915808][   T25] IPVS: starting estimator thread 0...
[   92.047445][ T5608] IPVS: using max 19 ests per chain, 45600 per kthread
[   93.140831][ T5614] syzkaller1: entered promiscuous mode
[   93.146413][ T5614] syzkaller1: entered allmulticast mode
[   93.297712][ T5623] FAULT_INJECTION: forcing a failure.
[   93.297712][ T5623] name failslab, interval 1, probability 0, space 0, times 0
[   93.312772][ T5623] CPU: 1 PID: 5623 Comm: syz.0.107 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   93.322772][ T5623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   93.332847][ T5623] Call Trace:
[   93.336144][ T5623]  <TASK>
[   93.339079][ T5623]  dump_stack_lvl+0x241/0x360
[   93.343778][ T5623]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.349000][ T5623]  ? __pfx__printk+0x10/0x10
[   93.353661][ T5623]  ? __pfx___might_resched+0x10/0x10
[   93.358975][ T5623]  should_fail_ex+0x3b0/0x4e0
[   93.363677][ T5623]  ? getname_kernel+0x59/0x2f0
[   93.368460][ T5623]  should_failslab+0x9/0x20
[   93.370324][ T5624] FAULT_INJECTION: forcing a failure.
[   93.370324][ T5624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.372967][ T5623]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   93.372999][ T5623]  getname_kernel+0x59/0x2f0
[   93.373023][ T5623]  kern_path_create+0x22/0x50
[   93.400584][ T5623]  unix_bind+0x2df/0xf50
[   93.404826][ T5623]  ? __might_fault+0xaa/0x120
[   93.409503][ T5623]  ? __pfx_unix_bind+0x10/0x10
[   93.414266][ T5623]  ? bpf_lsm_socket_bind+0x9/0x10
[   93.419294][ T5623]  ? security_socket_bind+0x87/0xb0
[   93.424489][ T5623]  __sys_bind+0x23d/0x2f0
[   93.428816][ T5623]  ? __pfx___sys_bind+0x10/0x10
[   93.433679][ T5623]  __x64_sys_bind+0x7a/0x90
[   93.438180][ T5623]  do_syscall_64+0xf3/0x230
[   93.443040][ T5623]  ? clear_bhb_loop+0x35/0x90
[   93.447707][ T5623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.453598][ T5623] RIP: 0033:0x7f4b68f75bd9
[   93.458005][ T5623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.477700][ T5623] RSP: 002b:00007f4b69cf0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[   93.486128][ T5623] RAX: ffffffffffffffda RBX: 00007f4b69104038 RCX: 00007f4b68f75bd9
[   93.494096][ T5623] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000006
[   93.502056][ T5623] RBP: 00007f4b69cf00a0 R08: 0000000000000000 R09: 0000000000000000
[   93.510016][ T5623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.517972][ T5623] R13: 000000000000006e R14: 00007f4b69104038 R15: 00007ffd66022178
[   93.525953][ T5623]  </TASK>
[   93.549958][ T5624] CPU: 1 PID: 5624 Comm: syz.2.108 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   93.559973][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   93.570046][ T5624] Call Trace:
[   93.573342][ T5624]  <TASK>
[   93.576289][ T5624]  dump_stack_lvl+0x241/0x360
[   93.581004][ T5624]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.586226][ T5624]  ? __pfx__printk+0x10/0x10
[   93.590837][ T5624]  ? __pfx_lock_release+0x10/0x10
[   93.595896][ T5624]  should_fail_ex+0x3b0/0x4e0
[   93.600594][ T5624]  _copy_from_user+0x2f/0xe0
[   93.605193][ T5624]  dccp_setsockopt+0x32c/0x12c0
[   93.610059][ T5624]  ? __pfx_dccp_setsockopt+0x10/0x10
[   93.615344][ T5624]  ? sock_common_setsockopt+0x37/0xc0
[   93.620710][ T5624]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   93.626597][ T5624]  do_sock_setsockopt+0x3af/0x720
[   93.631620][ T5624]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   93.637168][ T5624]  __sys_setsockopt+0x1ae/0x250
[   93.642017][ T5624]  __x64_sys_setsockopt+0xb5/0xd0
[   93.647041][ T5624]  do_syscall_64+0xf3/0x230
[   93.651540][ T5624]  ? clear_bhb_loop+0x35/0x90
[   93.656303][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.662194][ T5624] RIP: 0033:0x7fd1d6b75bd9
[   93.666597][ T5624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.686194][ T5624] RSP: 002b:00007fd1d79d3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   93.694601][ T5624] RAX: ffffffffffffffda RBX: 00007fd1d6d03f60 RCX: 00007fd1d6b75bd9
[   93.702563][ T5624] RDX: 0000000000000002 RSI: 000000000000010d RDI: 0000000000000003
[   93.710522][ T5624] RBP: 00007fd1d79d30a0 R08: 00000000000072a0 R09: 0000000000000000
[   93.718480][ T5624] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[   93.726439][ T5624] R13: 000000000000000b R14: 00007fd1d6d03f60 R15: 00007ffe8ce7d588
[   93.734409][ T5624]  </TASK>
[   95.129504][   T29] audit: type=1326 audit(1720736959.905:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.226596][   T29] audit: type=1326 audit(1720736959.935:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.304356][   T29] audit: type=1326 audit(1720736959.935:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.375129][   T29] audit: type=1326 audit(1720736959.935:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.419238][   T29] audit: type=1326 audit(1720736959.945:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.440888][   T29] audit: type=1326 audit(1720736959.945:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b68f75bd9 code=0x7ffc0000
[   95.462108][    C0] vkms_vblank_simulate: vblank timer overrun
[   95.468914][   T29] audit: type=1326 audit(1720736959.945:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b68f6cc27 code=0x7ffc0000
[   95.492464][   T29] audit: type=1326 audit(1720736959.945:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b68f115f9 code=0x7ffc0000
[   95.513569][    C0] vkms_vblank_simulate: vblank timer overrun
[   95.530634][   T29] audit: type=1326 audit(1720736959.945:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b68f6cc27 code=0x7ffc0000
[   95.553381][   T29] audit: type=1326 audit(1720736959.945:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5636 comm="syz.0.111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b68f115f9 code=0x7ffc0000
[   95.799283][ T5654] netlink: 20 bytes leftover after parsing attributes in process `syz.3.112'.
