last executing test programs:

6.45818736s ago: executing program 4 (id=1030):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x42102, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x90)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000880)={r2, r3, 0x6, 0x0, @val=@tcx={@prog_id}}, 0x40)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r4, r5, 0x6, 0x0, @void}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
close_range(r0, 0xffffffffffffffff, 0x0)

5.321659827s ago: executing program 4 (id=1034):
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket(0x28, 0x5, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x0, 0x0, 0x5}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x20000000000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid() (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) (async)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x0) (async)
pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x0)
socket$unix(0x1, 0x1, 0x0) (async)
socket$unix(0x1, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100), 0x1c)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, 0x0)
syz_pidfd_open(r6, 0x0) (async)
r7 = syz_pidfd_open(r6, 0x0)
wait4(0x0, 0x0, 0x0, 0x0) (async)
wait4(0x0, 0x0, 0x0, 0x0)
process_mrelease(r7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0xfffffffffffffeef)

4.765065147s ago: executing program 0 (id=1036):
syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x4, &(0x7f0000000040)=ANY=[], 0x2, 0x1b4, &(0x7f0000000f40)="$eJzsVU+L00AU/71k2jQexKsieFC0PbRN45+rnqQfwA9gaWMtpqhNQVs8xFO/hwj9Gh7Er+BB2Uv3sCzsYfe6LFkm8yZN2sKyLGzLMj9If7/3ezOZN5ny5n30OXIAnFno4hVS2LiNf0QQAB6Q8l47ig/LihscHwjFNfZ/MP9njibTD50wDEYbRVIFio6NVedioVUdl5p2wwRtSMW41jL+OFg7ghjATnyf7QswiilYWy3M3fpnyQkSBce56guX4cvvFo7SXvb3+FtXircAkiRJpNdTD+XHyE70W41xpXdPpA/ZSLIxsvnJ4AmA05/DT81oMq0Php1+0A/I95++8J553nO/+W4QBp76pdwSFv8hJNcAyJ7q5vIlAHvcYG9hHbp8zpO7Ur5G9eFSE6+n5yYsCL+yudzbId/xBo9RAfAlpqWrC0e6pTYINkQatERuHbW3SppodD+GvRkIxCO9OQQsPW2BUhb4WSAK250Bd2VpjzhuM8+ZF8z6ztJ3kZA9CPscVWOgjK+d8XjUkpZSqadrVp5/J0bugOSqJ+Xi5u47G07FwMDAwMDAwGCncR4AAP//mMZQbw==")
open(&(0x7f0000000040)='./file2\x00', 0xc0, 0x0)

4.730920677s ago: executing program 4 (id=1037):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24}, 0x24}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)=ANY=[@ANYBLOB="50000000100001040100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000300", @ANYBLOB="2800128008000100677470001c000280080001"], 0x50}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendto(0xffffffffffffffff, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34343459}})
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9a4a, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000000c0)={0x0, 0x7fff, 0x4, {0x1, @raw_data="e675d8b1efc7679c5e785c036288673871066a8f41b3eb556f3755ef4204bbaa996e61205fd38d93f86cd841252e67dc6e6b9b713a22cea1fc1edac8484818349fc400c156f5ecfdf0a8d4117f5b21dc94cbb06b9595ee9749a14f647243d7c1072f10f50442bef21a67d8b8cb587eb2bffde63beba2dc478e9d68ffc40019f5ae42349ae6dd4524060f5b7cb0d435d45c1a3d9965706a507cd9fe631a6f1a7bfd9c8cf4676347298c27579902fcf788bfcd806d7891482152aa6ad76d8ef3ae5e2a7ec629a34099"}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001080)=ANY=[@ANYBLOB="c8110000", @ANYRES16=r5, @ANYBLOB="000827bd7000ffdbdf2508000000a010028098000380900001800400030016000200686173683a6e65742c706f72742c6e657400000018000200275e2a26282a5d2a282b8b2924285d27282d5d0004000300080001000700000016000200686173683a6e65742c706f72742c6e657400000016000200686173683a6e65742c706f72742c6e6574000000080001000b000000080001000000010009000200bc2d2d23000000000400018004100500d880ab6eca3ee6bbed05fc18dfbde8deef12b796236e8fba173e0842a92ecaf2d8050e10a7d6357de1b0d45ab0103bcfc53c82388393fc62ffd5036b8ee4e3855fe18233ec37c2ef7a65430d86dafbb5150d6a8350631813c5e5170ddfe287179cb5d454538be0ce617f5e2cbfaf0161293694a82cefb28d320fba71bdc25f77cc659715e6e48cf8e8f99a4f1c73008f70c5856f4503a76ddedbf909966e050257ec06aeed07b48748f7c0450a7319e71ed42c4b1f95c0401d855a8292005866b783b57284f27589be551049648cfe31f652791005c46260e787641b75811eb6f7ef42dc726b0bb8895f2eac7701501ed7c1e96e07d8a2c1c6857925dcb70ecb2a1c2fb453088fc3b4c6d1afe459e47df8570c9890f0e6c31f27db23833de54e9571f377aa9527eb929c1a1e1ea578a2e756352f8f0b5d07806bcc2e5bfa9b02458af545101ccff3cfa04c218c78e45de754119fc8e2d47bff4bdab592f2a292e2a022e9fddbb33ce761157b3c1002474d9db5764f1040e359722454d534698d70b560d2a1e429075c5d938813702f0250c61ec548274a0c29997670ca890868ec501e02719165969418f9506d43655b9d55ec385fca2913e18479fa0fa9dabb4c3874e0bb3f435a5d095cecdce9610f3ca3bfef93255b860fce809da874c42c8bd28726f3578fbcb2570c8c6e22c681e7f37bf2a1e139489125cc59824875d16ae47f28b36d10b37661bf39205710c35bf07cc6de79640d90e3c2940d12945f403a32f07546897bbb3b350240e3665af428b4363bae3837a1b059510a1f7a89b32b59f2b0359bb709b7e9818efbf7e28fa8bd822dbd2c06ebcab32f2096d7bcdd92c3dcdeaf9ec281fc64ba737ad091a49a3745588d95ca7bf0a3bea90602da4c5cad5c4c858e22932dcdd46511042ecaf2ede4659e4628dc60c8216df7f58ee4d3fa0afd0a17c5726ca7fc4bc63e1d7556d46e658aa52b7cac25d932f55b021071a940c340998b933fb038a9100a03f1e1e1a0cf6ecc766a177a1aaf3c602e75d4b8a6d3201d437faa1d9c11a90434f21042cc299ac46e98ac61a2fa73251e6eeda168fa56688140516bd7cc9b3094a696309fbe73ad2e39d0e3523978bdc847106301b854022262a02d26210b438ab2b94a37b5d8a670022057aa835e995e4a370526a24767c197d05dd0525b3d9d9a61ca53f7613d83ddc6389cc621febf5d108abc81e0ccbc7a98890514cf13e92b53cdc472bde95d20e7f758c966029811e2da7f782867950ec26322a8e931828c3c68aa8c0e8d5f5c28ce00134ab9bf38fe00359216c92881559a5154dce2f672c2edd18617104c2239eeed5821be9740d14919c68c8c912761e9353ca89fc6e8f9510323f3fdb794866d139e7ab851b38384f87529d3fea08e8ade3eb1f5949900ce1e2c47ddf51ae8261911f0851013b45d8f31598791fccfe660cfc2735b260133236a4a06b94b7a80a6577dcd1a77ecde01ce0b3795bdc03b9b88fa6b0700f62714da12f0e23ed69be638ce5d39e03d8f449559c80facc6cc4ae08051c529a607dc90f8e76329df19c82da836c9c54dceda066dc3fcbcfd1d496022127b863c8aefc911c48e5187aa1d64540a46daa199563f2ef91e5f60ca5eb3be8eb7cf4d9013b71ad9c0e719e1ddab5c158b743c72036296c677e1ea23c6e2a3f2764266bc2c3b7de07c58a1eb710d316ea5d250718c930713740795b4be7efdbbf6dd995edfe3417d2f4fd168eb1089044c23357edf25b721cb8cfa977142686da6361921cb2151899b200d857f6c2384f09f970be5e39fb384f166ae65378747597e793e03baad05ac6a2fc44162e0341d9be942cdaffe89b6f2f58a8baa485eafbb475bab773923b1af6cfc9ccafdce23add417455859bc0e7f4f7f9f1a2adf9f050ad854b32d0529b2a739f2694e6ef32e23fd705dd049523bf67b495cd33f676984c17c083f3da74ff676db11a733757c3e908d112cb2f2b57393eda8160e547d8f7a40c7414e50c9e3be64bcfdf593dd7194f7d54eea369039741e2ff5f9afec3f9069659f19a33d1a87eae8e1635087cc223e0d083a5b15e1a60041211a9af99f15e4497d65345bffee7e258196cdd8b819d7084bd78cf2b3f311d5410c90888ce00aedb3177df35bfaabbbfb27a6a4364eb4e1ea7a0bf1ba5fd95c4f19f7b28d6891fcf4ecd6bee0530786f51f872bc892048f463e2d0e536401e902a61d16eced66c0adb61e3c5f082906629a12323f3fd0d44a37c43f3a4b3b4dc09267237cf2448c354ed7f6a568918fa03bf253639909ad3abf02f8980709b4dca994f5624768ba638a95cdbc9dd2c62aeeb65347868f8840d5fb688a91fed57caf336ca3536a9f010ef0c85059cbbc054fee920dd40f998f51fb16952e9fe50ec21e3ae54d24f0bcb21416a902a1c766bfbffcbb1996d6289cd5a15b63e70cfa5ce98c12bbec50d1968ce2bfff0b544b67f53b93f65412439cc494265da13cb338651a69cbd0f2e10bbea5d3909f6deacd81cdfa8f42a0b32af8671621dd4eae726a0c60628a31c267d3acdd2c6d0acbf4eb482419fc991069f36c729ed20442ecfd218aa876460d768eff763f748aee4eca5294cb131de1784218d4d14b917308d02b540a61225ee657d2c4b9b75ed1b031fe2f61d6e340b9403da40aa019d7f9ba6c916653b6b3e72a32bdd96ae9e9fa457e372ff666441a7d8a5847471a25d9a9fdaef2fdc8acf2846864265cfca39f5d0783e9abc45c108e4047ef73f69ba555f86a61883d9fb803a2508897ee5402f1423856abf5390fee0b91f35f7506cd2844be3722d614d0ebcb1736748f3f70d8281c9fcd1802c34bff75ada721629fe584b5d3bd96609365a8538b1a9e314716d7af61a01fdc179cf81af2c095679abac05d64f5e2ba576812ef010abeb2fefa372f9f70926c1d7cb553dd6d8e2565ed8b5d08637afe44c5f25af0c4549a0fc4b53a61b0c11e996841f38714b6977fd756339fb9c6345e6b9e137f8c47b919ad067908ec4c9d69d712319e160677c863bf67c15ecbcf16772090ac9095385e2483fe96f699f5e0f57e97bec36d8f0611326b9df0a31d6357dd93814daab5370ce93d7fc748007032beb3a0731c8f0bc3d9fac875e013330633a9d97f13328ef8b991730ec2fca1b19baa593c7497e9f8538aa0110f7fcfdcaaa864b98963bc2070ca4dc063ab0f38765d160bf03f73dd7c7b873fcf27f38b9c584169ad715132f258c56d4ce75baafbd6f27129615081fb25d4515dd2f12e46fbbcb92655269775daf43a1e7e8ff8c375d70d041a9b8b0cf31bef4128f9ff3cb45f32b9f61aa08082b11ba616c3d9ec50fc2c778d002a2e800b5392cddd3f3bd292f4ff84184cd2e576406df12dc682c0f1ce3bba23260e69033aaeb37116b43e9ea8e1fb631087d8645a6f34c383eabf63b1d381357fae2b74dd030f83e06bbd0b48b1bc5959a5fd7fbbd11c607b2baede12c1b2856260f39ea1252f5743f6786bfe45cdc00af23ad0abb59a5371ab3e49f2560decfa8a20e52ac1aa26d36f741543266edd682f8381075529fd5935f2f07fdf630dbacf63c7166c5530779d9cb913af8f9c7a6065264b9bdfb633d38ccc370452c74a9c54e1020c05eafefb836de0c52b5392b951d0c98b6dc0fcbf395a32bff47e6a55adfdca4eee6a5a0ff9ea674d75f3c3a7abc034f20574f875ea5c819559db9f565440487c3a7c6b2c776b9b5ebea3d7da90212a30aa69d6592d92285c993ed8aa36db58fac4593fb683caaf803ab45a55add995a7cb30266a92ac2dce46e9ef6d903bdf59b4fab6dddb83b74ce346ebba10dc36fc9d77c5d3f2d2c2df3093af8c45b745ef3087fe8eab3b25cbdb5f8bdc68dfeb3f8f076a74958e72760d4716dc3f6f170d308072b3999c7acc12740257cfdf2bb5326ff821167e1fa29fa56b2d3782d22c7f0fd4cd732525b880daedb6409a34166ff6f74e2a1017dd87ef2b3d10d6a2ba52757428db075ecfe5e9dcac0ce06a934b80dc0f62a4feadb785a955c0e278af23a71d5a63e0495a4a6ba524f2e3967b15ee34a36e60765e26e0b72605daa6c052703f2feb8f5ce5901051b65309f2e68bcef81bc18d2fd8e577421ee894fdae409efcaee17ffd21d8afd116e6b97d8231b4b29e71f9d789bd1cb58d91cfca1cc5c14d719c1bbea0ca6ddbc9c46524e9e76a721face2f51d8de606da08fb444c0d756cc5646f03d9dcb29766e7d247f87c6695038525371df70abe7f7976dfef016df5e0a38e9fb0a5bca8133e6f6dda1eb858d60e09d13e4ffc346508a2606035e19b6dff1a8da3830b637676e93e2c86250d538945418534ac88ccc9014db979cfea96f0503f6e217e67963c56a463c544b045d491a1b2409128259f62ee568dd5a0c139244e258126fabe98e6505517532a9e62b80a46b47f5d95a3d146a335e451fcbadbb5a6d6c37d7139b569423bb2d6657a866e1319649d1dee585cba312723d91dcd9219d6e0fbb0ffaec05041faf0cd776decbd1e98e82c48a5aefbed8661af69bfe742e4cc169ff4df44bee06d6d0da68e2033984057374a59bf00883ebeb267281c7288b95d717566bae723e7058df095196daf35df2a8e436c85d0279d705b80ea905cad8e892ffab09449561bcf764a59d0d60f4e55410cb656ca8c4994b667bdcbf42dd8b81c5585a74ceff178a4fbb7056856fe36395619d2dc136bc4997975c883c357c3f294ddad455538ca8230df46d995134ae14f5eb42742e9f704ca1820c686f7b73f59c7eecbec5432416b13d064eb219ec387718b20a2359d2fd7e8b69a2d337c0cd1b83c9501018d48dc70bcb8afdbb16dd95554fcf611a9fe58eba73a0d37857d1c7b4a9f7f35bb92775de4f75f5553adc1c73629c4bcdb10de21c3e92229d00fdf1d0e229cf31c799aa0962e1f9c589d0274b144eaf7ab413d404ace805a7f3f970001eacbd846067215fb862096e70cedb6f21c814bc6e40cc69d3a83c50e6a330aa7ad123a1f58fa16765597c8b7ea34ea243db2d912bb65f59dc13dacf576ac844bb1fa07e0b461a1931db8b556e7a7d493b8ffbde508804e96397216f1e9d0966dd34243d13ad284de1b3b35db5821e0850382a95166768e828d3c0e0653b28dadb15ba7f299652b4e0161f4f6d1cdfc4af92e63ca1b7f9899f6713eaae3040ca637a96efe9f7d91618584c424cd4c40d9bbfd973de4ec3f350168f5b0420f8c95e5251cb00cecaf787cdbce71aacb42fd719a3ecea1e3cc743722fdb80cb7087cb686595fad578157a73b1fe3abc586f4d29f0e2cd1e3dddb49048517de0b158e16e107e5039ef77171f15a774dd2b1d6e2e57bd7f5c6c356f577ed0e54f9abd58a05ad946b9207b4239c322fce5175ee74c3b12ffe9db9f6e3c2a46e460a68836495ea246c7a657edc7fef131d931e0d050f6c7d466e48c57b2345a5eb011484c9982a4c2974061ebdd6e27271d461f21a61cc72cceb66cd35360aab26b2f1b79551d7ea5e1ccc580fd6d0c46e107d81db8914c4471f0d773df3da98f189d365a1f7649d20355274ad6135d72359cd90698f6d60937d2ad7b6be4f4654ad93196fcef39ff048c1226cf9b2d7ffa0c3b3d8ce1c217b240c75ff73920eca72ba0deac5cd7f39b5b3306059c1c1407e42281eec248937950d1c84dbb82cb463021bf5d32d560841a0958b25b6f2f1335f1284278a063eef45327ea977d794c91d505618a00d4f52aabab54bcb9acf1c2fd49947e0bd728c55f114010280dc00038010000180090002002326262e000000003400018004000300040003000400030004000300040003000400030008000100ff03000008000200645b2700080001000200000024000180040003000800010037f0ffff070002002b2800000400030008000100030000001800018008000100060000000500020000000000040003004000018004000300040003000400030008000100e80a00000800010008000000050002000000000008000100000000000800010000040000070002002f2400001800018005000200000000000400030008000100000000002a00050059ae4d025cf477ed54b54b38b3b25f46d21f5f4b3f787e36b3a9c9a05fa435ddd4b3b39e1b6a0000080002"], 0x11c8}, 0x1, 0x0, 0x0, 0x20004050}, 0x400c081)
socket$inet6(0xa, 0x3, 0x87)
r6 = getpid()
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
preadv(r7, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
setpgid(r6, 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[@ANYRESHEX=r8], 0x0)
r9 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpu.max\x00', 0x2, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r9, 0x80286722, &(0x7f00000000c0)={&(0x7f0000000080)=""/35, 0x23, 0x9})