[   95.921872][ T5657] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   96.025793][ T5664] process 'syz.2.121' launched './file1' with NULL argv: empty string added
[   96.122624][ T5664] overlay: ./file1 is not a directory
[   96.149169][ T5664] Invalid ELF header magic: != ELF
[   96.167713][ T5669] binder: 5660:5669 ioctl 541b 20000080 returned -22
[   96.184892][ T5664] overlay: ./bus is not a directory
[   96.364370][ T5675] tmpfs: Unknown parameter 'nr_blockstg'
[   96.822467][ T5689] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[   97.253895][ T5711] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   98.199135][ T5724] input: syz1 as /devices/virtual/input/input11
[   98.313356][ T5725] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   98.379528][ T5727] FAULT_INJECTION: forcing a failure.
[   98.379528][ T5727] name fail_futex, interval 1, probability 0, space 0, times 1
[   98.414788][ T5727] CPU: 1 PID: 5727 Comm: syz.0.140 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[   98.424820][ T5727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   98.434867][ T5727] Call Trace:
[   98.438135][ T5727]  <TASK>
[   98.441051][ T5727]  dump_stack_lvl+0x241/0x360
[   98.445732][ T5727]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.450923][ T5727]  ? __pfx__printk+0x10/0x10
[   98.455503][ T5727]  ? lockdep_hardirqs_on+0x99/0x150
[   98.460696][ T5727]  should_fail_ex+0x3b0/0x4e0
[   98.465364][ T5727]  get_futex_key+0x1ae/0x1050
[   98.470035][ T5727]  ? __pfx_get_futex_key+0x10/0x10
[   98.475132][ T5727]  ? __lock_acquire+0x1346/0x1fd0
[   98.480147][ T5727]  futex_wait_multiple_setup+0x16c/0x6d0
[   98.485772][ T5727]  ? __pfx_futex_wait_multiple_setup+0x10/0x10
[   98.491923][ T5727]  futex_wait_multiple+0x128/0x480
[   98.497033][ T5727]  ? __pfx_futex_wait_multiple+0x10/0x10
[   98.502665][ T5727]  ? __might_fault+0xc6/0x120
[   98.507325][ T5727]  ? __se_sys_futex_waitv+0x3cb/0x5e0
[   98.512681][ T5727]  __se_sys_futex_waitv+0x551/0x5e0
[   98.517864][ T5727]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[   98.523580][ T5727]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   98.529904][ T5727]  ? do_syscall_64+0x100/0x230
[   98.534653][ T5727]  ? __x64_sys_futex_waitv+0x20/0xc0
[   98.539919][ T5727]  do_syscall_64+0xf3/0x230
[   98.544408][ T5727]  ? clear_bhb_loop+0x35/0x90
[   98.549068][ T5727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.554944][ T5727] RIP: 0033:0x7f4b68f75bd9
[   98.559348][ T5727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.578936][ T5727] RSP: 002b:00007f4b69d11048 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[   98.587335][ T5727] RAX: ffffffffffffffda RBX: 00007f4b69103f60 RCX: 00007f4b68f75bd9
[   98.595293][ T5727] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020000180
[   98.603245][ T5727] RBP: 00007f4b69d110a0 R08: 0000000000000000 R09: 0000000000000000
[   98.611196][ T5727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.619148][ T5727] R13: 000000000000000b R14: 00007f4b69103f60 R15: 00007ffd66022178
[   98.627108][ T5727]  </TASK>
[   99.112793][ T5744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.146'.
[   99.133361][ T5744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.146'.
[   99.198841][ T5099] Bluetooth: hci0: command 0x0406 tx timeout
[   99.403171][   T45] IPVS: starting estimator thread 0...
[   99.496345][ T5751] IPVS: using max 17 ests per chain, 40800 per kthread
[   99.621128][ T5763] bad cache= option: none

[   99.621128][ T5763] 
[   99.642606][ T5763] CIFS: VFS: bad cache= option: none

[  100.163474][ T5776] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  100.273740][ T5778] netlink: 20 bytes leftover after parsing attributes in process `syz.1.156'.
[  100.362131][ T5781] netlink: 20 bytes leftover after parsing attributes in process `syz.2.158'.
[  100.899957][ T5798] FAULT_INJECTION: forcing a failure.