4.562855156s ago: executing program 3 (id=1038):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x300, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x438)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x22, 0x2, 0x21)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0}, 0x90)
io_uring_setup(0x7056, &(0x7f0000000040))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r3, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCXONC(r3, 0x540b, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000180))
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x40000000802)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/file0\x00', &(0x7f0000000000)={0x0, 0x0, 0x24}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001e000100000000000000000007000000", @ANYRES32, @ANYBLOB='\x00\x00KS'], 0x30}}, 0x0)

4.449276956s ago: executing program 1 (id=1039):
unshare(0x400)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000140)={0x28, 0x0, 0x0, 0x0, &(0x7f0000fee000/0xf000)=nil, 0xf000})

4.312859909s ago: executing program 0 (id=1040):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x103040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb}, 0x90)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_RESEND_IGMP={0x8, 0x1e}]}}}]}, 0x3c}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x0, 0x3}, 0x10}}, 0x0)
r5 = socket$inet6(0xa, 0x3, 0xff)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r5, 0x3000)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b3b, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)={0x2c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{0x12}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4}]}, 0x2c}}, 0x44000)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x3, 0x7a6, &(0x7f0000000a80)="$eJzs3U9sHGcVAPA3Jk5SV4qqgkoUpekkKVIiUnd3nbpYPZTteuxMu961dtcoEUJt1DiVFaetWlXQHCi5tIBAiBPH0mvVCzcQEkgcgBMSPXDhgFSpJ1QQCARCSEEzu47/2/ljJ235/azuNzv75pv3zW7n7Wx2ZgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiKQxWalUk2jmrbmz6eYak532zBaPL/X3y1XNFuuNSIr/Yv/+ONifdfBzyw8/UNwci8P9e4djf9Hsjyv3PnDfE5/dM7S0/BYJ3aqjNxiXRHyrSOrS+cXF+Vd2IZE76Ls/v+lF/n2tuJ3OWnm3nc/Up7M077bTifHxyqNnprrpVN7Muue6vWwmbXSyeq/d2Tt4ZsfSbPRce641PVlvZumJxsm0OjHx+CO1SmU8fXp0Nqt3uu3Wo0+Pdhtn8mYzb02XMbXK16OIebx4IT6T99JeVp9J04sLi/Nj26VaBFVXzdm36oVz+OH7Pnztg78vzBcvyM06SQbp16rVWq06/tjEY49XKntqldrqGZU14npEDEUUEbvyouUTZGd23LADhgb1P5qRRyvm4mykkcZQebv8NxyNmIxOtGOmuP+H4TWPr6v/X3j0L7/bar0r6/9SlT+4/PChKOv/kf69I5vV/3VZ3P7f6QOb9dp6r5/NynmvxutxJS7F+ViMxZiPV3Yhox39G9rZ/qYji1bk0Y125DET9XJOOpiTxkSMx3hU4tk4E1PRjTSmIo9mZNGNc9GNXmTlK6oRnciiHr1oRyfSOBGNOBlpVGMiJmIs0shiNM5FO+aiFdMxGfWyl4uxUG73sTV5PfDN5372wu8/fLuYvh5U3WIgSfFmrgj62xZB68r9TdT/pQj1/9Nm/2CfdaPxO7n7httyraz/e+52GgAAAMAuSspP35OIGI4Hy6mpvJl99W6nBQAAAOyg8nvNh4tmuJh6MJLi+L+yQeT7dzw3AAAAYGck5Tl2SUSMxEP9qaXTpTb6EAAAAAD4BCr//f9I0YxEvFHOcPwPAAAAnzLf3uwa+x/sHVxjtzu7L/nFX6PTGU6uzp59OLlcL+Lqlz/TX27QfOV6j72pQ8mBQSdlM77nyr1JROxpZIeTpatf/ndfv/2ovD20fAHCza71n2yTQGydQHkvvhdH+zFHL/TbC0uP9NcyMpU3s9FGu/lENRl8ONJ77cWFb0Q5/O+0Zg4kcXFhcX70+ZcWL5S5XC16uXp5cHn45CZyuTbYAvHgxiMeLk/EGKx3pL/eysrxD/UXH9p6ncnKdb4Zx/oxx0b67cjq8e8v1lkdfaIa9fqBoV52tvfatRWjH2RRvc2RvxnH+zHHTxzvNxtkUVuVxYvrs6itzGLttvjH0G1l8fbRN87+89ftJBvbLouxrbK4gW0BcLf0r/qzXIXuKavQf671FfV/Td29Z2nJm9nLXVx+l7G0/Ipatyd2prq/GSf6MSf67yf2HNqgrlQ22KO/vPDybwZ79NPv/ujHXzvy25/cenV7N072YwZN3P+rTWpsMebvr6mq7xRLvLPpervNWhLD/d8+KFx5ZOHy+RfmX5h/sVYbG6+crlQeq8Vw+VZh0Kg9AGxg+9/Y2TYiOb3NUfX9179SMBrPx0uxGBfiVHm2QUQ8tHGvIyu+hnBqm6PWkRW/8HJqm2PL5dja2th9x5PYJHZsxRb7/A/L5l+795wAwG47tk0dvpH6f2qb4+7Vtfxk/4dzl46OY/NavpEv7fYGAYD/A1nno2Sk91bS6eSzz1YnJqr13pks7bQbz6SdfHI6S/NWL+s0ztRb01k622n32o2lD44ns27anZudbXd66VS7k862u/nZ8pff08FPv3ezmXqrlze6s82s3s3SRrvVqzd66WTebaSzc0818+6ZrFMu3J3NGvlU3qj38nYr7bbnOo1sNE27WbYiMJ/MWr18Ki8mW+lsJ5+pd65GRHNuJksns26jk8/22v0Ol9aVt6banZmy29H1w//znd7eAPBx8OrrVy6dX1ycf+XWJv54I8F3e4wAwGqqNAAAAAAAAAAAAAAAfPytP12vmHtTJwIOxy2fPvjqvridsw8/NRNLz8aVL743mNiBnm+nn3tWPad7B+nd/Q110xPPPfnkpc1innrj4Jk/ZRHb97Px/ykbner61oGIvT/9QX/Ol+/USN+PGxnFuolryRYxd2NvBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb+18AAAD//zDnU/I=")
r11 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8d}, 0x0)

4.200102568s ago: executing program 2 (id=1041):
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x5, 0xffffffffffffffff}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000200))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc600b0002", 0x17}], 0x1}, 0x0)

3.792745145s ago: executing program 1 (id=1042):
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)

3.755630839s ago: executing program 2 (id=1043):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000f5000003"], 0xfdef)

3.516339674s ago: executing program 3 (id=1044):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x42102, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x90)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000880)={r2, r3, 0x6, 0x0, @val=@tcx={@prog_id}}, 0x40)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r4, r5, 0x6, 0x0, @void}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
close_range(r0, 0xffffffffffffffff, 0x0)

3.242269835s ago: executing program 4 (id=1045):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x1}]}]}, {0x0, [0x5f, 0x2]}}, 0x0, 0x34}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_udp_int(r4, 0x11, 0x1, &(0x7f0000000000)=0xfffff7dd, 0x4)
setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f00000000c0)=0x20000200, 0x4)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r5}, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000210001"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001700)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0xfff1}}}, 0x24}}, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r8}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020029003505d25a806f8c6394f90424fc602f0016000b740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

3.16736068s ago: executing program 1 (id=1046):
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000200)='rxrpc\x00', 0x0, &(0x7f0000000240)="0000000000000001ff000065dd530700a2752cbf86f474fad8cb594ed9fabe9ec277bb8d00000000000000ff07000000000000c9fb90d3abc52620e66db24b7c4f64fd9120d01eaf7503e1c7cfe204909190cf53b6c107bdd3bbcb1b23721d91ea46be5b513a", 0x66, r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x60}}, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x20048005)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000580)={0x0, 0x80000000, 0x100e})
keyctl$get_keyring_id(0x0, r0, 0x5)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r2, 0x40106410, &(0x7f0000000340)={0x0, 0x0})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5}, 0x48)
mount$tmpfs(0x0, &(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0), 0x0, &(0x7f0000000000))
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"1a17bf49148a44ad1d40786662d58d88ab7de1cba4d7999a32d91b3a9e436f8e", 0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000398e29d75d009900000000000000000004000d80"], 0x24}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x6a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500005c0000000000019078ac1e0001ac141400050090780300000040000000000000ad95b60000010000ac14140aac1414bb441c0001ac1414aa000000007f00000100ac141400009a000000860d000000000007d6d0000000000000"], 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x7, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

2.947259812s ago: executing program 2 (id=1047):
socket$inet6(0xa, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r1, 0x0)
munmap(&(0x7f0000001000/0x1000)=nil, 0x1000)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62581)
writev(r2, &(0x7f0000000c00)=[{&(0x7f0000001200)="f6a807fd0c052868c21184a1c49e8b99c0ca7598565401418f1c70f1", 0x1c}], 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x181480, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})

2.842960967s ago: executing program 0 (id=1048):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) (async)
fanotify_init(0x0, 0x0)
prctl$PR_GET_TAGGED_ADDR_CTRL(0x38)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x180, 0x0, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x88}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xffffffff, 0x403}, 0x10}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) (async)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) (async, rerun: 64)
getsockopt$inet_udp_int(r0, 0x11, 0xa, &(0x7f0000000780), &(0x7f00000007c0)=0x4) (async, rerun: 64)
mlock(&(0x7f00009b1000/0x1000)=nil, 0x1000)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x8c, 0x7ff, 0xcf, 0xb, 0x97}) (async)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) (async)
set_mempolicy(0x4000, &(0x7f0000000240)=0x4, 0x1) (async)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x80000c, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESHEX=0x0, @ANYRES16, @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030302c6465636f6d706f73652c666f7263652c6e6f6465636f6d706f73652c626172726965722c6e6f6465636f6d706f73652c747970653db029e1c02c7569643d", @ANYRESHEX=0x0, @ANYBLOB="2c747970653dd2100d1b2c7529643dd4f81c66210bbcbf82440a104ab956f2ba5e36e41ccb1b040fa8b829b0b87078de654c66ac22aebaa2c653ef127e38e0aa2229f9cf6a8503", @ANYRESHEX=0x0, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRESHEX=0x0, @ANYRES8=0x0], 0x2, 0x6e6, &(0x7f0000000f40)="$eJzs3UtoHOcdAPD/rFarXRUcOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054aUkquOgUIuOemmMrMz+9Cudle2LG3T30/MzjfzPeab/7x2dhATwP+t1fkoP4kkVuff3Emn9/eWmlN7SzN5djMiKhFRiii3RpFsRJZ7Kx/im+nMvHzSbvhfvcv5cH3l7c+/2v+iNVXOh6x80lNvtEr/rN18iHpETOXjftPHtPjJ0cX3tHf72PbG1VnDNGDXisDFn56pVXhmh31223kf/zv7HFb9JMctMKGS1nWzz1zEbERUI1pX/fzsUDrb3p2+3fPuAAAAAJxU7eRVXjiIg9iJC8+jOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB1lb//P8mHUpGuR1K8/7+Sz4s8PYFGvwjxs5nW+Mnz7wwAAAAAAAAAPHevHsRB7MSFYvowyZ75v9b1jP8b8V5sxVpsxvXYiUZsx3ZsxmJEzHU1VNlpbG9vLmY1Iy4NqXkzPh1Q8+bxfbx1yusMAAAAAAAAABOuOiL//nT/vN/Gauf5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATIIkYqo1yoZLRXouSuWIqBbldiM+jYjK+fb2RJJBM5+cfT8AAADgmVR7J5PqGHVeeD8OYicuFNOHSXbPfyW7X67Ge7ER27Ee29GMtbiT30Ond/2l/b2l5v7e0oN06G/3x1+eqOtZi9H67WHwkl/OStTibqxnc67H7UjiMFPKW3l5f28pHT8Y3K8P0j4lP8oN6c1UV/pO+nH1kyz9x95fEconWsWnVDo2Zy7LnW5HZCHvW1rjYhGBwZHo2TqDdpPy0CUtRqn9y8+l4UsaHPMPhq/z7JFSA3+5ORdHI3EzSu0tdGV4JCK+/bePf3mvuXH/3t2t+clZpYHeH1niaCSWuiJx9WsUidEWskhcbk+vxs/iFzEfX868FZuxHr+KRmzHWr3Ib+T7c/o5NzxSn812T701qifpMVlvn78G9akePX2Kevw0SzXitWybXoj1SOJhRKzFG9nfzVhsnw06W/jyGEd9aYwzbZdr38lG7TBF7fiyfxmvydOSxvViV1y7z7lzWV73nE6UXhwYpeJaN/71qEv5W3kibeF3Q68PZ+1oJBa7IvHScftLK6R/zq4mW82N+5v3Gu+OubzX83F6HP1hoq4S6dq8GNV85S5mn0l2TC1keS+1r7C98arkT1xaSn15l9v1Wkfqz+Nh3Ok5Ur8fy7EcK1npK1np6b4rVpp3td1S7zk8zUu/aZXbD3a6v289jGbr+xAAk232u7OV2n9q/6x9VPt97V7tzepPZn4w80olpv8x/cPywtTrpVeSv8ZH8ZvO/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD0th49vt9oNtc2BydKg7OS4bUazcPiRWJDyvQkkvxVOWMUTrYePT4c2eDwxEzevaesfpqJ4jV8owvXh7ZTfqZuJLtHt1d19LYo3vI0xiKSvoCnlZ86dMWSO3OmJ2BTHk3UT6/BYoftyjr53lsbtL2mImJQ4REnjqnTOPsA5+nG9oN3b2w9evy99QeNd9beWduYXl5eWVhZfmPpxt315tpC67Orwpm8/BY4C91fJ9oqEfHq6LpDXtQKAAAAAAAAAAAAPEdn8b8Q572OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP+21fkoP4kkFheuL6TT+3tLzXQo0p2S5YgoRUTy64jk7xG3ojXEXFdzyXHL+XB95e3Pv9r/otNWuShfitg9tt54dvMh6hExlY9Pq73bo9urdJIzA7KTdmTSgF0rAgfn7b8BAAD//0+S7AE=")
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
write$ppp(r3, &(0x7f0000000d80)='c', 0x1) (async)
close(r3) (async, rerun: 64)
r4 = shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000003000/0x1000)=nil) (async, rerun: 64)
msync(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2) (async)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
preadv(r5, &(0x7f0000001e40)=[{&(0x7f0000001d80)=""/185, 0xb9}, {&(0x7f0000000140)=""/10, 0xa}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f00000001c0)=""/167, 0xa7}, {&(0x7f0000001f00)=""/201, 0xc9}, {0x0}, {&(0x7f0000000600)=""/228, 0xe4}, {&(0x7f0000002e40)=""/4096, 0x1000}], 0x8, 0x0, 0x0)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000840)=""/188}, {&(0x7f0000000900)=""/167}, {&(0x7f0000000400)=""/12}, {&(0x7f0000000700)=""/42}], 0x1000000000000072, 0x0, 0x0) (async)
mmap(&(0x7f000086a000/0x400000)=nil, 0x400000, 0x0, 0x10, r6, 0x0) (async, rerun: 32)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 32)
preadv(r7, &(0x7f0000001e40)=[{&(0x7f0000000440)=""/154, 0x9a}, {&(0x7f0000001d80)=""/188, 0xbc}, {&(0x7f0000000140)=""/10, 0xa}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f0000000c00)=""/167, 0xa7}, {&(0x7f0000001f00)=""/201, 0xc9}, {&(0x7f0000000500)=""/247, 0xf7}, {&(0x7f0000000cc0)=""/244, 0xf4}, {&(0x7f0000002e40)=""/4096, 0x1000}], 0x9, 0x0, 0x0) (async, rerun: 32)
mmap(&(0x7f000086a000/0x400000)=nil, 0x400000, 0x0, 0x10, r7, 0x0) (rerun: 32)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000fc0)=ANY=[@ANYBLOB, @ANYRES32, @ANYRESOCT, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="117055d0737607e0b6908841c6e2179ea0bd2fd236fbbd90818a39fb4ef9add5acdeacf89fdc4f1c3ab06c1b3d8d8fc059200128f63b44f7a5833d46285cbaa3fce66d58fc110a764145a13a6b1295b68c22b62effb25cf115843d1c7d13dd1b2f5ae9944d16fe40cc5afe4b9877748c5d", @ANYRESOCT=0x0, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="00d05dbf08cb74077bfbb836000200003bc4f351ec9cc8d8a8ef07000000577cdd4797476e9f1070ac9a25405f4c6c09702d97978a69a21d70ebdfe2f5cd0622b3128500f391c35325f1b2007eb3db85660b7cc0da04e23a596ca073a6f9ce42398907165013c8ded0b51b1ac3ddc84a873707e6397d5860271b365a23be0dd3b261", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRESHEX=r0, @ANYBLOB="00000004728000", @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYBLOB="000000001c0000000000000001f9ffff00000000", @ANYRESHEX=r4, @ANYRES32, @ANYBLOB="0000d795c0652600eb2bf1da6525ea819c3f246f49153cd5200859010c18fa5f85dce65aaf8653e8573c47c981f71b09bbbea111a03b6db1634f03f07632e3e48333", @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYRES32=r5, @ANYRES32=r6, @ANYRESOCT=r0], 0xe8, 0x24000844}}], 0x1, 0x20018000) (async)
set_mempolicy(0x1, &(0x7f00000003c0)=0x540, 0x2)

2.759189427s ago: executing program 3 (id=1049):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xffff8000}, 0x20)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

2.371909397s ago: executing program 1 (id=1050):
setgid(0xee00)
setresuid(0x0, 0xee00, 0xee00)
shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x3, r2, 0x0, 0xee01, 0x0, 0x20, 0x40}})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x7000) (fail_nth: 2)

1.885107655s ago: executing program 4 (id=1051):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000900)={0x80000045, 0x4}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x8041}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x42}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$AUDIT_TRIM(r3, &(0x7f0000002d00)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x10, 0x3f6, 0x400, 0x70bd28, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x8800}, 0x805)
write(r3, &(0x7f0000000040)="1300000043001f00030300f9002304000a04d6", 0x13)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffe]}, 0x0, 0x8)
gettid()
timer_create(0x2, &(0x7f0000000180)={0x0, 0xa, 0x1, @thr={&(0x7f00000002c0)="ecff3fe3b9df6fa8c7efc22aae327582285f226e4d82766f7f690e0d0aa84a9b844697ab1171da9b059ff15ca1446b4aab7ecba56abadac7252213f28b44d544cf51d7bcc09e012f620ad3c1214f53d931a7a77f6f0dfc62e58ecc779076d21e250723eeb467367e0000c0da37c76945058d00bb129373058d2bbdfd695750748300000000000000", &(0x7f0000000380)="e6411aa5745c04593098505666c628801962e0fd6952166b109e32542b8739888e394533be39158ce494e1aa40e233556cc228d978c3c8117c62fe76c7b30b0244a00fe89797f0b633cf742839dba8536a139da30c3585edf4734db75211fac3ea9b3c5e5269abdfa077016aa8ce26"}}, &(0x7f00000000c0))
timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
chroot(0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000940)=ANY=[@ANYRESDEC, @ANYRESHEX=r0, @ANYBLOB="d162f93f87b554e8a2508f81606085eb4c5cae9a2d6ef95f27a68f7a1eb51ee93157152d32589a466e49b5836bd1330f2387336a402311b51f987227451055502937ea7d71dff50763b3b065f00c8a2e42c9f392c3f3e9", @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df425ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc466ba1a31b301082946b74f14ef6e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d608d0e5aae78ca4e8dea12fb284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee44c9d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183d86a2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c8348100"/4220, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240)={'#! ', './file0', [], 0xa, "bce3d8381cd6758cd8d83d7773d9a6f721bc2c509900644dcf8dfd50fbe589eaba242663c9ea9172c605c14ee768013b68d8a311d8f16cb12425a9fd3e918231dcb339ea382a"}, 0x51)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getresuid(&(0x7f0000000040), 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x4130, 0xffffffffffffffff, 0x0)

1.855056859s ago: executing program 0 (id=1052):
unshare(0x400)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, 0x0)

1.590405611s ago: executing program 3 (id=1053):
r0 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setgroups(0x6, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, r1]) (async)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140), 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") (async, rerun: 32)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) (async, rerun: 32)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ftruncate(r2, 0xc17a) (async, rerun: 32)
read$FUSE(r2, &(0x7f0000002480)={0x2020}, 0x2020) (async, rerun: 32)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) (async, rerun: 64)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@generic={0x0, 0x0, 0x3})
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)

1.412157382s ago: executing program 2 (id=1054):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x300, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x438)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x22, 0x2, 0x21)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0}, 0x90)
io_uring_setup(0x7056, &(0x7f0000000040))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r3, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCXONC(r3, 0x540b, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000180))
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x40000000802)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/file0\x00', &(0x7f0000000000)={0x0, 0x0, 0x24}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001e000100000000000000000007000000", @ANYRES32, @ANYBLOB='\x00\x00KS'], 0x30}}, 0x0)

1.07358652s ago: executing program 0 (id=1055):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24}, 0x24}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)=ANY=[@ANYBLOB="50000000100001040100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000300", @ANYBLOB="2800128008000100677470001c000280080001"], 0x50}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendto(0xffffffffffffffff, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34343459}})
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9a4a, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000000c0)={0x0, 0x7fff, 0x4, {0x1, @raw_data="e675d8b1efc7679c5e785c036288673871066a8f41b3eb556f3755ef4204bbaa996e61205fd38d93f86cd841252e67dc6e6b9b713a22cea1fc1edac8484818349fc400c156f5ecfdf0a8d4117f5b21dc94cbb06b9595ee9749a14f647243d7c1072f10f50442bef21a67d8b8cb587eb2bffde63beba2dc478e9d68ffc40019f5ae42349ae6dd4524060f5b7cb0d435d45c1a3d9965706a507cd9fe631a6f1a7bfd9c8cf4676347298c27579902fcf788bfcd806d7891482152aa6ad76d8ef3ae5e2a7ec629a34099"}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001080)=ANY=[@ANYBLOB="c8110000", @ANYRES16=r5, @ANYBLOB="000827bd7000ffdbdf2508000000a010028098000380900001800400030016000200686173683a6e65742c706f72742c6e657400000018000200275e2a26282a5d2a282b8b2924285d27282d5d0004000300080001000700000016000200686173683a6e65742c706f72742c6e657400000016000200686173683a6e65742c706f72742c6e6574000000080001000b000000080001000000010009000200bc2d2d23000000000400018004100500d880ab6eca3ee6bbed05fc18dfbde8deef12b796236e8fba173e0842a92ecaf2d8050e10a7d6357de1b0d45ab0103bcfc53c82388393fc62ffd5036b8ee4e3855fe18233ec37c2ef7a65430d86dafbb5150d6a8350631813c5e5170ddfe287179cb5d454538be0ce617f5e2cbfaf0161293694a82cefb28d320fba71bdc25f77cc659715e6e48cf8e8f99a4f1c73008f70c5856f4503a76ddedbf909966e050257ec06aeed07b48748f7c0450a7319e71ed42c4b1f95c0401d855a8292005866b783b57284f27589be551049648cfe31f652791005c46260e787641b75811eb6f7ef42dc726b0bb8895f2eac7701501ed7c1e96e07d8a2c1c6857925dcb70ecb2a1c2fb453088fc3b4c6d1afe459e47df8570c9890f0e6c31f27db23833de54e9571f377aa9527eb929c1a1e1ea578a2e756352f8f0b5d07806bcc2e5bfa9b02458af545101ccff3cfa04c218c78e45de754119fc8e2d47bff4bdab592f2a292e2a022e9fddbb33ce761157b3c1002474d9db5764f1040e359722454d534698d70b560d2a1e429075c5d938813702f0250c61ec548274a0c29997670ca890868ec501e02719165969418f9506d43655b9d55ec385fca2913e18479fa0fa9dabb4c3874e0bb3f435a5d095cecdce9610f3ca3bfef93255b860fce809da874c42c8bd28726f3578fbcb2570c8c6e22c681e7f37bf2a1e139489125cc59824875d16ae47f28b36d10b37661bf39205710c35bf07cc6de79640d90e3c2940d12945f403a32f07546897bbb3b350240e3665af428b4363bae3837a1b059510a1f7a89b32b59f2b0359bb709b7e9818efbf7e28fa8bd822dbd2c06ebcab32f2096d7bcdd92c3dcdeaf9ec281fc64ba737ad091a49a3745588d95ca7bf0a3bea90602da4c5cad5c4c858e22932dcdd46511042ecaf2ede4659e4628dc60c8216df7f58ee4d3fa0afd0a17c5726ca7fc4bc63e1d7556d46e658aa52b7cac25d932f55b021071a940c340998b933fb038a9100a03f1e1e1a0cf6ecc766a177a1aaf3c602e75d4b8a6d3201d437faa1d9c11a90434f21042cc299ac46e98ac61a2fa73251e6eeda168fa56688140516bd7cc9b3094a696309fbe73ad2e39d0e3523978bdc847106301b854022262a02d26210b438ab2b94a37b5d8a670022057aa835e995e4a370526a24767c197d05dd0525b3d9d9a61ca53f7613d83ddc6389cc621febf5d108abc81e0ccbc7a98890514cf13e92b53cdc472bde95d20e7f758c966029811e2da7f782867950ec26322a8e931828c3c68aa8c0e8d5f5c28ce00134ab9bf38fe00359216c92881559a5154dce2f672c2edd18617104c2239eeed5821be9740d14919c68c8c912761e9353ca89fc6e8f9510323f3fdb794866d139e7ab851b38384f87529d3fea08e8ade3eb1f5949900ce1e2c47ddf51ae8261911f0851013b45d8f31598791fccfe660cfc2735b260133236a4a06b94b7a80a6577dcd1a77ecde01ce0b3795bdc03b9b88fa6b0700f62714da12f0e23ed69be638ce5d39e03d8f449559c80facc6cc4ae08051c529a607dc90f8e76329df19c82da836c9c54dceda066dc3fcbcfd1d496022127b863c8aefc911c48e5187aa1d64540a46daa199563f2ef91e5f60ca5eb3be8eb7cf4d9013b71ad9c0e719e1ddab5c158b743c72036296c677e1ea23c6e2a3f2764266bc2c3b7de07c58a1eb710d316ea5d250718c930713740795b4be7efdbbf6dd995edfe3417d2f4fd168eb1089044c23357edf25b721cb8cfa977142686da6361921cb2151899b200d857f6c2384f09f970be5e39fb384f166ae65378747597e793e03baad05ac6a2fc44162e0341d9be942cdaffe89b6f2f58a8baa485eafbb475bab773923b1af6cfc9ccafdce23add417455859bc0e7f4f7f9f1a2adf9f050ad854b32d0529b2a739f2694e6ef32e23fd705dd049523bf67b495cd33f676984c17c083f3da74ff676db11a733757c3e908d112cb2f2b57393eda8160e547d8f7a40c7414e50c9e3be64bcfdf593dd7194f7d54eea369039741e2ff5f9afec3f9069659f19a33d1a87eae8e1635087cc223e0d083a5b15e1a60041211a9af99f15e4497d65345bffee7e258196cdd8b819d7084bd78cf2b3f311d5410c90888ce00aedb3177df35bfaabbbfb27a6a4364eb4e1ea7a0bf1ba5fd95c4f19f7b28d6891fcf4ecd6bee0530786f51f872bc892048f463e2d0e536401e902a61d16eced66c0adb61e3c5f082906629a12323f3fd0d44a37c43f3a4b3b4dc09267237cf2448c354ed7f6a568918fa03bf253639909ad3abf02f8980709b4dca994f5624768ba638a95cdbc9dd2c62aeeb65347868f8840d5fb688a91fed57caf336ca3536a9f010ef0c85059cbbc054fee920dd40f998f51fb16952e9fe50ec21e3ae54d24f0bcb21416a902a1c766bfbffcbb1996d6289cd5a15b63e70cfa5ce98c12bbec50d1968ce2bfff0b544b67f53b93f65412439cc494265da13cb338651a69cbd0f2e10bbea5d3909f6deacd81cdfa8f42a0b32af8671621dd4eae726a0c60628a31c267d3acdd2c6d0acbf4eb482419fc991069f36c729ed20442ecfd218aa876460d768eff763f748aee4eca5294cb131de1784218d4d14b917308d02b540a61225ee657d2c4b9b75ed1b031fe2f61d6e340b9403da40aa019d7f9ba6c916653b6b3e72a32bdd96ae9e9fa457e372ff666441a7d8a5847471a25d9a9fdaef2fdc8acf2846864265cfca39f5d0783e9abc45c108e4047ef73f69ba555f86a61883d9fb803a2508897ee5402f1423856abf5390fee0b91f35f7506cd2844be3722d614d0ebcb1736748f3f70d8281c9fcd1802c34bff75ada721629fe584b5d3bd96609365a8538b1a9e314716d7af61a01fdc179cf81af2c095679abac05d64f5e2ba576812ef010abeb2fefa372f9f70926c1d7cb553dd6d8e2565ed8b5d08637afe44c5f25af0c4549a0fc4b53a61b0c11e996841f38714b6977fd756339fb9c6345e6b9e137f8c47b919ad067908ec4c9d69d712319e160677c863bf67c15ecbcf16772090ac9095385e2483fe96f699f5e0f57e97bec36d8f0611326b9df0a31d6357dd93814daab5370ce93d7fc748007032beb3a0731c8f0bc3d9fac875e013330633a9d97f13328ef8b991730ec2fca1b19baa593c7497e9f8538aa0110f7fcfdcaaa864b98963bc2070ca4dc063ab0f38765d160bf03f73dd7c7b873fcf27f38b9c584169ad715132f258c56d4ce75baafbd6f27129615081fb25d4515dd2f12e46fbbcb92655269775daf43a1e7e8ff8c375d70d041a9b8b0cf31bef4128f9ff3cb45f32b9f61aa08082b11ba616c3d9ec50fc2c778d002a2e800b5392cddd3f3bd292f4ff84184cd2e576406df12dc682c0f1ce3bba23260e69033aaeb37116b43e9ea8e1fb631087d8645a6f34c383eabf63b1d381357fae2b74dd030f83e06bbd0b48b1bc5959a5fd7fbbd11c607b2baede12c1b2856260f39ea1252f5743f6786bfe45cdc00af23ad0abb59a5371ab3e49f2560decfa8a20e52ac1aa26d36f741543266edd682f8381075529fd5935f2f07fdf630dbacf63c7166c5530779d9cb913af8f9c7a6065264b9bdfb633d38ccc370452c74a9c54e1020c05eafefb836de0c52b5392b951d0c98b6dc0fcbf395a32bff47e6a55adfdca4eee6a5a0ff9ea674d75f3c3a7abc034f20574f875ea5c819559db9f565440487c3a7c6b2c776b9b5ebea3d7da90212a30aa69d6592d92285c993ed8aa36db58fac4593fb683caaf803ab45a55add995a7cb30266a92ac2dce46e9ef6d903bdf59b4fab6dddb83b74ce346ebba10dc36fc9d77c5d3f2d2c2df3093af8c45b745ef3087fe8eab3b25cbdb5f8bdc68dfeb3f8f076a74958e72760d4716dc3f6f170d308072b3999c7acc12740257cfdf2bb5326ff821167e1fa29fa56b2d3782d22c7f0fd4cd732525b880daedb6409a34166ff6f74e2a1017dd87ef2b3d10d6a2ba52757428db075ecfe5e9dcac0ce06a934b80dc0f62a4feadb785a955c0e278af23a71d5a63e0495a4a6ba524f2e3967b15ee34a36e60765e26e0b72605daa6c052703f2feb8f5ce5901051b65309f2e68bcef81bc18d2fd8e577421ee894fdae409efcaee17ffd21d8afd116e6b97d8231b4b29e71f9d789bd1cb58d91cfca1cc5c14d719c1bbea0ca6ddbc9c46524e9e76a721face2f51d8de606da08fb444c0d756cc5646f03d9dcb29766e7d247f87c6695038525371df70abe7f7976dfef016df5e0a38e9fb0a5bca8133e6f6dda1eb858d60e09d13e4ffc346508a2606035e19b6dff1a8da3830b637676e93e2c86250d538945418534ac88ccc9014db979cfea96f0503f6e217e67963c56a463c544b045d491a1b2409128259f62ee568dd5a0c139244e258126fabe98e6505517532a9e62b80a46b47f5d95a3d146a335e451fcbadbb5a6d6c37d7139b569423bb2d6657a866e1319649d1dee585cba312723d91dcd9219d6e0fbb0ffaec05041faf0cd776decbd1e98e82c48a5aefbed8661af69bfe742e4cc169ff4df44bee06d6d0da68e2033984057374a59bf00883ebeb267281c7288b95d717566bae723e7058df095196daf35df2a8e436c85d0279d705b80ea905cad8e892ffab09449561bcf764a59d0d60f4e55410cb656ca8c4994b667bdcbf42dd8b81c5585a74ceff178a4fbb7056856fe36395619d2dc136bc4997975c883c357c3f294ddad455538ca8230df46d995134ae14f5eb42742e9f704ca1820c686f7b73f59c7eecbec5432416b13d064eb219ec387718b20a2359d2fd7e8b69a2d337c0cd1b83c9501018d48dc70bcb8afdbb16dd95554fcf611a9fe58eba73a0d37857d1c7b4a9f7f35bb92775de4f75f5553adc1c73629c4bcdb10de21c3e92229d00fdf1d0e229cf31c799aa0962e1f9c589d0274b144eaf7ab413d404ace805a7f3f970001eacbd846067215fb862096e70cedb6f21c814bc6e40cc69d3a83c50e6a330aa7ad123a1f58fa16765597c8b7ea34ea243db2d912bb65f59dc13dacf576ac844bb1fa07e0b461a1931db8b556e7a7d493b8ffbde508804e96397216f1e9d0966dd34243d13ad284de1b3b35db5821e0850382a95166768e828d3c0e0653b28dadb15ba7f299652b4e0161f4f6d1cdfc4af92e63ca1b7f9899f6713eaae3040ca637a96efe9f7d91618584c424cd4c40d9bbfd973de4ec3f350168f5b0420f8c95e5251cb00cecaf787cdbce71aacb42fd719a3ecea1e3cc743722fdb80cb7087cb686595fad578157a73b1fe3abc586f4d29f0e2cd1e3dddb49048517de0b158e16e107e5039ef77171f15a774dd2b1d6e2e57bd7f5c6c356f577ed0e54f9abd58a05ad946b9207b4239c322fce5175ee74c3b12ffe9db9f6e3c2a46e460a68836495ea246c7a657edc7fef131d931e0d050f6c7d466e48c57b2345a5eb011484c9982a4c2974061ebdd6e27271d461f21a61cc72cceb66cd35360aab26b2f1b79551d7ea5e1ccc580fd6d0c46e107d81db8914c4471f0d773df3da98f189d365a1f7649d20355274ad6135d72359cd90698f6d60937d2ad7b6be4f4654ad93196fcef39ff048c1226cf9b2d7ffa0c3b3d8ce1c217b240c75ff73920eca72ba0deac5cd7f39b5b3306059c1c1407e42281eec248937950d1c84dbb82cb463021bf5d32d560841a0958b25b6f2f1335f1284278a063eef45327ea977d794c91d505618a00d4f52aabab54bcb9acf1c2fd49947e0bd728c55f114010280dc00038010000180090002002326262e000000003400018004000300040003000400030004000300040003000400030008000100ff03000008000200645b2700080001000200000024000180040003000800010037f0ffff070002002b2800000400030008000100030000001800018008000100060000000500020000000000040003004000018004000300040003000400030008000100e80a00000800010008000000050002000000000008000100000000000800010000040000070002002f2400001800018005000200000000000400030008000100000000002a00050059ae4d025cf477ed54b54b38b3b25f46d21f5f4b3f787e36b3a9c9a05fa435ddd4b3b39e1b6a0000080002"], 0x11c8}, 0x1, 0x0, 0x0, 0x20004050}, 0x400c081)
socket$inet6(0xa, 0x3, 0x87)
r6 = getpid()
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
preadv(r7, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
setpgid(r6, 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[@ANYRESHEX=r8], 0x0)
r9 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpu.max\x00', 0x2, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r9, 0x80286722, &(0x7f00000000c0)={&(0x7f0000000080)=""/35, 0x23, 0x9})