[  100.899957][ T5798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  100.929181][ T5798] CPU: 0 PID: 5798 Comm: syz.1.164 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  100.939186][ T5798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  100.949251][ T5798] Call Trace:
[  100.952546][ T5798]  <TASK>
[  100.955488][ T5798]  dump_stack_lvl+0x241/0x360
[  100.960195][ T5798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  100.965409][ T5798]  ? __pfx__printk+0x10/0x10
[  100.970021][ T5798]  ? __pfx_lock_release+0x10/0x10
[  100.975068][ T5798]  should_fail_ex+0x3b0/0x4e0
[  100.979782][ T5798]  _copy_from_user+0x2f/0xe0
[  100.984394][ T5798]  generic_map_update_batch+0x567/0x900
[  100.989974][ T5798]  ? __pfx_generic_map_update_batch+0x10/0x10
[  100.996066][ T5798]  ? __pfx_generic_map_update_batch+0x10/0x10
[  101.002154][ T5798]  bpf_map_do_batch+0x3e0/0x690
[  101.007024][ T5798]  __sys_bpf+0x377/0x810
[  101.011294][ T5798]  ? __pfx___sys_bpf+0x10/0x10
[  101.016089][ T5798]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  101.022071][ T5798]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  101.028391][ T5798]  ? do_syscall_64+0x100/0x230
[  101.033155][ T5798]  __x64_sys_bpf+0x7c/0x90
[  101.037568][ T5798]  do_syscall_64+0xf3/0x230
[  101.042068][ T5798]  ? clear_bhb_loop+0x35/0x90
[  101.046734][ T5798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.052624][ T5798] RIP: 0033:0x7f9b88775bd9
[  101.057032][ T5798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.076628][ T5798] RSP: 002b:00007f9b89461048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  101.085032][ T5798] RAX: ffffffffffffffda RBX: 00007f9b88903f60 RCX: 00007f9b88775bd9
[  101.092992][ T5798] RDX: 0000000000000038 RSI: 00000000200006c0 RDI: 000000000000001a
[  101.100952][ T5798] RBP: 00007f9b894610a0 R08: 0000000000000000 R09: 0000000000000000
[  101.108911][ T5798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.116873][ T5798] R13: 000000000000000b R14: 00007f9b88903f60 R15: 00007ffeacb381a8
[  101.124846][ T5798]  </TASK>
[  101.190441][ T5806] netlink: 'syz.2.167': attribute type 3 has an invalid length.
[  101.205923][ T5806] netlink: 209096 bytes leftover after parsing attributes in process `syz.2.167'.
[  101.738587][ T5826] netlink: 20 bytes leftover after parsing attributes in process `syz.3.172'.
[  101.758399][ T5821] kvm: emulating exchange as write
[  101.807457][ T5825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.171'.
[  103.518868][ T5857] netlink: 76 bytes leftover after parsing attributes in process `syz.4.181'.
[  103.596323][   T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  103.630169][ T5857] Κό: entered promiscuous mode
[  103.808200][   T25] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  103.838205][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.878246][   T25] usb 2-1: config 0 descriptor??
[  103.885986][   T25] cp210x 2-1:0.0: cp210x converter detected
[  104.154696][ T5863] kvm: kvm [5862]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111
[  104.325996][   T25] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  104.580054][   T25] usb 2-1: cp210x converter now attached to ttyUSB0
[  104.605856][ T5881] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  104.711174][ T5884] FAULT_INJECTION: forcing a failure.
[  104.711174][ T5884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.742055][ T5884] CPU: 0 PID: 5884 Comm: syz.2.191 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  104.752075][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  104.762148][ T5884] Call Trace:
[  104.765443][ T5884]  <TASK>
[  104.768387][ T5884]  dump_stack_lvl+0x241/0x360
[  104.773100][ T5884]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.778328][ T5884]  ? __pfx__printk+0x10/0x10
[  104.782951][ T5884]  ? __pfx_lock_release+0x10/0x10
[  104.788005][ T5884]  should_fail_ex+0x3b0/0x4e0
[  104.792710][ T5884]  _copy_from_iter+0x1f6/0x1960
[  104.797573][ T5884]  ? __virt_addr_valid+0x183/0x530
[  104.802703][ T5884]  ? __pfx_lock_release+0x10/0x10
[  104.807749][ T5884]  ? __alloc_skb+0x28f/0x440
[  104.812354][ T5884]  ? __pfx__copy_from_iter+0x10/0x10
[  104.817662][ T5884]  ? __virt_addr_valid+0x183/0x530
[  104.822790][ T5884]  ? __virt_addr_valid+0x183/0x530
[  104.827915][ T5884]  ? __virt_addr_valid+0x45f/0x530
[  104.833043][ T5884]  ? __check_object_size+0x49c/0x900
[  104.838349][ T5884]  netlink_sendmsg+0x743/0xcb0
[  104.843157][ T5884]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.848473][ T5884]  ? __import_iovec+0x536/0x820
[  104.853343][ T5884]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  104.858645][ T5884]  ? security_socket_sendmsg+0x87/0xb0
[  104.864101][ T5884]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.869385][ T5884]  __sock_sendmsg+0x221/0x270
[  104.874053][ T5884]  ____sys_sendmsg+0x525/0x7d0
[  104.878841][ T5884]  ? __pfx_____sys_sendmsg+0x10/0x10
[  104.884126][ T5884]  __sys_sendmsg+0x2b0/0x3a0
[  104.888715][ T5884]  ? __pfx___sys_sendmsg+0x10/0x10
[  104.893821][ T5884]  ? vfs_write+0x7c4/0xc90
[  104.898261][ T5884]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.904577][ T5884]  ? do_syscall_64+0x100/0x230
[  104.909352][ T5884]  ? do_syscall_64+0xb6/0x230
[  104.914042][ T5884]  do_syscall_64+0xf3/0x230
[  104.918549][ T5884]  ? clear_bhb_loop+0x35/0x90
[  104.923224][ T5884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.929114][ T5884] RIP: 0033:0x7fd1d6b75bd9
[  104.933523][ T5884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.953126][ T5884] RSP: 002b:00007fd1d79d3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.961541][ T5884] RAX: ffffffffffffffda RBX: 00007fd1d6d03f60 RCX: 00007fd1d6b75bd9
[  104.969504][ T5884] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  104.977467][ T5884] RBP: 00007fd1d79d30a0 R08: 0000000000000000 R09: 0000000000000000
[  104.985428][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.993416][ T5884] R13: 000000000000004d R14: 00007fd1d6d03f60 R15: 00007ffe8ce7d588
[  105.001392][ T5884]  </TASK>
[  105.023485][  T785] usb 2-1: USB disconnect, device number 5
[  105.057976][  T785] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  105.100335][  T785] cp210x 2-1:0.0: device disconnected
[  105.663338][ T5904] FAULT_INJECTION: forcing a failure.