1.022853901s ago: executing program 3 (id=1056):
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)

841.005377ms ago: executing program 1 (id=1057):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000f5000003"], 0xfdef)

827.293728ms ago: executing program 2 (id=1058):
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)

559.259429ms ago: executing program 3 (id=1059):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x42102, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x90)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000880)={r2, r3, 0x6, 0x0, @val=@tcx={@prog_id}}, 0x40)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r4, r5, 0x6, 0x0, @void}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00'}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

394.74576ms ago: executing program 2 (id=1060):
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000200)='rxrpc\x00', 0x0, &(0x7f0000000240)="0000000000000001ff000065dd530700a2752cbf86f474fad8cb594ed9fabe9ec277bb8d00000000000000ff07000000000000c9fb90d3abc52620e66db24b7c4f64fd9120d01eaf7503e1c7cfe204909190cf53b6c107bdd3bbcb1b23721d91ea46be5b513a", 0x66, r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x60}}, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x20048005)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000580)={0x0, 0x80000000, 0x100e})
keyctl$get_keyring_id(0x0, r0, 0x5)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r2, 0x40106410, &(0x7f0000000340)={0x0, 0x0})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5}, 0x48)
mount$tmpfs(0x0, &(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0), 0x0, &(0x7f0000000000))
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"1a17bf49148a44ad1d40786662d58d88ab7de1cba4d7999a32d91b3a9e436f8e", 0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000398e29d75d009900000000000000000004000d80"], 0x24}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x6a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500005c0000000000019078ac1e0001ac141400050090780300000040000000000000ad95b60000010000ac14140aac1414bb441c0001ac1414aa000000007f00000100ac141400009a000000860d000000000007d6d0000000000000"], 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x7, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

339.040131ms ago: executing program 4 (id=1061):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x1}]}]}, {0x0, [0x5f, 0x2]}}, 0x0, 0x34}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_udp_int(r4, 0x11, 0x1, &(0x7f0000000000)=0xfffff7dd, 0x4)
setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f00000000c0)=0x20000200, 0x4)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r5}, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000210001"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001700)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0xfff1}}}, 0x24}}, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r8}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020029003505d25a806f8c6394f90424fc602f0016000b740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

181.623019ms ago: executing program 1 (id=1062):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f0000000000)=0x4000)
r1 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x6a, 0x5, 0x20000000, 0x3)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0xb, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_ct={0x68, 0x1, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6}, @TCA_CT_MARK_MASK={0x8}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private1={0xfc, 0x1, '\x00', 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="740200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000000c001a800800038004000580d40103803000018005000c000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f696c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060000180050006000000000005000600000000000800010000000000050006000000fd000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c8008002500000000000500060000000000d600190003dd96197aca85b64424a37dbda7b69414000700eb052fcd3dd4d3e8bbcbf1de857c0e1c3c0018800800010000000000080001000000000014000400b2112a97bf9704ee57915340334b827114000500e8635392a70f36f95f4b9b352920ebec08002800000000006c001a8020000a8005000800000000001400000000aa40000a8014000700fe8000000000000000000000000000aa1400070000000000000000000000ffffffffffff14000700ff0100000000000000000000000000010400070004001c00d6a2efa3aeea29"], 0x274}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x44, r6, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_SPORT={0x6}, @L2TP_ATTR_UDP_DPORT={0x6}]}, 0x44}}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000000c0)='./file0\x00', 0x3008c0, &(0x7f0000000180)=ANY=[@ANYBLOB="6465636f6d706f73652c756d61736b3d30303030303030303030303030303030303030303030342c6465636f6d706f73652c0023df5a34ff73379d13e66beae03dd3461a1f239f688e5339fbfc868f507fb51589395a991270c9314c145e7f304e6539a3ec8bccc716ba50cf89"], 0x1, 0x5c6, &(0x7f00000006c0)="$eJzs3U9vHGcdB/DvbhxnHaR04yZtQJWwilQhLJJdWyIpF6AUZKEKVeLA2SJOYmWTVvYWuT2ggDhUnPoSysFvAHEskg+0Rzj1bNQjEnffjGZ21ru2t65du951+/lIs8/zzDPzzG9+8ycza0Ub4BtraT5TW6llaf6NjaK9vbnY2d5cfNKvJ7mSpJ40ktSK2X9P8lnyLL0p3+53DJWHfPpR4+EnH3z8fq/VqKZy+dpR6x3PXizNXqxleVbjLZx6vMEeziWZrUoYu92+/4zsPuV1CQBMslpyadT8ZnK1elgv3gN6T8W9Z+wL7dm4AwAAAIBz8NxOdrKRa+OOAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6S6vf/a9VU79fnUuv//v90NS9V/ULbGncAAAAAAAAAAHAGvruTnWzkWr+9Wyv/5v9y2bhRfn4r72Q9K1nL7WxkOd10s5Z2kubQQNMby93uWvsYay6MXHPhfPYXAAAAAAAAAL6m/pSlwd//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgEtSSS72inG70683Up5I0kkwXyz1L/t2vX2Rb4w4AAAAAzsFzO9nJRq7127u18p3/hfK9v5F38jTdrKabTlZyv/wuoPfWX9/eXOxsby4+KabD4/7sfycKoxwxve8eRm/5VrnETB5ktZxzO7/LW+nkfurlmoVb/XhGx/XHIqbaTyrHjOx+VRZ7/quqnAzNMiOX9zLSqmIrsnH96Eyc8Ogc3FI79b1vfm58BTm/WpXF/rw+0TlfGDr7Xjg6E8nsb/9y91Hn6eNHD9bnJ2eXvqSDmVgcysSL36hMtMpM3NxrL+WX+U3mM5c3s5bV/D7L6WYlc3m9rC1X53Px2Tw6Uz/d13rziyKZro5L7y56spheLte9ltX8Om/lfnlEW7mbu1nIj/JqWvuO8M1jXPX1k1313/t+Vbmc5BdVORmKvF4fyuvwPbdZ9g3PGWRp9uzvjVPfqSrF2fPaxN0brx/4V6KfieePzsRfd4vP9c7Tx2uPlt8+5vZeqcoiAz+fqEwU58tscbDK1v6zo+h7fmRfu+y7sddXP9R3c6/vi67U6eoZ7vBIC2XfiyP7euvdGuob9bwFwMS7+oOr0zP/nfnXzIczf555NPNG47Ur9668NJ3L/7z846nWpVfqL9X+lg/zh8H7PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OWtv/ve4+VOZ2VNRUVFZa8y7jsT8FW7033y9p31d9/74eqT5YcrD1eevtq6d6/dbt9t3Xmw2lmpPscdJQBwlgYP/eOOBAAAAAAAAAAAAAAA+Dzn8d+Jx72PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA19vSfKa2Uku7dbtVtLc3FzvF1K8PlmwkqRWVfyT5LHmW3pTm0HC1z9vOpx81Hn7ywcfvD8Zq9JevHbXe8eyLpX4gptOOt3Dq8QZ7OJdktiph7P4fAAD//xl1A5k=")
r7 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r7, 0x541b, &(0x7f0000000000)={'netdevsim0\x00', 0x0})
lgetxattr(&(0x7f0000000000)='./file2\x00', &(0x7f0000000080)=@known='system.sockprotoname\x00', 0x0, 0x0)

0s ago: executing program 0 (id=1063):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xffff8000}, 0x20)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

kernel console output (not intermixed with test programs):