[  105.663338][ T5904] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.707885][ T5904] CPU: 0 PID: 5904 Comm: syz.1.198 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  105.717891][ T5904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  105.727940][ T5904] Call Trace:
[  105.731215][ T5904]  <TASK>
[  105.734130][ T5904]  dump_stack_lvl+0x241/0x360
[  105.738808][ T5904]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.743996][ T5904]  ? __pfx__printk+0x10/0x10
[  105.748576][ T5904]  ? __pfx_lock_release+0x10/0x10
[  105.753616][ T5904]  should_fail_ex+0x3b0/0x4e0
[  105.758285][ T5904]  _copy_to_iter+0x43a/0x1960
[  105.762952][ T5904]  ? __virt_addr_valid+0x183/0x530
[  105.768078][ T5904]  ? __pfx__copy_to_iter+0x10/0x10
[  105.773206][ T5904]  ? __virt_addr_valid+0x183/0x530
[  105.778306][ T5904]  ? __virt_addr_valid+0x183/0x530
[  105.783405][ T5904]  ? __virt_addr_valid+0x45f/0x530
[  105.788505][ T5904]  ? __check_object_size+0x49c/0x900
[  105.793781][ T5904]  __skb_datagram_iter+0x110/0x8c0
[  105.798903][ T5904]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  105.804527][ T5904]  skb_copy_datagram_iter+0xd1/0x250
[  105.809803][ T5904]  netlink_recvmsg+0x2d0/0x11d0
[  105.814646][ T5904]  ? __pfx_netlink_recvmsg+0x10/0x10
[  105.819938][ T5904]  ? iovec_from_user+0x87/0x240
[  105.824774][ T5904]  ? rcu_is_watching+0x15/0xb0
[  105.829524][ T5904]  ? iovec_from_user+0x87/0x240
[  105.834366][ T5904]  ? trace_kmalloc+0x1f/0xd0
[  105.838941][ T5904]  ? __kmalloc_noprof+0x217/0x400
[  105.843955][ T5904]  ? iovec_from_user+0x1b0/0x240
[  105.848880][ T5904]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  105.854155][ T5904]  ? security_socket_recvmsg+0x90/0xb0
[  105.859603][ T5904]  ? __pfx_netlink_recvmsg+0x10/0x10
[  105.864880][ T5904]  sock_recvmsg+0x22f/0x280
[  105.869372][ T5904]  ____sys_recvmsg+0x1db/0x470
[  105.874128][ T5904]  ? __pfx_____sys_recvmsg+0x10/0x10
[  105.879409][ T5904]  do_recvmmsg+0x474/0xae0
[  105.883813][ T5904]  ? mark_lock+0x9a/0x350
[  105.888133][ T5904]  ? __pfx_do_recvmmsg+0x10/0x10
[  105.893072][ T5904]  ? __pfx___might_resched+0x10/0x10
[  105.898352][ T5904]  ? __might_fault+0xaa/0x120
[  105.903016][ T5904]  ? __pfx_lock_release+0x10/0x10
[  105.908024][ T5904]  ? vfs_write+0x7c4/0xc90
[  105.912438][ T5904]  ? get_timespec64+0x19c/0x280
[  105.917284][ T5904]  __x64_sys_recvmmsg+0x1b8/0x250
[  105.922294][ T5904]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  105.927826][ T5904]  ? do_syscall_64+0x100/0x230
[  105.932578][ T5904]  ? do_syscall_64+0xb6/0x230
[  105.937241][ T5904]  do_syscall_64+0xf3/0x230
[  105.941731][ T5904]  ? clear_bhb_loop+0x35/0x90
[  105.946390][ T5904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.952270][ T5904] RIP: 0033:0x7f9b88775bd9
[  105.956668][ T5904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.976258][ T5904] RSP: 002b:00007f9b89461048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  105.984658][ T5904] RAX: ffffffffffffffda RBX: 00007f9b88903f60 RCX: 00007f9b88775bd9
[  105.992612][ T5904] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003
[  106.000572][ T5904] RBP: 00007f9b894610a0 R08: 0000000020003700 R09: 0000000000000000
[  106.008529][ T5904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.016483][ T5904] R13: 000000000000000b R14: 00007f9b88903f60 R15: 00007ffeacb381a8
[  106.024445][ T5904]  </TASK>
[  106.519899][ T5926] FAULT_INJECTION: forcing a failure.
[  106.519899][ T5926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  106.587578][ T5926] CPU: 1 PID: 5926 Comm: syz.4.203 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  106.597572][ T5926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  106.607613][ T5926] Call Trace:
[  106.610880][ T5926]  <TASK>
[  106.613813][ T5926]  dump_stack_lvl+0x241/0x360
[  106.618488][ T5926]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.623684][ T5926]  ? __pfx__printk+0x10/0x10
[  106.628287][ T5926]  ? __pfx_lock_release+0x10/0x10
[  106.633305][ T5926]  should_fail_ex+0x3b0/0x4e0
[  106.637990][ T5926]  _copy_from_iter+0x1f6/0x1960
[  106.642847][ T5926]  ? __virt_addr_valid+0x183/0x530
[  106.647953][ T5926]  ? __pfx_lock_release+0x10/0x10
[  106.652980][ T5926]  ? __alloc_skb+0x28f/0x440
[  106.657564][ T5926]  ? __pfx__copy_from_iter+0x10/0x10
[  106.662839][ T5926]  ? __virt_addr_valid+0x183/0x530
[  106.667938][ T5926]  ? __virt_addr_valid+0x183/0x530
[  106.673047][ T5926]  ? __virt_addr_valid+0x45f/0x530
[  106.678149][ T5926]  ? __check_object_size+0x49c/0x900
[  106.683430][ T5926]  netlink_sendmsg+0x743/0xcb0
[  106.688194][ T5926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  106.693472][ T5926]  ? __import_iovec+0x536/0x820
[  106.698322][ T5926]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  106.703599][ T5926]  ? security_socket_sendmsg+0x87/0xb0
[  106.709065][ T5926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  106.714335][ T5926]  __sock_sendmsg+0x221/0x270
[  106.719000][ T5926]  ____sys_sendmsg+0x525/0x7d0
[  106.723754][ T5926]  ? __pfx_____sys_sendmsg+0x10/0x10
[  106.729040][ T5926]  __sys_sendmsg+0x2b0/0x3a0
[  106.733619][ T5926]  ? __pfx___sys_sendmsg+0x10/0x10
[  106.738721][ T5926]  ? vfs_write+0x7c4/0xc90
[  106.743147][ T5926]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  106.749476][ T5926]  ? do_syscall_64+0x100/0x230
[  106.754230][ T5926]  ? do_syscall_64+0xb6/0x230
[  106.758889][ T5926]  do_syscall_64+0xf3/0x230
[  106.763374][ T5926]  ? clear_bhb_loop+0x35/0x90
[  106.768030][ T5926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.773905][ T5926] RIP: 0033:0x7f3296175bd9
[  106.778301][ T5926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.797893][ T5926] RSP: 002b:00007f3296f9c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  106.806289][ T5926] RAX: ffffffffffffffda RBX: 00007f3296303f60 RCX: 00007f3296175bd9
[  106.814237][ T5926] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
[  106.822188][ T5926] RBP: 00007f3296f9c0a0 R08: 0000000000000000 R09: 0000000000000000
[  106.830153][ T5926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.838106][ T5926] R13: 000000000000000b R14: 00007f3296303f60 R15: 00007ffec984ef28
[  106.846066][ T5926]  </TASK>
[  106.849070][    C1] vkms_vblank_simulate: vblank timer overrun
[  107.254734][ T5941] bridge0: entered promiscuous mode
[  107.265438][ T5940] bridge0: left promiscuous mode
[  107.296990][   T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  107.323944][ T5131] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  107.487954][   T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  107.506654][   T25] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  107.512899][ T5131] usb 3-1: config 1 has an invalid descriptor of length 54, skipping remainder of the config
[  107.533073][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40
[  107.541406][ T5952] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  107.542328][   T25] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  107.563797][   T25] usb 1-1: Manufacturer: syz
[  107.578346][ T5131] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  107.578964][   T25] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  107.611944][ T5131] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  107.630408][ T5131] usb 3-1: New USB device strings: Mfr=229, Product=0, SerialNumber=1
[  107.648671][ T5131] usb 3-1: Manufacturer: syz
[  107.655199][ T5131] usb 3-1: SerialNumber: syz
[  107.835209][ T5131] usb 1-1: USB disconnect, device number 5
[  107.937468][ T5931] netlink: 'syz.2.204': attribute type 322 has an invalid length.
[  108.328000][ T5081] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  108.334628][ T5081] Bluetooth: Wrong link type (-22)
[  108.342403][ T5081] Bluetooth: Unknown BR/EDR signaling command 0x10
[  108.349141][ T5081] Bluetooth: Wrong link type (-22)
[  108.354806][ T5081] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  108.361551][ T5081] Bluetooth: Wrong link type (-22)
[  108.366872][ T5081] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  108.373589][ T5081] Bluetooth: Wrong link type (-22)
[  108.379119][ T5081] Bluetooth: Unknown BR/EDR signaling command 0x0f
[  108.385883][ T5081] Bluetooth: Wrong link type (-22)
[  110.269992][ T5163] usb 3-1: USB disconnect, device number 3
[  110.565420][ T6003] netlink: 64 bytes leftover after parsing attributes in process `syz.3.224'.