588'.
[  497.974836][    C1] eth0: bad gso: type: 1, size: 1408
[  498.119840][ T7519] loop1: detected capacity change from 0 to 1024
[  498.339126][ T6135] usbhid 3-1:0.0: can't add hid device: -71
[  498.346251][ T6135] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  498.397980][ T6135] usb 3-1: USB disconnect, device number 19
[  498.480210][ T7519] hfsplus: can't free extent
[  498.503705][ T7519] hfsplus: extend alloc file! (8192,512,4294934894)
[  498.551981][ T7519] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  498.644999][ T7519] netlink: 'syz.1.590': attribute type 29 has an invalid length.
[  498.733684][ T1057] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  498.969868][ T1057] usb 5-1: config 0 has no interfaces?
[  498.975886][ T1057] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  498.989028][ T1057] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.134520][ T1057] usb 5-1: config 0 descriptor??
[  499.238750][   T73] hfsplus: b-tree write err: -5, ino 4
[  499.373271][ T1057] usb 5-1: string descriptor 0 read error: -71
[  499.472929][ T1057] usb 5-1: USB disconnect, device number 30
[  500.172037][ T4639] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  500.411923][ T4639] usb 2-1: Using ep0 maxpacket: 16
[  500.535596][ T4639] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43
[  500.545406][ T4639] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.554217][ T4639] usb 2-1: Product: syz
[  500.558755][ T4639] usb 2-1: Manufacturer: syz
[  500.563877][ T4639] usb 2-1: SerialNumber: syz
[  500.639403][ T4639] usb 2-1: config 0 descriptor??
[  500.753438][ T1057] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  500.875523][ T4639] usb 2-1: Limiting number of CPorts to U8_MAX
[  500.884232][ T4639] usb 2-1: Not enough endpoints found in device, aborting!
[  501.055201][ T1057] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  501.068834][ T1057] usb 1-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00
[  501.078589][ T1057] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.125990][ T4639] usb 2-1: USB disconnect, device number 14
[  501.156277][ T1057] usb 1-1: config 0 descriptor??
[  501.213345][ T1057] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  501.453373][ T5244] usb 1-1: USB disconnect, device number 36
[  501.868607][ T7552] loop4: detected capacity change from 0 to 1764
[  501.888591][ T7552] iso9660: Unknown parameter '18446744073709551615'
[  502.643892][    C1] eth0: bad gso: type: 1, size: 1408
[  502.952634][ T5244] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  503.219035][ T5244] usb 1-1: config 0 has no interfaces?
[  503.225030][ T5244] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  503.236448][ T5244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.295520][ T5244] usb 1-1: config 0 descriptor??
[  503.360927][ T7575] loop3: detected capacity change from 0 to 128
[  503.417395][ T7577] tipc: Started in network mode
[  503.423258][ T7577] tipc: Node identity 000000000000000005, cluster identity 4711
[  503.475250][ T7575] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  503.567332][ T5244] usb 1-1: string descriptor 0 read error: -71
[  503.596972][ T5244] usb 1-1: USB disconnect, device number 37
[  503.614473][ T7581] tipc: Cannot configure node identity twice
[  503.710565][ T7575] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  503.770741][ T7584] block nbd2: NBD_DISCONNECT
[  503.776413][ T7584] block nbd2: Disconnected due to user request.
[  503.783190][ T7584] block nbd2: shutting down sockets
[  504.252156][ T1057] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  504.382800][ T5244] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  504.462838][ T1057] usb 5-1: Using ep0 maxpacket: 32
[  504.503845][ T1057] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  504.516619][ T1057] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  504.601249][ T1057] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  504.611066][ T1057] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  504.624025][ T1057] usb 5-1: Product: syz
[  504.628485][ T1057] usb 5-1: Manufacturer: syz
[  504.634916][ T1057] usb 5-1: SerialNumber: syz
[  504.692707][ T5244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.704295][ T5244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.718319][ T5244] usb 4-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  504.729170][ T5244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.743013][ T1057] usb 5-1: config 0 descriptor??
[  504.753717][ T4639] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  504.771215][ T1057] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  504.791316][ T1057] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  504.828648][ T5244] usb 4-1: config 0 descriptor??
[  504.965211][ T4639] usb 3-1: Using ep0 maxpacket: 16
[  505.064671][ T4639] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43
[  505.074534][ T4639] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.083167][ T4639] usb 3-1: Product: syz
[  505.087599][ T4639] usb 3-1: Manufacturer: syz
[  505.094396][ T4639] usb 3-1: SerialNumber: syz
[  505.103427][ T1057] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  505.123520][ T4639] usb 3-1: config 0 descriptor??
[  505.314515][ T1057] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  505.328346][ T1057] usb 2-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00
[  505.345950][ T1057] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.414377][ T1057] usb 2-1: config 0 descriptor??
[  505.443473][ T4639] usb 3-1: Limiting number of CPorts to U8_MAX
[  505.451857][ T4639] usb 3-1: Not enough endpoints found in device, aborting!
[  505.479093][ T1057] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  505.609788][ T7597] bridge0: port 3(syz_tun) entered blocking state
[  505.617331][ T7597] bridge0: port 3(syz_tun) entered disabled state
[  505.625623][ T7597] syz_tun: entered allmulticast mode
[  505.634669][ T7597] syz_tun: entered promiscuous mode
[  505.648807][ T7597] bridge0: port 3(syz_tun) entered blocking state
[  505.656202][ T7597] bridge0: port 3(syz_tun) entered forwarding state
[  505.709271][ T1057] usb 3-1: USB disconnect, device number 20
[  505.873135][ T6135] usb 2-1: USB disconnect, device number 15
[  506.634564][ T5244] usbhid 4-1:0.0: can't add hid device: -71
[  506.641450][ T5244] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  506.743415][ T5244] usb 4-1: USB disconnect, device number 19
[  506.990838][ T7605] FAULT_INJECTION: forcing a failure.
[  506.990838][ T7605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.004619][ T7605] CPU: 1 UID: 0 PID: 7605 Comm: syz.1.622 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  507.015605][ T7605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  507.025958][ T7605] Call Trace:
[  507.029549][ T7605]  <TASK>
[  507.032715][ T7605]  dump_stack_lvl+0x216/0x2d0
[  507.037746][ T7605]  dump_stack+0x1e/0x30
[  507.042239][ T7605]  should_fail_ex+0x74e/0x800
[  507.047329][ T7605]  should_fail+0x2a/0x40
[  507.051953][ T7605]  should_fail_usercopy+0x2e/0x40
[  507.057528][ T7605]  _copy_from_user+0x33/0x160
[  507.062549][ T7605]  __se_sys_mount+0x28b/0x810
[  507.067545][ T7605]  __x64_sys_mount+0xe4/0x150
[  507.072537][ T7605]  x64_sys_call+0xed5/0x3c10
[  507.077480][ T7605]  do_syscall_64+0xcd/0x1e0
[  507.082267][ T7605]  ? clear_bhb_loop+0x25/0x80
[  507.087258][ T7605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.093494][ T7605] RIP: 0033:0x7fd4077773b9
[  507.098152][ T7605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.118080][ T7605] RSP: 002b:00007fd408550048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  507.126804][ T7605] RAX: ffffffffffffffda RBX: 00007fd407905f80 RCX: 00007fd4077773b9
[  507.135041][ T7605] RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
[  507.143255][ T7605] RBP: 00007fd4085500a0 R08: 00000000200001c0 R09: 0000000000000000
[  507.151466][ T7605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  507.159691][ T7605] R13: 000000000000000b R14: 00007fd407905f80 R15: 00007ffe388897a8
[  507.167956][ T7605]  </TASK>
[  507.283068][ T1057] usb 5-1: USB disconnect, device number 31
[  507.300108][ T1057] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  508.269715][ T7614] FAULT_INJECTION: forcing a failure.
[  508.269715][ T7614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.283643][ T7614] CPU: 1 UID: 0 PID: 7614 Comm: syz.2.626 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  508.294598][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  508.304939][ T7614] Call Trace:
[  508.308436][ T7614]  <TASK>
[  508.311586][ T7614]  dump_stack_lvl+0x216/0x2d0
[  508.316616][ T7614]  dump_stack+0x1e/0x30
[  508.321095][ T7614]  should_fail_ex+0x74e/0x800
[  508.326163][ T7614]  should_fail+0x2a/0x40
[  508.330787][ T7614]  should_fail_usercopy+0x2e/0x40
[  508.336188][ T7614]  _copy_from_user+0x33/0x160
[  508.341213][ T7614]  kstrtouint_from_user+0x75/0x140
[  508.346724][ T7614]  ? security_file_permission+0x11a/0x150
[  508.352837][ T7614]  ? proc_fail_nth_write+0x43/0x300
[  508.358368][ T7614]  ? vfs_write+0x493/0x1550
[  508.363193][ T7614]  proc_fail_nth_write+0x62/0x300
[  508.368545][ T7614]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  508.374746][ T7614]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  508.380729][ T7614]  vfs_write+0x493/0x1550
[  508.385388][ T7614]  ? kmsan_get_metadata+0x13e/0x1c0
[  508.390960][ T7614]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  508.397682][ T7614]  ksys_write+0x20f/0x4c0
[  508.402356][ T7614]  __x64_sys_write+0x93/0xe0
[  508.407289][ T7614]  x64_sys_call+0x3490/0x3c10
[  508.412320][ T7614]  do_syscall_64+0xcd/0x1e0
[  508.417145][ T7614]  ? clear_bhb_loop+0x25/0x80
[  508.422149][ T7614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  508.428443][ T7614] RIP: 0033:0x7f20cb975e9f
[  508.433146][ T7614] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[  508.453114][ T7614] RSP: 002b:00007f20cc703040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  508.462066][ T7614] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f20cb975e9f
[  508.470333][ T7614] RDX: 0000000000000001 RSI: 00007f20cc7030b0 RDI: 0000000000000007
[  508.478769][ T7614] RBP: 00007f20cc7030a0 R08: 0000000000000000 R09: 0000000000000000
[  508.487117][ T7614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  508.495375][ T7614] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  508.503672][ T7614]  </TASK>
[  508.722977][ T7621] block nbd1: NBD_DISCONNECT
[  508.728504][ T7621] block nbd1: Disconnected due to user request.
[  508.735469][ T7621] block nbd1: shutting down sockets
[  509.189918][   T44] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  509.478537][   T44] usb 1-1: config 0 has no interfaces?
[  509.484639][   T44] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  509.497123][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.542453][ T7631] syz.4.633: attempt to access beyond end of device
[  509.542453][ T7631] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  509.556404][ T7631] vxfs: unable to read disk superblock at 1
[  509.562991][ T7631] syz.4.633: attempt to access beyond end of device
[  509.562991][ T7631] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  509.563546][   T44] usb 1-1: config 0 descriptor??
[  509.578862][ T7631] vxfs: unable to read disk superblock at 8
[  509.578977][ T7631] vxfs: can't find superblock.
[  509.611719][ T1057] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  509.685491][ T7633] loop2: detected capacity change from 0 to 64
[  509.813007][ T4639] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  509.826898][ T1057] usb 2-1: Using ep0 maxpacket: 16
[  509.843812][   T44] usb 1-1: string descriptor 0 read error: -71
[  509.863675][   T44] usb 1-1: USB disconnect, device number 38
[  509.904618][ T1057] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43
[  509.914366][ T1057] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.923060][ T1057] usb 2-1: Product: syz
[  509.927507][ T1057] usb 2-1: Manufacturer: syz
[  509.932533][ T1057] usb 2-1: SerialNumber: syz
[  509.955740][ T1057] usb 2-1: config 0 descriptor??
[  510.062636][ T5244] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  510.093414][ T4639] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  510.107196][ T4639] usb 4-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00
[  510.116932][ T4639] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.132991][ T4639] usb 4-1: config 0 descriptor??
[  510.168360][ T4639] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  510.208202][ T1057] usb 2-1: Limiting number of CPorts to U8_MAX
[  510.228503][ T1057] usb 2-1: Not enough endpoints found in device, aborting!
[  510.322560][ T5244] usb 3-1: Using ep0 maxpacket: 32
[  510.342843][ T5244] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  510.357205][ T5244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.365764][ T5244] usb 3-1: Product: syz
[  510.370232][ T5244] usb 3-1: Manufacturer: syz
[  510.375351][ T5244] usb 3-1: SerialNumber: syz
[  510.382430][ T6135] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  510.396458][ T5244] usb 3-1: config 0 descriptor??
[  510.416969][ T5244] hub 3-1:0.0: bad descriptor, ignoring hub
[  510.423328][ T5244] hub 3-1:0.0: probe with driver hub failed with error -5
[  510.427976][ T4639] usb 2-1: USB disconnect, device number 16
[  510.454455][ T1057] usb 4-1: USB disconnect, device number 20
[  510.603044][ T6135] usb 5-1: Using ep0 maxpacket: 32
[  510.651092][ T6135] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  510.663809][ T6135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  510.712030][ T6135] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  510.721705][ T6135] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  510.730486][ T6135] usb 5-1: Product: syz
[  510.735020][ T6135] usb 5-1: Manufacturer: syz
[  510.739897][ T6135] usb 5-1: SerialNumber: syz
[  510.800296][ T6135] usb 5-1: config 0 descriptor??
[  510.833066][ T6135] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  510.874523][ T6135] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  510.971812][ T5244] usb 3-1: reset high-speed USB device number 21 using dummy_hcd
[  511.491823][ T7633] overlay: Unknown parameter '//bus'
[  511.591193][   T29] audit: type=1800 audit(1722429373.494:113): pid=7633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.634" name="file2" dev="loop2" ino=6 res=0 errno=0
[  512.073386][ T1057] usb 3-1: USB disconnect, device number 21
[  512.229832][ T7655] loop3: detected capacity change from 0 to 128
[  512.428451][ T7655] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  512.570348][ T7655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  513.077752][ T4639] usb 5-1: USB disconnect, device number 32
[  513.153944][ T4639] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  513.163764][ T1057] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  513.477634][ T1057] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.489743][ T1057] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.500105][ T1057] usb 4-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  513.509656][ T1057] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.535164][ T6135] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  513.629503][ T1057] usb 4-1: config 0 descriptor??
[  513.851437][ T6135] usb 3-1: config 0 has no interfaces?
[  513.857443][ T6135] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  513.866975][ T6135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.982013][ T6135] usb 3-1: config 0 descriptor??
[  514.310512][ T6135] usb 3-1: string descriptor 0 read error: -71
[  514.320891][ T6135] usb 3-1: USB disconnect, device number 22
[  514.393142][ T5244] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  514.606913][ T5244] usb 2-1: Using ep0 maxpacket: 16
[  514.674987][ T5244] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43
[  514.684783][ T5244] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  514.696575][ T5244] usb 2-1: Product: syz
[  514.701069][ T5244] usb 2-1: Manufacturer: syz
[  514.711036][ T5244] usb 2-1: SerialNumber: syz
[  514.812102][ T5244] usb 2-1: config 0 descriptor??
[  514.948838][ T7682] FAULT_INJECTION: forcing a failure.
[  514.948838][ T7682] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.971935][ T7682] CPU: 0 UID: 0 PID: 7682 Comm: syz.0.653 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  514.982915][ T7682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  514.993253][ T7682] Call Trace:
[  514.996755][ T7682]  <TASK>
[  514.999906][ T7682]  dump_stack_lvl+0x216/0x2d0
[  515.004923][ T7682]  dump_stack+0x1e/0x30
[  515.009391][ T7682]  should_fail_ex+0x74e/0x800
[  515.014488][ T7682]  should_fail+0x2a/0x40
[  515.019085][ T7682]  should_fail_usercopy+0x2e/0x40
[  515.024506][ T7682]  _copy_to_user+0x33/0x110
[  515.029354][ T7682]  simple_read_from_buffer+0x199/0x340
[  515.035369][ T7682]  proc_fail_nth_read+0x1e8/0x2c0
[  515.040755][ T7682]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  515.046650][ T7682]  vfs_read+0x2a1/0xf60
[  515.051230][ T7682]  ? kmsan_get_metadata+0x13e/0x1c0
[  515.056815][ T7682]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  515.063538][ T7682]  ksys_read+0x20f/0x4c0