[  110.857649][ T5099] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  110.864311][ T5099] Bluetooth: Wrong link type (-22)
[  111.477316][ T5099] ==================================================================
[  111.485380][ T5099] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x679/0x8d0
[  111.493013][ T5099] Read of size 4 at addr ffff888069957810 by task kworker/u9:8/5099
[  111.500998][ T5099] 
[  111.503322][ T5099] CPU: 0 PID: 5099 Comm: kworker/u9:8 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  111.513565][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  111.523623][ T5099] Workqueue: hci4 hci_rx_work
[  111.528313][ T5099] Call Trace:
[  111.531578][ T5099]  <TASK>
[  111.534492][ T5099]  dump_stack_lvl+0x241/0x360
[  111.539165][ T5099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.544351][ T5099]  ? __pfx__printk+0x10/0x10
[  111.548942][ T5099]  ? _printk+0xd5/0x120
[  111.553085][ T5099]  ? __virt_addr_valid+0x183/0x530
[  111.558198][ T5099]  ? __virt_addr_valid+0x183/0x530
[  111.563299][ T5099]  print_report+0x169/0x550
[  111.567935][ T5099]  ? __virt_addr_valid+0x183/0x530
[  111.573043][ T5099]  ? __virt_addr_valid+0x183/0x530
[  111.578146][ T5099]  ? __virt_addr_valid+0x45f/0x530
[  111.583251][ T5099]  ? __phys_addr+0xba/0x170
[  111.587747][ T5099]  ? l2cap_send_cmd+0x679/0x8d0
[  111.592592][ T5099]  kasan_report+0x143/0x180
[  111.597092][ T5099]  ? l2cap_send_cmd+0x679/0x8d0
[  111.601973][ T5099]  l2cap_send_cmd+0x679/0x8d0
[  111.606657][ T5099]  ? skb_pull+0xc1/0x1e0
[  111.610917][ T5099]  l2cap_recv_frame+0x22ed/0x10830
[  111.616032][ T5099]  ? validate_chain+0x11e/0x5900
[  111.620970][ T5099]  ? mark_lock+0x9a/0x350
[  111.625301][ T5099]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  111.630671][ T5099]  ? __pfx_validate_chain+0x10/0x10
[  111.635858][ T5099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  111.641823][ T5099]  ? __pfx_validate_chain+0x10/0x10
[  111.647009][ T5099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  111.653321][ T5099]  ? do_raw_spin_unlock+0x13c/0x8b0
[  111.658512][ T5099]  ? mark_lock+0x9a/0x350
[  111.662827][ T5099]  ? __lock_acquire+0x1346/0x1fd0
[  111.667843][ T5099]  ? mark_lock+0x9a/0x350
[  111.672163][ T5099]  ? hci_rx_work+0x4e7/0xca0
[  111.676743][ T5099]  ? __pfx_lock_release+0x10/0x10
[  111.681757][ T5099]  ? __mutex_unlock_slowpath+0x21d/0x750
[  111.687375][ T5099]  ? __pfx_lock_release+0x10/0x10
[  111.692385][ T5099]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  111.698351][ T5099]  ? hci_conn_enter_active_mode+0x260/0x370
[  111.704238][ T5099]  ? l2cap_recv_acldata+0x48e/0x1550
[  111.709514][ T5099]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  111.715392][ T5099]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  111.721356][ T5099]  hci_rx_work+0x50f/0xca0
[  111.725767][ T5099]  ? process_scheduled_works+0x945/0x1830
[  111.731469][ T5099]  process_scheduled_works+0xa2c/0x1830
[  111.737010][ T5099]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.742976][ T5099]  ? assign_work+0x364/0x3d0
[  111.747557][ T5099]  worker_thread+0x86d/0xd50
[  111.752142][ T5099]  ? __kthread_parkme+0x169/0x1d0
[  111.757152][ T5099]  ? __pfx_worker_thread+0x10/0x10
[  111.762247][ T5099]  kthread+0x2f0/0x390
[  111.766301][ T5099]  ? __pfx_worker_thread+0x10/0x10
[  111.771395][ T5099]  ? __pfx_kthread+0x10/0x10
[  111.775972][ T5099]  ret_from_fork+0x4b/0x80
[  111.780375][ T5099]  ? __pfx_kthread+0x10/0x10
[  111.784954][ T5099]  ret_from_fork_asm+0x1a/0x30
[  111.789712][ T5099]  </TASK>
[  111.792713][ T5099] 
[  111.795015][ T5099] Allocated by task 5081:
[  111.799319][ T5099]  kasan_save_track+0x3f/0x80
[  111.803986][ T5099]  __kasan_kmalloc+0x98/0xb0
[  111.808558][ T5099]  kmalloc_trace_noprof+0x19c/0x2c0
[  111.813742][ T5099]  l2cap_conn_add+0xa9/0x8e0
[  111.818320][ T5099]  l2cap_connect_cfm+0x136/0x1220
[  111.823325][ T5099]  hci_remote_features_evt+0x536/0xaf0
[  111.828770][ T5099]  hci_event_packet+0xac0/0x1540
[  111.833694][ T5099]  hci_rx_work+0x3e8/0xca0
[  111.838100][ T5099]  process_scheduled_works+0xa2c/0x1830
[  111.843627][ T5099]  worker_thread+0x86d/0xd50
[  111.848199][ T5099]  kthread+0x2f0/0x390
[  111.852250][ T5099]  ret_from_fork+0x4b/0x80
[  111.856651][ T5099]  ret_from_fork_asm+0x1a/0x30
[  111.861409][ T5099] 
[  111.863714][ T5099] Freed by task 5081:
[  111.867679][ T5099]  kasan_save_track+0x3f/0x80
[  111.872343][ T5099]  kasan_save_free_info+0x40/0x50
[  111.877354][ T5099]  poison_slab_object+0xe0/0x150
[  111.882282][ T5099]  __kasan_slab_free+0x37/0x60
[  111.887032][ T5099]  kfree+0x149/0x360
[  111.890910][ T5099]  l2cap_connect_cfm+0x11f/0x1220
[  111.896005][ T5099]  hci_conn_failed+0x1f6/0x340
[  111.900750][ T5099]  hci_abort_conn_sync+0x583/0xde0
[  111.905856][ T5099]  hci_cmd_sync_work+0x22b/0x400
[  111.910788][ T5099]  process_scheduled_works+0xa2c/0x1830
[  111.916319][ T5099]  worker_thread+0x86d/0xd50
[  111.920890][ T5099]  kthread+0x2f0/0x390
[  111.924943][ T5099]  ret_from_fork+0x4b/0x80
[  111.929345][ T5099]  ret_from_fork_asm+0x1a/0x30
[  111.934094][ T5099] 
[  111.936403][ T5099] Last potentially related work creation:
[  111.942092][ T5099]  kasan_save_stack+0x3f/0x60
[  111.946756][ T5099]  __kasan_record_aux_stack+0xac/0xc0
[  111.952112][ T5099]  insert_work+0x3e/0x330
[  111.956420][ T5099]  __queue_work+0xc16/0xee0
[  111.960909][ T5099]  call_timer_fn+0x18e/0x650
[  111.965484][ T5099]  __run_timer_base+0x695/0x8e0
[  111.970317][ T5099]  run_timer_softirq+0xb7/0x170
[  111.975149][ T5099]  handle_softirqs+0x2c4/0x970
[  111.979894][ T5099]  run_ksoftirqd+0xca/0x130
[  111.984381][ T5099]  smpboot_thread_fn+0x544/0xa30
[  111.989299][ T5099]  kthread+0x2f0/0x390
[  111.993350][ T5099]  ret_from_fork+0x4b/0x80
[  111.997754][ T5099]  ret_from_fork_asm+0x1a/0x30
[  112.002505][ T5099] 
[  112.004809][ T5099] Second to last potentially related work creation:
[  112.011371][ T5099]  kasan_save_stack+0x3f/0x60
[  112.016040][ T5099]  __kasan_record_aux_stack+0xac/0xc0
[  112.021397][ T5099]  insert_work+0x3e/0x330
[  112.025714][ T5099]  __queue_work+0xaf2/0xee0
[  112.030206][ T5099]  queue_work_on+0x1c2/0x380
[  112.034778][ T5099]  l2cap_connect_cfm+0xec2/0x1220
[  112.039783][ T5099]  hci_remote_features_evt+0x536/0xaf0
[  112.045227][ T5099]  hci_event_packet+0xac0/0x1540
[  112.050148][ T5099]  hci_rx_work+0x3e8/0xca0
[  112.054553][ T5099]  process_scheduled_works+0xa2c/0x1830
[  112.060078][ T5099]  worker_thread+0x86d/0xd50
[  112.064647][ T5099]  kthread+0x2f0/0x390
[  112.068700][ T5099]  ret_from_fork+0x4b/0x80
[  112.073100][ T5099]  ret_from_fork_asm+0x1a/0x30
[  112.077855][ T5099] 
[  112.080161][ T5099] The buggy address belongs to the object at ffff888069957800
[  112.080161][ T5099]  which belongs to the cache kmalloc-1k of size 1024
[  112.094196][ T5099] The buggy address is located 16 bytes inside of
[  112.094196][ T5099]  freed 1024-byte region [ffff888069957800, ffff888069957c00)
[  112.107973][ T5099] 
[  112.110280][ T5099] The buggy address belongs to the physical page:
[  112.116675][ T5099] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69950
[  112.125419][ T5099] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.133897][ T5099] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  112.141432][ T5099] page_type: 0xffffefff(slab)
[  112.146092][ T5099] raw: 00fff00000000040 ffff888015041dc0 ffffea0000aece00 dead000000000002
[  112.154655][ T5099] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  112.163221][ T5099] head: 00fff00000000040 ffff888015041dc0 ffffea0000aece00 dead000000000002
[  112.171873][ T5099] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  112.180526][ T5099] head: 00fff00000000003 ffffea0001a65401 ffffffffffffffff 0000000000000000
[  112.189180][ T5099] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  112.197826][ T5099] page dumped because: kasan: bad access detected
[  112.204224][ T5099] page_owner tracks the page as allocated
[  112.209929][ T5099] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2439, tgid 2439 (kworker/u8:8), ts 71456334401, free_ts 71450624313
[  112.230590][ T5099]  post_alloc_hook+0x1f3/0x230
[  112.235344][ T5099]  get_page_from_freelist+0x2e4c/0x2f10
[  112.240878][ T5099]  __alloc_pages_noprof+0x256/0x6c0
[  112.246065][ T5099]  alloc_slab_page+0x5f/0x120
[  112.250729][ T5099]  allocate_slab+0x5a/0x2f0
[  112.255220][ T5099]  ___slab_alloc+0xcd1/0x14b0
[  112.259883][ T5099]  __slab_alloc+0x58/0xa0
[  112.264201][ T5099]  __kmalloc_noprof+0x257/0x400
[  112.269035][ T5099]  ieee802_11_parse_elems_full+0xd5/0x2870
[  112.274829][ T5099]  ieee80211_inform_bss+0x15f/0x1080
[  112.280103][ T5099]  cfg80211_inform_single_bss_data+0x1121/0x2360
[  112.286416][ T5099]  cfg80211_inform_bss_data+0x3dd/0x5a70
[  112.292031][ T5099]  cfg80211_inform_bss_frame_data+0x3bc/0x720
[  112.298082][ T5099]  ieee80211_bss_info_update+0x8a7/0xbc0
[  112.303702][ T5099]  ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70
[  112.309843][ T5099]  ieee80211_iface_work+0x8a3/0xf10
[  112.315030][ T5099] page last free pid 5087 tgid 5087 stack trace:
[  112.321338][ T5099]  free_unref_page+0xd19/0xea0
[  112.326087][ T5099]  __put_partials+0xeb/0x130