[  515.068122][ T7682]  __x64_sys_read+0x93/0xe0
[  515.072961][ T7682]  x64_sys_call+0x347b/0x3c10
[  515.078001][ T7682]  do_syscall_64+0xcd/0x1e0
[  515.082823][ T7682]  ? clear_bhb_loop+0x25/0x80
[  515.087834][ T7682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.094136][ T7682] RIP: 0033:0x7fcbfdf75dfc
[  515.098837][ T7682] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  515.118906][ T7682] RSP: 002b:00007fcbfed5a040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  515.127781][ T7682] RAX: ffffffffffffffda RBX: 00007fcbfe105f80 RCX: 00007fcbfdf75dfc
[  515.136073][ T7682] RDX: 000000000000000f RSI: 00007fcbfed5a0b0 RDI: 0000000000000004
[  515.144438][ T7682] RBP: 00007fcbfed5a0a0 R08: 0000000000000000 R09: 0000000000000000
[  515.152794][ T7682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.161069][ T7682] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  515.169391][ T7682]  </TASK>
[  515.407631][ T5244] usb 2-1: Limiting number of CPorts to U8_MAX
[  515.420704][ T5244] usb 2-1: Not enough endpoints found in device, aborting!
[  515.555924][ T1057] usbhid 4-1:0.0: can't add hid device: -71
[  515.563002][ T1057] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  515.602747][ T4639] usb 2-1: USB disconnect, device number 17
[  515.664972][ T1057] usb 4-1: USB disconnect, device number 21
[  517.114678][ T1521] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  517.387525][ T6135] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  517.399195][ T1521] usb 2-1: Using ep0 maxpacket: 32
[  517.505787][ T1521] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  517.518540][ T1521] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  517.635672][ T1521] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  517.645440][ T1521] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  517.654557][ T1521] usb 2-1: Product: syz
[  517.659009][ T1521] usb 2-1: Manufacturer: syz
[  517.664125][ T1521] usb 2-1: SerialNumber: syz
[  517.674788][ T6135] usb 3-1: Using ep0 maxpacket: 16
[  517.793000][ T1521] usb 2-1: config 0 descriptor??
[  517.816176][ T6135] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.831279][ T6135] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.843004][ T6135] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  517.856688][ T6135] usb 3-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  517.866232][ T6135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.899282][ T1521] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  517.935533][ T6135] usb 3-1: config 0 descriptor??
[  517.968532][ T1521] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  518.449524][ T7704] FAULT_INJECTION: forcing a failure.
[  518.449524][ T7704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  518.463760][ T7704] CPU: 0 UID: 0 PID: 7704 Comm: syz.0.662 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  518.474770][ T7704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  518.485116][ T7704] Call Trace:
[  518.488627][ T7704]  <TASK>
[  518.491777][ T7704]  dump_stack_lvl+0x216/0x2d0
[  518.496877][ T7704]  dump_stack+0x1e/0x30
[  518.501334][ T7704]  should_fail_ex+0x74e/0x800
[  518.506397][ T7704]  should_fail+0x2a/0x40
[  518.510995][ T7704]  should_fail_usercopy+0x2e/0x40
[  518.516456][ T7704]  fpu__restore_sig+0x1b4/0x1980
[  518.521733][ T7704]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  518.527885][ T7704]  ? should_fail_ex+0x19a/0x800
[  518.533066][ T7704]  ? kmsan_get_metadata+0x13e/0x1c0
[  518.538719][ T7704]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  518.545435][ T7704]  ? kmsan_get_metadata+0x13e/0x1c0
[  518.550988][ T7704]  restore_sigcontext+0x646/0x980
[  518.556338][ T7704]  ? _raw_spin_unlock_irq+0x31/0x50
[  518.561976][ T7704]  __do_sys_rt_sigreturn+0x2d6/0x4f0
[  518.567711][ T7704]  x64_sys_call+0x3688/0x3c10
[  518.572715][ T7704]  do_syscall_64+0xcd/0x1e0
[  518.577507][ T7704]  ? clear_bhb_loop+0x25/0x80
[  518.582477][ T7704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.588731][ T7704] RIP: 0033:0x7fcbfdf773b7
[  518.593430][ T7704] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  518.613811][ T7704] RSP: 002b:00007fcbfed5a048 EFLAGS: 00000246
[  518.620304][ T7704] RAX: 0000000000000127 RBX: 00007fcbfe105f80 RCX: 00007fcbfdf773b9
[  518.628558][ T7704] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
[  518.636786][ T7704] RBP: 00007fcbfed5a0a0 R08: 0000000000000000 R09: 0000000000000000
[  518.645212][ T7704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.653478][ T7704] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  518.662094][ T7704]  </TASK>
[  518.699630][ T6135] wacom 0003:056A:0022.000C: item fetching failed at offset 10/11
[  518.820331][ T6135] wacom 0003:056A:0022.000C: parse failed
[  518.827636][ T6135] wacom 0003:056A:0022.000C: probe with driver wacom failed with error -22
[  518.884281][ T6135] usb 3-1: USB disconnect, device number 23
[  519.704028][ T6135] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  519.959557][ T6135] usb 4-1: config 0 has no interfaces?
[  519.965689][ T6135] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  519.979012][ T6135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.024246][ T6135] usb 4-1: config 0 descriptor??
[  520.113956][ T1057] usb 2-1: USB disconnect, device number 18
[  520.172260][ T1057] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  520.256896][ T6135] usb 4-1: string descriptor 0 read error: -71
[  520.291227][ T6135] usb 4-1: USB disconnect, device number 22
[  520.388303][ T1521] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  520.583178][ T1521] usb 5-1: Using ep0 maxpacket: 16
[  520.638794][ T1521] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43
[  520.648939][ T1521] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.652551][ T7735] loop2: detected capacity change from 0 to 128
[  520.657428][ T1521] usb 5-1: Product: syz
[  520.668106][ T1521] usb 5-1: Manufacturer: syz
[  520.673046][ T1521] usb 5-1: SerialNumber: syz
[  520.733127][ T1521] usb 5-1: config 0 descriptor??
[  520.753833][ T7735] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  520.873491][ T7735] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  521.021087][ T1521] usb 5-1: Limiting number of CPorts to U8_MAX
[  521.030238][ T1521] usb 5-1: Not enough endpoints found in device, aborting!
[  521.247393][ T1057] usb 5-1: USB disconnect, device number 33
[  521.556832][ T7739] loop1: detected capacity change from 0 to 2048
[  521.618873][ T7739] udf: Unknown parameter 'onhide'
[  522.902806][ T7747] cgroup: Unknown subsys name 'func'
[  523.464637][ T7747] loop1: detected capacity change from 0 to 1024
[  523.544887][ T7747] EXT4-fs: Ignoring removed oldalloc option
[  523.551218][ T7747] ext4: Unknown parameter 'smackfshat'
[  524.413997][ T5244] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  524.754714][ T5244] usb 5-1: device descriptor read/64, error -71
[  525.122953][ T5244] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  525.343464][ T5244] usb 5-1: device descriptor read/64, error -71
[  525.383224][ T7763] FAULT_INJECTION: forcing a failure.
[  525.383224][ T7763] name failslab, interval 1, probability 0, space 0, times 0
[  525.397470][ T7763] CPU: 0 UID: 0 PID: 7763 Comm: syz.0.683 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  525.408866][ T7763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  525.419203][ T7763] Call Trace:
[  525.422707][ T7763]  <TASK>
[  525.425863][ T7763]  dump_stack_lvl+0x216/0x2d0
[  525.430881][ T7763]  dump_stack+0x1e/0x30
[  525.435353][ T7763]  should_fail_ex+0x74e/0x800
[  525.440419][ T7763]  should_failslab+0x17f/0x210
[  525.445580][ T7763]  __kmalloc_cache_noprof+0xbf/0xb00
[  525.451233][ T7763]  ? alloc_fs_context+0x6b/0xda0
[  525.456540][ T7763]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  525.462848][ T7763]  alloc_fs_context+0x6b/0xda0
[  525.467957][ T7763]  ? _raw_read_unlock+0x38/0x50
[  525.473204][ T7763]  ? get_fs_type+0x8be/0x960
[  525.478395][ T7763]  ? kmsan_get_metadata+0x13e/0x1c0
[  525.483994][ T7763]  fs_context_for_mount+0x3d/0x50
[  525.489435][ T7763]  do_new_mount+0x26f/0x15e0
[  525.494361][ T7763]  ? kmsan_get_metadata+0x13e/0x1c0
[  525.499949][ T7763]  path_mount+0x742/0x1f10
[  525.504802][ T7763]  ? user_path_at+0x32f/0x390
[  525.507026][ T5244] usb usb5-port1: attempt power cycle
[  525.509714][ T7763]  __se_sys_mount+0x722/0x810
[  525.520188][ T7763]  __x64_sys_mount+0xe4/0x150
[  525.525231][ T7763]  x64_sys_call+0xed5/0x3c10
[  525.530192][ T7763]  do_syscall_64+0xcd/0x1e0
[  525.535019][ T7763]  ? clear_bhb_loop+0x25/0x80
[  525.540110][ T7763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.546406][ T7763] RIP: 0033:0x7fcbfdf773b9
[  525.551110][ T7763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.571077][ T7763] RSP: 002b:00007fcbfed5a048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  525.579865][ T7763] RAX: ffffffffffffffda RBX: 00007fcbfe105f80 RCX: 00007fcbfdf773b9
[  525.588151][ T7763] RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
[  525.596423][ T7763] RBP: 00007fcbfed5a0a0 R08: 0000000020000200 R09: 0000000000000000
[  525.604699][ T7763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  525.613145][ T7763] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  525.621455][ T7763]  </TASK>
[  525.742159][ T1057] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  525.943704][ T1057] usb 2-1: Using ep0 maxpacket: 32
[  525.957814][ T1057] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  525.966925][ T1057] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  525.977478][ T5244] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  526.056660][ T1057] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  526.066700][ T1057] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  526.075584][ T1057] usb 2-1: Product: syz
[  526.080026][ T1057] usb 2-1: Manufacturer: syz
[  526.085025][ T1057] usb 2-1: SerialNumber: syz
[  526.092469][ T5244] usb 5-1: device descriptor read/8, error -71
[  526.149786][ T1057] usb 2-1: config 0 descriptor??
[  526.178047][ T1057] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  526.198196][ T1057] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  526.392339][ T5244] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  526.428716][ T4639] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  526.455133][ T5244] usb 5-1: device descriptor read/8, error -71
[  526.613364][ T5244] usb usb5-port1: unable to enumerate USB device
[  526.643639][ T4639] usb 4-1: config 0 has no interfaces?
[  526.650028][ T4639] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  526.659602][ T4639] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.687147][ T4639] usb 4-1: config 0 descriptor??
[  526.982810][ T4639] usb 4-1: string descriptor 0 read error: -71
[  527.003966][ T4639] usb 4-1: USB disconnect, device number 23
[  527.369435][ T7779] netlink: 'syz.2.689': attribute type 1 has an invalid length.
[  528.023516][ T7789] FAULT_INJECTION: forcing a failure.
[  528.023516][ T7789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.037095][ T7789] CPU: 1 UID: 0 PID: 7789 Comm: syz.2.693 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  528.048045][ T7789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  528.058381][ T7789] Call Trace:
[  528.061888][ T7789]  <TASK>
[  528.065030][ T7789]  dump_stack_lvl+0x216/0x2d0
[  528.070051][ T7789]  dump_stack+0x1e/0x30
[  528.074520][ T7789]  should_fail_ex+0x74e/0x800
[  528.079584][ T7789]  should_fail+0x2a/0x40
[  528.084149][ T7789]  should_fail_usercopy+0x2e/0x40
[  528.089496][ T7789]  _copy_to_user+0x33/0x110
[  528.094304][ T7789]  simple_read_from_buffer+0x199/0x340
[  528.100113][ T7789]  proc_fail_nth_read+0x1e8/0x2c0
[  528.105431][ T7789]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  528.111264][ T7789]  vfs_read+0x2a1/0xf60
[  528.115695][ T7789]  ? kmsan_get_metadata+0x13e/0x1c0
[  528.121203][ T7789]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  528.127861][ T7789]  ksys_read+0x20f/0x4c0
[  528.132404][ T7789]  __x64_sys_read+0x93/0xe0
[  528.137201][ T7789]  x64_sys_call+0x347b/0x3c10
[  528.142185][ T7789]  do_syscall_64+0xcd/0x1e0
[  528.147086][ T7789]  ? clear_bhb_loop+0x25/0x80
[  528.152049][ T7789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.158279][ T7789] RIP: 0033:0x7f20cb975dfc
[  528.162935][ T7789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  528.182856][ T7789] RSP: 002b:00007f20cc703040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  528.191589][ T7789] RAX: ffffffffffffffda RBX: 00007f20cbb05f80 RCX: 00007f20cb975dfc
[  528.199820][ T7789] RDX: 000000000000000f RSI: 00007f20cc7030b0 RDI: 0000000000000006
[  528.208031][ T7789] RBP: 00007f20cc7030a0 R08: 0000000000000000 R09: 0000000000000000
[  528.216245][ T7789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.224453][ T7789] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  528.232703][ T7789]  </TASK>
[  528.413338][ T1057] usb 2-1: USB disconnect, device number 19
[  528.458678][ T1057] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  529.536047][ T7796] loop4: detected capacity change from 0 to 1024
[  529.715948][ T7796] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.959738][ T7796] syz.4.696: attempt to access beyond end of device
[  529.959738][ T7796] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  530.107895][ T7801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.696'.
[  530.353358][ T1057] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  530.672520][ T1057] usb 3-1: Using ep0 maxpacket: 16
[  530.783399][ T1057] usb 3-1: config 0 has no interfaces?
[  530.963778][ T1057] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  530.973473][ T1057] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  530.982133][ T1057] usb 3-1: Product: syz
[  530.986569][ T1057] usb 3-1: Manufacturer: syz
[  530.991669][ T1057] usb 3-1: SerialNumber: syz
[  531.107495][ T1057] usb 3-1: config 0 descriptor??
[  531.279370][ T5189] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.033486][ T1521] usb 3-1: USB disconnect, device number 24
[  532.212318][   T10] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  532.457208][   T10] usb 5-1: config 0 has no interfaces?
[  532.463466][   T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  532.477733][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.512593][   T10] usb 5-1: config 0 descriptor??
[  532.575201][ T1057] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  532.711896][ T1521] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  532.759350][   T10] usb 5-1: string descriptor 0 read error: -71
[  532.794563][   T10] usb 5-1: USB disconnect, device number 38
[  532.811938][ T1057] usb 2-1: Using ep0 maxpacket: 32
[  532.855421][ T1057] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  532.864277][ T1057] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  532.900464][ T1057] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  532.910255][ T1057] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  532.919262][ T1057] usb 2-1: Product: syz
[  532.923846][ T1057] usb 2-1: Manufacturer: syz
[  532.928722][ T1057] usb 2-1: SerialNumber: syz
[  532.940204][ T1057] usb 2-1: config 0 descriptor??
[  532.973657][ T1057] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  533.008811][ T1521] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  533.020461][ T1521] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  533.021106][ T1057] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  533.032692][ T1521] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  533.049016][ T1521] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.110481][ T1521] usb 4-1: config 0 descriptor??
[  533.176146][ T7850] netlink: 'syz.0.714': attribute type 2 has an invalid length.
[  533.193542][ T7850] netlink: 'syz.0.714': attribute type 1 has an invalid length.
[  533.445333][ T7845] loop3: detected capacity change from 0 to 256
[  533.483834][ T7845] vfat: Bad value for 'fmask'
[  533.665209][ T7857] FAULT_INJECTION: forcing a failure.
[  533.665209][ T7857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.679452][ T7857] CPU: 0 UID: 0 PID: 7857 Comm: syz.0.716 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  533.690386][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  533.700699][ T7857] Call Trace:
[  533.704187][ T7857]  <TASK>
[  533.707405][ T7857]  dump_stack_lvl+0x216/0x2d0
[  533.712378][ T7857]  dump_stack+0x1e/0x30
[  533.716803][ T7857]  should_fail_ex+0x74e/0x800
[  533.721826][ T7857]  should_fail+0x2a/0x40
[  533.726383][ T7857]  should_fail_usercopy+0x2e/0x40
[  533.731748][ T7857]  _copy_from_user+0x33/0x160
[  533.736759][ T7857]  get_user_ifreq+0x12c/0x310
[  533.741771][ T7857]  sock_do_ioctl+0x16e/0x540
[  533.746714][ T7857]  ? kmsan_get_metadata+0x13e/0x1c0
[  533.752268][ T7857]  sock_ioctl+0x727/0xd70
[  533.756927][ T7857]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  533.763368][ T7857]  ? __pfx_sock_ioctl+0x10/0x10
[  533.768564][ T7857]  __se_sys_ioctl+0x261/0x450
[  533.773561][ T7857]  __x64_sys_ioctl+0x96/0xe0
[  533.778444][ T7857]  x64_sys_call+0x1a06/0x3c10
[  533.783446][ T7857]  do_syscall_64+0xcd/0x1e0
[  533.788246][ T7857]  ? clear_bhb_loop+0x25/0x80