[  112.330675][ T5099]  put_cpu_partial+0x17c/0x250
[  112.335444][ T5099]  __slab_free+0x2ea/0x3d0
[  112.339861][ T5099]  qlist_free_all+0x9e/0x140
[  112.344447][ T5099]  kasan_quarantine_reduce+0x14f/0x170
[  112.349900][ T5099]  __kasan_slab_alloc+0x23/0x80
[  112.354739][ T5099]  kmem_cache_alloc_noprof+0x135/0x2a0
[  112.360189][ T5099]  getname_flags+0xbd/0x4f0
[  112.364678][ T5099]  do_sys_openat2+0xd2/0x1d0
[  112.369256][ T5099]  __x64_sys_openat+0x247/0x2a0
[  112.374093][ T5099]  do_syscall_64+0xf3/0x230
[  112.378587][ T5099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.384472][ T5099] 
[  112.386779][ T5099] Memory state around the buggy address:
[  112.392387][ T5099]  ffff888069957700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  112.400431][ T5099]  ffff888069957780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  112.408473][ T5099] >ffff888069957800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.416517][ T5099]                          ^
[  112.421085][ T5099]  ffff888069957880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.429132][ T5099]  ffff888069957900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.437170][ T5099] ==================================================================
[  112.462712][ T5099] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.469943][ T5099] CPU: 0 PID: 5099 Comm: kworker/u9:8 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  112.480188][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  112.490249][ T5099] Workqueue: hci4 hci_rx_work
[  112.494948][ T5099] Call Trace:
[  112.498230][ T5099]  <TASK>
[  112.501162][ T5099]  dump_stack_lvl+0x241/0x360
[  112.505854][ T5099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.511064][ T5099]  ? __pfx__printk+0x10/0x10
[  112.515667][ T5099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  112.521662][ T5099]  ? vscnprintf+0x5d/0x90
[  112.526023][ T5099]  panic+0x349/0x860
[  112.529938][ T5099]  ? check_panic_on_warn+0x21/0xb0
[  112.535067][ T5099]  ? __pfx_panic+0x10/0x10
[  112.539500][ T5099]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  112.545489][ T5099]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  112.551833][ T5099]  check_panic_on_warn+0x86/0xb0
[  112.556785][ T5099]  ? l2cap_send_cmd+0x679/0x8d0
[  112.561630][ T5099]  end_report+0x77/0x160
[  112.565861][ T5099]  kasan_report+0x154/0x180
[  112.570354][ T5099]  ? l2cap_send_cmd+0x679/0x8d0
[  112.575196][ T5099]  l2cap_send_cmd+0x679/0x8d0
[  112.579869][ T5099]  ? skb_pull+0xc1/0x1e0
[  112.584109][ T5099]  l2cap_recv_frame+0x22ed/0x10830
[  112.589220][ T5099]  ? validate_chain+0x11e/0x5900
[  112.594150][ T5099]  ? mark_lock+0x9a/0x350
[  112.598480][ T5099]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  112.603848][ T5099]  ? __pfx_validate_chain+0x10/0x10
[  112.609033][ T5099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  112.615000][ T5099]  ? __pfx_validate_chain+0x10/0x10
[  112.620187][ T5099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  112.626504][ T5099]  ? do_raw_spin_unlock+0x13c/0x8b0
[  112.631697][ T5099]  ? mark_lock+0x9a/0x350
[  112.636023][ T5099]  ? __lock_acquire+0x1346/0x1fd0
[  112.641050][ T5099]  ? mark_lock+0x9a/0x350
[  112.645373][ T5099]  ? hci_rx_work+0x4e7/0xca0
[  112.649959][ T5099]  ? __pfx_lock_release+0x10/0x10
[  112.654979][ T5099]  ? __mutex_unlock_slowpath+0x21d/0x750
[  112.660607][ T5099]  ? __pfx_lock_release+0x10/0x10
[  112.665620][ T5099]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  112.671588][ T5099]  ? hci_conn_enter_active_mode+0x260/0x370
[  112.677468][ T5099]  ? l2cap_recv_acldata+0x48e/0x1550
[  112.682747][ T5099]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  112.688630][ T5099]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  112.694613][ T5099]  hci_rx_work+0x50f/0xca0
[  112.699025][ T5099]  ? process_scheduled_works+0x945/0x1830
[  112.704731][ T5099]  process_scheduled_works+0xa2c/0x1830
[  112.710274][ T5099]  ? __pfx_process_scheduled_works+0x10/0x10
[  112.716245][ T5099]  ? assign_work+0x364/0x3d0
[  112.720849][ T5099]  worker_thread+0x86d/0xd50
[  112.725433][ T5099]  ? __kthread_parkme+0x169/0x1d0
[  112.730448][ T5099]  ? __pfx_worker_thread+0x10/0x10
[  112.735546][ T5099]  kthread+0x2f0/0x390
[  112.739608][ T5099]  ? __pfx_worker_thread+0x10/0x10
[  112.744707][ T5099]  ? __pfx_kthread+0x10/0x10
[  112.749286][ T5099]  ret_from_fork+0x4b/0x80
[  112.753692][ T5099]  ? __pfx_kthread+0x10/0x10
[  112.758271][ T5099]  ret_from_fork_asm+0x1a/0x30
[  112.763030][ T5099]  </TASK>
[  112.766258][ T5099] Kernel Offset: disabled
[  112.770566][ T5099] Rebooting in 86400 seconds..