[  533.793233][ T7857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.799492][ T7857] RIP: 0033:0x7fcbfdf773b9
[  533.804184][ T7857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.824128][ T7857] RSP: 002b:00007fcbfed5a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  533.832893][ T7857] RAX: ffffffffffffffda RBX: 00007fcbfe105f80 RCX: 00007fcbfdf773b9
[  533.841144][ T7857] RDX: 0000000020000040 RSI: 0000000000008911 RDI: 0000000000000004
[  533.849467][ T7857] RBP: 00007fcbfed5a0a0 R08: 0000000000000000 R09: 0000000000000000
[  533.857688][ T7857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.865917][ T7857] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  533.874172][ T7857]  </TASK>
[  533.959841][ T1521] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  534.013831][ T1521] hid-thrustmaster 0003:044F:B65D.000D: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.3-1/input0
[  534.027371][ T1521] hid-thrustmaster 0003:044F:B65D.000D: Wrong number of endpoints?
[  534.253464][    C1] hid-thrustmaster 0003:044F:B65D.000D: URB to get model id failed with error -71
[  534.298571][ T1057] usb 4-1: USB disconnect, device number 24
[  534.824963][   T10] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  535.042016][   T10] usb 1-1: Using ep0 maxpacket: 16
[  535.074334][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.085989][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  535.096292][   T10] usb 1-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  535.105937][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.137593][   T10] usb 1-1: config 0 descriptor??
[  535.322137][ T1057] usb 2-1: USB disconnect, device number 20
[  535.342889][ T1521] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  535.373438][ T1057] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  535.570242][ T7872] netlink: 'syz.0.720': attribute type 5 has an invalid length.
[  535.590321][ T1521] usb 4-1: Using ep0 maxpacket: 16
[  535.627547][ T1521] usb 4-1: config 0 has no interfaces?
[  535.672123][ T1521] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  535.681093][   T10] hid-alps 0003:044E:120C.000E: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.0-1/input0
[  535.681876][ T1521] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  535.704647][ T1521] usb 4-1: Product: syz
[  535.709114][ T1521] usb 4-1: Manufacturer: syz
[  535.714349][ T1521] usb 4-1: SerialNumber: syz
[  535.766890][ T1521] usb 4-1: config 0 descriptor??
[  535.865750][ T7872] netlink: 64 bytes leftover after parsing attributes in process `syz.0.720'.
[  535.907603][   T10] usb 1-1: USB disconnect, device number 39
[  536.004658][ T7885] Invalid ELF section header size
[  536.412460][ T1521] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  536.483693][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  536.607128][ T5244] usb 4-1: USB disconnect, device number 25
[  536.627228][ T1521] usb 5-1: config 0 has no interfaces?
[  536.633336][ T1521] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  536.642841][ T1521] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.695573][ T1521] usb 5-1: config 0 descriptor??
[  537.772128][ T1521] usb 5-1: string descriptor 0 read error: -71
[  537.823290][ T1521] usb 5-1: USB disconnect, device number 39
[  538.297733][ T7904] loop2: detected capacity change from 0 to 512
[  538.475572][ T7904] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.490118][ T7904] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  538.962468][ T6199] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.222074][ T5244] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  539.497335][ T5244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  539.509143][ T5244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  539.519560][ T5244] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  539.529094][ T5244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.599307][ T5244] usb 1-1: config 0 descriptor??
[  539.872491][   T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  539.976172][ T7928] FAULT_INJECTION: forcing a failure.
[  539.976172][ T7928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.990042][ T7928] CPU: 0 UID: 0 PID: 7928 Comm: syz.4.738 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  540.000997][ T7928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  540.011340][ T7928] Call Trace:
[  540.014859][ T7928]  <TASK>
[  540.018023][ T7928]  dump_stack_lvl+0x216/0x2d0
[  540.023053][ T7928]  dump_stack+0x1e/0x30
[  540.027518][ T7928]  should_fail_ex+0x74e/0x800
[  540.032576][ T7928]  should_fail+0x2a/0x40
[  540.037179][ T7928]  should_fail_usercopy+0x2e/0x40
[  540.042589][ T7928]  _copy_from_user+0x33/0x160
[  540.047617][ T7928]  rtc_dev_ioctl+0x23a/0x1d10
[  540.052655][ T7928]  ? kmsan_get_metadata+0x13e/0x1c0
[  540.058330][ T7928]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  540.064518][ T7928]  ? kmsan_get_metadata+0x13e/0x1c0
[  540.070092][ T7928]  ? __pfx_rtc_dev_ioctl+0x10/0x10
[  540.075564][ T7928]  __se_sys_ioctl+0x261/0x450
[  540.080583][ T7928]  __x64_sys_ioctl+0x96/0xe0
[  540.085512][ T7928]  x64_sys_call+0x1a06/0x3c10
[  540.090551][ T7928]  do_syscall_64+0xcd/0x1e0
[  540.095377][ T7928]  ? clear_bhb_loop+0x25/0x80
[  540.100377][ T7928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.106677][ T7928] RIP: 0033:0x7f3a325773b9
[  540.111383][ T7928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.131353][ T7928] RSP: 002b:00007f3a33288048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  540.140134][ T7928] RAX: ffffffffffffffda RBX: 00007f3a32705f80 RCX: 00007f3a325773b9
[  540.148412][ T7928] RDX: 0000000020000000 RSI: 000000004028700f RDI: 0000000000000003
[  540.156684][ T7928] RBP: 00007f3a332880a0 R08: 0000000000000000 R09: 0000000000000000
[  540.164956][ T7928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.173216][ T7928] R13: 000000000000000b R14: 00007f3a32705f80 R15: 00007ffe704e19b8
[  540.181795][ T7928]  </TASK>
[  540.208662][ T5244] hid-thrustmaster 0003:044F:B65D.000F: unknown main item tag 0x0
[  540.243012][ T5244] hid-thrustmaster 0003:044F:B65D.000F: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0
[  540.262818][ T5244] hid-thrustmaster 0003:044F:B65D.000F: Wrong number of endpoints?
[  540.313002][ T1521] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  540.318735][   T10] usb 4-1: Using ep0 maxpacket: 32
[  540.376908][   T10] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  540.386260][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  540.471631][   T10] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  540.481459][   T10] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  540.490405][   T10] usb 4-1: Product: syz
[  540.494944][   T10] usb 4-1: Manufacturer: syz
[  540.499813][   T10] usb 4-1: SerialNumber: syz
[  540.513650][    C1] hid-thrustmaster 0003:044F:B65D.000F: URB to get model id failed with error -71
[  540.521860][ T4639] usb 1-1: USB disconnect, device number 40
[  540.535182][ T1521] usb 2-1: Using ep0 maxpacket: 16
[  540.574066][   T10] usb 4-1: config 0 descriptor??
[  540.576467][ T1521] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.590569][ T1521] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  540.600978][ T1521] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  540.608909][   T10] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  540.612393][ T1521] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.672419][   T10] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  540.674429][ T1521] usb 2-1: config 0 descriptor??
[  540.790468][ T7932] netlink: 209848 bytes leftover after parsing attributes in process `syz.4.740'.
[  540.801158][ T7932] netlink: zone id is out of range
[  540.806762][ T7932] netlink: zone id is out of range
[  540.812486][ T7932] netlink: zone id is out of range
[  541.117265][ T7929] netlink: 'syz.1.739': attribute type 5 has an invalid length.
[  541.175949][ T4639] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  541.290833][ T1521] hid-alps 0003:044E:120C.0010: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.1-1/input0
[  541.381784][ T4639] usb 3-1: Using ep0 maxpacket: 16
[  541.408991][ T4639] usb 3-1: config 0 has no interfaces?
[  541.448807][ T7929] netlink: 64 bytes leftover after parsing attributes in process `syz.1.739'.
[  541.467444][ T4639] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  541.482982][ T4639] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  541.494113][ T4639] usb 3-1: Product: syz
[  541.498562][ T4639] usb 3-1: Manufacturer: syz
[  541.503966][ T4639] usb 3-1: SerialNumber: syz
[  541.522707][   T10] usb 2-1: USB disconnect, device number 21
[  541.544436][ T4639] usb 3-1: config 0 descriptor??
[  541.805046][ T1521] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  542.050886][ T1521] usb 1-1: config 0 has no interfaces?
[  542.059452][ T1521] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  542.069533][ T1521] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.103865][ T1521] usb 1-1: config 0 descriptor??
[  542.379361][ T1521] usb 1-1: string descriptor 0 read error: -71
[  542.406178][ T1521] usb 1-1: USB disconnect, device number 41
[  542.462636][ T5244] usb 3-1: USB disconnect, device number 25
[  542.875286][ T4639] usb 4-1: USB disconnect, device number 26
[  542.923394][ T4639] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  543.308537][ T7960] loop4: detected capacity change from 0 to 128
[  543.383520][ T7960] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  543.452600][ T7960] ext4 filesystem being mounted at /169/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  543.665784][ T7968] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  543.734348][   T10] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  544.005277][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.016990][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.027391][   T10] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  544.040844][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.151939][   T10] usb 3-1: config 0 descriptor??
[  544.301362][ T5189] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  544.410274][ T7965] loop2: detected capacity change from 0 to 256
[  544.413518][ T1521] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  544.456008][ T7965] vfat: Bad value for 'fmask'
[  544.681935][ T1521] usb 1-1: Using ep0 maxpacket: 16
[  544.717416][ T1521] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.729336][ T1521] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.739635][ T1521] usb 1-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  544.749182][ T1521] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.789759][   T10] hid-thrustmaster 0003:044F:B65D.0011: unknown main item tag 0x0
[  544.811438][ T1521] usb 1-1: config 0 descriptor??
[  544.871421][   T10] hid-thrustmaster 0003:044F:B65D.0011: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0
[  544.884963][   T10] hid-thrustmaster 0003:044F:B65D.0011: Wrong number of endpoints?
[  545.075133][    C0] hid-thrustmaster 0003:044F:B65D.0011: URB to get model id failed with error -71
[  545.103067][   T10] usb 3-1: USB disconnect, device number 26
[  545.216889][ T7986] FAULT_INJECTION: forcing a failure.
[  545.216889][ T7986] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  545.230972][ T7986] CPU: 0 UID: 0 PID: 7986 Comm: syz.4.760 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  545.241924][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  545.252275][ T7986] Call Trace:
[  545.255781][ T7986]  <TASK>
[  545.258924][ T7986]  dump_stack_lvl+0x216/0x2d0
[  545.263943][ T7986]  dump_stack+0x1e/0x30
[  545.268407][ T7986]  should_fail_ex+0x74e/0x800
[  545.273470][ T7986]  should_fail+0x2a/0x40
[  545.278071][ T7986]  should_fail_usercopy+0x2e/0x40
[  545.283361][ T7976] netlink: 'syz.0.755': attribute type 5 has an invalid length.
[  545.291266][ T7986]  _copy_to_user+0x33/0x110
[  545.296660][ T7986]  simple_read_from_buffer+0x199/0x340
[  545.302523][ T7986]  proc_fail_nth_read+0x1e8/0x2c0
[  545.307900][ T7986]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  545.313761][ T7986]  vfs_read+0x2a1/0xf60
[  545.318245][ T7986]  ? kmsan_get_metadata+0x13e/0x1c0
[  545.323781][ T7986]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  545.330463][ T7986]  ksys_read+0x20f/0x4c0
[  545.335012][ T7986]  __x64_sys_read+0x93/0xe0
[  545.339826][ T7986]  x64_sys_call+0x347b/0x3c10
[  545.344826][ T7986]  do_syscall_64+0xcd/0x1e0
[  545.349609][ T7986]  ? clear_bhb_loop+0x25/0x80
[  545.354582][ T7986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.360859][ T7986] RIP: 0033:0x7f3a32575dfc
[  545.365617][ T7986] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  545.385564][ T7986] RSP: 002b:00007f3a33288040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  545.394301][ T7986] RAX: ffffffffffffffda RBX: 00007f3a32705f80 RCX: 00007f3a32575dfc
[  545.402547][ T7986] RDX: 000000000000000f RSI: 00007f3a332880b0 RDI: 0000000000000003
[  545.410775][ T7986] RBP: 00007f3a332880a0 R08: 0000000000000000 R09: 0000000000000000
[  545.419093][ T7986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  545.427331][ T7986] R13: 000000000000000b R14: 00007f3a32705f80 R15: 00007ffe704e19b8
[  545.435588][ T7986]  </TASK>
[  545.656035][ T1521] hid-alps 0003:044E:120C.0012: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.0-1/input0
[  545.742983][ T7976] netlink: 64 bytes leftover after parsing attributes in process `syz.0.755'.
[  545.768788][ T1521] usb 1-1: USB disconnect, device number 42
[  545.993622][   T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  546.072002][ T4639] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  546.126956][ T1057] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  546.212532][   T10] usb 2-1: Using ep0 maxpacket: 16
[  546.228458][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  546.257574][   T10] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  546.267318][   T10] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  546.276261][   T10] usb 2-1: Product: syz
[  546.280718][   T10] usb 2-1: Manufacturer: syz
[  546.285707][   T10] usb 2-1: SerialNumber: syz
[  546.314660][ T4639] usb 4-1: config 0 has no interfaces?
[  546.320595][ T4639] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  546.330270][ T4639] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.341268][ T1057] usb 5-1: Using ep0 maxpacket: 32
[  546.350962][   T10] usb 2-1: config 0 descriptor??
[  546.390243][ T1057] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  546.402996][ T1057] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  546.426319][ T4639] usb 4-1: config 0 descriptor??
[  546.450782][ T1057] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  546.460714][ T1057] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  546.469954][ T1057] usb 5-1: Product: syz
[  546.474774][ T1057] usb 5-1: Manufacturer: syz
[  546.479820][ T1057] usb 5-1: SerialNumber: syz
[  546.518367][ T1057] usb 5-1: config 0 descriptor??
[  546.556178][ T1057] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  546.610744][ T1057] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  546.725848][ T4639] usb 4-1: string descriptor 0 read error: -71
[  546.736657][ T4639] usb 4-1: USB disconnect, device number 27
[  547.224697][ T1521] usb 2-1: USB disconnect, device number 22
[  548.582850][ T8021] fuse: Unknown parameter 'grouP_id'
[  548.832264][ T1521] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  548.840185][ T5243] usb 5-1: USB disconnect, device number 40
[  548.868911][ T5243] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  548.904989][ T4639] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  549.087702][ T1521] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  549.100948][ T1521] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  549.125783][ T1521] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  549.133331][ T4639] usb 2-1: config 16 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  549.137083][ T1521] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.148255][ T4639] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  549.171689][ T4639] usb 2-1: config 16 has no interfaces?
[  549.177607][ T4639] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  549.187136][ T4639] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.230861][ T1521] usb 3-1: config 0 descriptor??
[  549.540792][ T8031] loop2: detected capacity change from 0 to 256
[  549.553996][ T8031] vfat: Bad value for 'fmask'
[  549.870476][ T1521] usbhid 3-1:0.0: can't add hid device: -71
[  549.883452][ T1521] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  549.912061][ T1521] usb 3-1: USB disconnect, device number 27
[  550.010471][ T8046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.780'.
[  550.143849][ T5244] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  550.351870][ T5243] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  550.382311][ T5244] usb 4-1: config 0 has no interfaces?
[  550.392183][ T5244] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  550.403129][ T5244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.449755][ T5244] usb 4-1: config 0 descriptor??
[  550.573099][ T5243] usb 5-1: Using ep0 maxpacket: 16
[  550.614041][ T5243] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  550.666590][ T5243] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  550.676567][ T5243] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  550.685488][ T5243] usb 5-1: Product: syz
[  550.689927][ T5243] usb 5-1: Manufacturer: syz
[  550.698966][ T5243] usb 5-1: SerialNumber: syz
[  550.723818][ T5244] usb 4-1: string descriptor 0 read error: -71
[  550.752887][ T5243] usb 5-1: config 0 descriptor??
[  550.763436][ T5244] usb 4-1: USB disconnect, device number 28
[  550.882031][ T8056] loop2: detected capacity change from 0 to 47
[  551.078974][ T8060] MINIX-fs: deleted inode referenced: 9
[  551.117562][ T8056] FAULT_INJECTION: forcing a failure.
[  551.117562][ T8056] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  551.131919][ T8056] CPU: 0 UID: 0 PID: 8056 Comm: syz.2.782 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  551.142858][ T8056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  551.153155][ T8056] Call Trace:
[  551.156621][ T8056]  <TASK>
[  551.159739][ T8056]  dump_stack_lvl+0x216/0x2d0
[  551.164723][ T8056]  dump_stack+0x1e/0x30
[  551.169149][ T8056]  should_fail_ex+0x74e/0x800
[  551.174171][ T8056]  should_fail_alloc_page+0x235/0x2b0
[  551.179879][ T8056]  __alloc_pages_noprof+0x33b/0xe70
[  551.185399][ T8056]  alloc_pages_mpol_noprof+0x299/0x990
[  551.191189][ T8056]  ? kmsan_get_metadata+0x13e/0x1c0
[  551.196756][ T8056]  vma_alloc_folio_noprof+0x454/0x7f0
[  551.202474][ T8056]  handle_mm_fault+0x8c86/0xe1b0
[  551.207756][ T8056]  ? kmsan_get_metadata+0x13e/0x1c0
[  551.213384][ T8056]  ? kmsan_get_metadata+0x13e/0x1c0
[  551.218952][ T8056]  exc_page_fault+0x41b/0x700
[  551.223958][ T8056]  asm_exc_page_fault+0x2b/0x30
[  551.229085][ T8056] RIP: 0033:0x7f20cb9246cb
[  551.233750][ T8056] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[  551.253675][ T8056] RSP: 002b:00007f20cc700e20 EFLAGS: 00010246
[  551.260055][ T8056] RAX: 00007f20cc702f40 RBX: 00007f20cbad5620 RCX: 0000000000000000
[  551.268277][ T8056] RDX: 00007f20cc702f88 RSI: 00007f20cb9d5900 RDI: 00007f20cc700e40
[  551.276499][ T8056] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  551.284706][ T8056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.292910][ T8056] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  551.301152][ T8056]  </TASK>
[  551.306238][ T8056] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  551.536361][ T5244] usb 2-1: USB disconnect, device number 23
[  551.589282][ T5243] usb 5-1: USB disconnect, device number 41
[  552.358222][ T8083] tap0: tun_chr_ioctl cmd 1074025677
[  552.365298][ T8082] loop3: detected capacity change from 0 to 256
[  552.365904][ T8083] tap0: linktype set to 256
[  552.390337][ T8082] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  552.831929][ T5244] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  553.133795][ T5244] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  553.144659][ T5244] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99
[  553.157879][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.310763][ T5244] usb 5-1: config 0 descriptor??
[  553.364146][ T5244] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  553.391277][ T8082] FAT-fs (loop3): FAT read failed (blocknr 64)
[  553.779642][ T8085] loop4: detected capacity change from 0 to 256
[  553.837575][ T8085] vfat: Unknown parameter 'fmas000000000000000040'
[  554.014083][ T8085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  554.023387][ T8085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  554.167955][ T8085] Bluetooth: MGMT ver 1.23
[  554.172183][ T1521] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  554.323414][ T5244] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2
[  554.347176][ T5244] usb 5-1: USB disconnect, device number 42
[  554.425721][ T1521] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  554.439365][ T1521] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  554.451069][ T1521] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  554.464011][ T1521] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.548846][ T1521] usb 2-1: config 0 descriptor??
[  554.845694][ T8089] loop1: detected capacity change from 0 to 256
[  554.845968][ T5243] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  554.865549][ T8089] vfat: Bad value for 'fmask'
[  555.118315][ T8103] loop3: detected capacity change from 0 to 128
[  555.132357][ T1521] usbhid 2-1:0.0: can't add hid device: -71
[  555.139234][ T1521] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  555.206877][ T5243] usb 1-1: config 0 has no interfaces?
[  555.212918][ T5243] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  555.222642][ T5243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.230926][ T1521] usb 2-1: USB disconnect, device number 24
[  555.233532][ T8103] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  555.295693][ T5243] usb 1-1: config 0 descriptor??
[  555.398719][ T8103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  555.552675][ T5243] usb 1-1: string descriptor 0 read error: -71
[  555.566911][ T5243] usb 1-1: USB disconnect, device number 43
[  556.436724][ T4639] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  556.670380][ T4639] usb 3-1: Using ep0 maxpacket: 16
[  556.708154][ T4639] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  556.749937][ T4639] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  556.759556][ T4639] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  556.768221][ T4639] usb 3-1: Product: syz
[  556.773482][ T4639] usb 3-1: Manufacturer: syz
[  556.778462][ T4639] usb 3-1: SerialNumber: syz
[  556.821047][ T4639] usb 3-1: config 0 descriptor??
[  556.993211][ T5243] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  557.164046][ T8124] FAULT_INJECTION: forcing a failure.
[  557.164046][ T8124] name failslab, interval 1, probability 0, space 0, times 0
[  557.177411][ T8124] CPU: 0 UID: 0 PID: 8124 Comm: syz.4.806 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  557.188371][ T8124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  557.198893][ T8124] Call Trace:
[  557.202404][ T8124]  <TASK>
[  557.205549][ T8124]  dump_stack_lvl+0x216/0x2d0
[  557.210561][ T8124]  dump_stack+0x1e/0x30
[  557.215041][ T8124]  should_fail_ex+0x74e/0x800
[  557.220111][ T8124]  should_failslab+0x17f/0x210
[  557.225257][ T8124]  kmem_cache_alloc_noprof+0xe2/0xb20
[  557.230990][ T8124]  ? security_inode_alloc+0x7e/0x280
[  557.236637][ T8124]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  557.242886][ T8124]  security_inode_alloc+0x7e/0x280
[  557.248370][ T8124]  inode_init_always+0x725/0x7d0
[  557.253677][ T8124]  alloc_inode+0x125/0x460
[  557.258451][ T8124]  new_inode+0x38/0x480
[  557.262946][ T8124]  binderfs_binder_device_create+0x3c6/0x13e0
[  557.269407][ T8124]  ? kmsan_get_metadata+0x13e/0x1c0
[  557.274994][ T8124]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  557.281459][ T8124]  binder_ctl_ioctl+0x182/0x1a0
[  557.286667][ T8124]  ? __pfx_binder_ctl_ioctl+0x10/0x10
[  557.292377][ T8124]  __se_sys_ioctl+0x261/0x450
[  557.297415][ T8124]  __x64_sys_ioctl+0x96/0xe0
[  557.302346][ T8124]  x64_sys_call+0x1a06/0x3c10
[  557.307392][ T8124]  do_syscall_64+0xcd/0x1e0
[  557.312213][ T8124]  ? clear_bhb_loop+0x25/0x80
[  557.317227][ T8124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.323529][ T8124] RIP: 0033:0x7f3a325773b9
[  557.328229][ T8124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.348362][ T8124] RSP: 002b:00007f3a33288048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  557.357234][ T8124] RAX: ffffffffffffffda RBX: 00007f3a32705f80 RCX: 00007f3a325773b9
[  557.365521][ T8124] RDX: 0000000020000040 RSI: 00000000c1086201 RDI: 0000000000000003
[  557.373791][ T8124] RBP: 00007f3a332880a0 R08: 0000000000000000 R09: 0000000000000000
[  557.382062][ T8124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.390330][ T8124] R13: 000000000000000b R14: 00007f3a32705f80 R15: 00007ffe704e19b8
[  557.398626][ T8124]  </TASK>
[  558.712710][ T1057] usb 3-1: USB disconnect, device number 28
[  559.815496][ T1521] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  560.122278][ T5243] usb 1-1: unable to get BOS descriptor or descriptor too short
[  560.124907][ T1521] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.141650][ T1521] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  560.142830][ T5243] usb 1-1: unable to read config index 0 descriptor/start: -71
[  560.151814][ T1521] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  560.159337][ T5243] usb 1-1: can't read configurations, error -71
[  560.170509][ T1521] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.303153][ T1521] usb 5-1: config 0 descriptor??
[  560.617382][ T8138] loop4: detected capacity change from 0 to 256
[  560.619719][ T8138] vfat: Bad value for 'fmask'
[  560.652455][ T8144] loop1: detected capacity change from 0 to 512
[  560.703765][ T8144] EXT4-fs: Ignoring removed oldalloc option
[  560.872302][ T8144] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  560.889659][ T8144] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it
[  560.900481][ T8144] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.811: Corrupt directory, running e2fsck is recommended
[  560.952221][ T1521] usbhid 5-1:0.0: can't add hid device: -71
[  560.959299][ T1521] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  560.994063][ T1521] usb 5-1: USB disconnect, device number 43
[  561.358459][ T8144] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  561.369877][ T8144] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.811: corrupted in-inode xattr: invalid ea_ino
[  561.421664][ T8144] EXT4-fs (loop1): Remounting filesystem read-only
[  561.430534][ T8144] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.592195][ T8141] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  561.605673][ T8141] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it
[  561.616585][ T8141] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.811: Corrupt directory, running e2fsck is recommended
[  561.772048][ T1521] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  561.963767][ T1521] usb 3-1: Using ep0 maxpacket: 32
[  561.992324][ T6135] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  562.034395][ T1521] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  562.048412][ T1521] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  562.068679][ T1521] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.143307][ T1521] usb 3-1: config 0 descriptor??
[  562.219452][ T1521] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  562.243668][ T5244] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  562.322509][ T6135] usb 1-1: Using ep0 maxpacket: 32
[  562.347425][ T6135] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  562.361343][ T6135] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  562.373599][ T6135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.415940][ T6135] usb 1-1: config 0 descriptor??
[  562.465596][ T6135] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  562.489873][ T7184] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.501795][ T1057] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  562.546104][ T5244] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  562.559808][ T5244] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  562.569195][ T5244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.627608][ T5244] usb 4-1: config 0 descriptor??
[  562.705861][ T5244] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  562.842000][ T1057] usb 5-1: Using ep0 maxpacket: 16
[  562.873639][ T1057] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  562.889644][ T1057] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  562.901214][ T1057] usb 5-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  562.910782][ T1057] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.984591][ T1057] usb 5-1: config 0 descriptor??
[  563.230687][ T8160] Bluetooth: MGMT ver 1.23
[  563.334643][ T5244] usb 4-1: USB disconnect, device number 29
[  563.431397][ T8162] netlink: 'syz.4.819': attribute type 5 has an invalid length.
[  563.640387][ T1057] hid-alps 0003:044E:120C.0013: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.4-1/input0
[  563.773924][ T8170] FAULT_INJECTION: forcing a failure.
[  563.773924][ T8170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.788201][ T8170] CPU: 1 UID: 0 PID: 8170 Comm: syz.1.821 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  563.799142][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  563.809453][ T8170] Call Trace:
[  563.812927][ T8170]  <TASK>
[  563.816045][ T8170]  dump_stack_lvl+0x216/0x2d0
[  563.820969][ T8170]  dump_stack+0x1e/0x30
[  563.825321][ T8170]  should_fail_ex+0x74e/0x800
[  563.830268][ T8170]  should_fail+0x2a/0x40
[  563.834773][ T8170]  should_fail_usercopy+0x2e/0x40
[  563.840079][ T8170]  _copy_from_user+0x33/0x160
[  563.845072][ T8170]  io_submit_one+0x67/0x3280
[  563.850036][ T8170]  ? kmsan_get_metadata+0x13e/0x1c0
[  563.855604][ T8170]  ? kmsan_get_metadata+0x13e/0x1c0
[  563.861204][ T8170]  ? kmsan_get_metadata+0x13e/0x1c0
[  563.866765][ T8170]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  563.872948][ T8170]  __se_sys_io_submit+0x275/0x700
[  563.874766][ T8162] netlink: 64 bytes leftover after parsing attributes in process `syz.4.819'.
[  563.878251][ T8170]  __x64_sys_io_submit+0x96/0xe0
[  563.878446][ T8170]  x64_sys_call+0xbed/0x3c10
[  563.897350][ T8170]  do_syscall_64+0xcd/0x1e0
[  563.902183][ T8170]  ? clear_bhb_loop+0x25/0x80
[  563.907289][ T8170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.913591][ T8170] RIP: 0033:0x7fd4077773b9
[  563.915954][ T1057] usb 5-1: USB disconnect, device number 44
[  563.918186][ T8170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.918333][ T8170] RSP: 002b:00007fd408550048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  563.952961][ T8170] RAX: ffffffffffffffda RBX: 00007fd407905f80 RCX: 00007fd4077773b9
[  563.961264][ T8170] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 00007fd40852f000
[  563.969533][ T8170] RBP: 00007fd4085500a0 R08: 0000000000000000 R09: 0000000000000000
[  563.977802][ T8170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.986048][ T8170] R13: 000000000000000b R14: 00007fd407905f80 R15: 00007ffe388897a8
[  563.994340][ T8170]  </TASK>
[  564.650863][ T1057] usb 3-1: USB disconnect, device number 29
[  564.712112][ T5243] usb 1-1: USB disconnect, device number 46
[  564.982337][ T8182] capability: warning: `syz.0.825' uses 32-bit capabilities (legacy support in use)
[  564.993585][ T8179] loop2: detected capacity change from 0 to 256
[  565.034637][ T6135] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  565.274467][ T6135] usb 2-1: Using ep0 maxpacket: 16
[  565.321943][ T6135] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  565.332634][ T6135] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  565.410522][ T6135] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  565.422325][ T6135] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  565.430822][ T6135] usb 2-1: Product: syz
[  565.435887][ T6135] usb 2-1: Manufacturer: syz
[  565.444421][ T6135] usb 2-1: SerialNumber: syz
[  565.483823][ T6135] usb 2-1: config 0 descriptor??
[  565.525903][ T6135] usb 2-1: NFC: intf ffff888117ed9c00 id ffffffff919101d0
[  565.875025][ T8192] loop4: detected capacity change from 0 to 512
[  566.092617][ T8192] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  566.132875][ T8192] EXT4-fs (loop4): 1 truncate cleaned up
[  566.140802][ T8192] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  566.286464][ T8192] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.831: Directory hole found for htree leaf block 0
[  566.318288][ T5243] usb 2-1: USB disconnect, device number 25
[  566.715845][ T5189] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  567.199119][ T8200] netlink: 40 bytes leftover after parsing attributes in process `syz.2.833'.
[  567.905028][ T8206] FAULT_INJECTION: forcing a failure.
[  567.905028][ T8206] name failslab, interval 1, probability 0, space 0, times 0
[  567.908684][ T8190] loop3: detected capacity change from 0 to 32768
[  567.918330][ T8206] CPU: 0 UID: 0 PID: 8206 Comm: syz.1.836 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  567.929034][ T6135] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  567.935266][ T8206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  567.935357][ T8206] Call Trace:
[  567.935411][ T8206]  <TASK>
[  567.935468][ T8206]  dump_stack_lvl+0x216/0x2d0
[  567.964979][ T8206]  dump_stack+0x1e/0x30
[  567.969445][ T8206]  should_fail_ex+0x74e/0x800
[  567.974510][ T8206]  should_failslab+0x17f/0x210
[  567.979642][ T8206]  __kmalloc_noprof+0x175/0xf30
[  567.984842][ T8206]  ? tomoyo_encode+0x5f8/0xa40
[  567.989954][ T8206]  ? kmsan_get_metadata+0x13e/0x1c0
[  567.995528][ T8206]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  568.001737][ T8206]  tomoyo_encode+0x5f8/0xa40
[  568.006690][ T8206]  tomoyo_mount_permission+0x655/0x10a0
[  568.012593][ T8206]  ? kmsan_get_metadata+0x13e/0x1c0
[  568.018265][ T8206]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  568.024477][ T8206]  tomoyo_sb_mount+0x4f/0x70
[  568.029383][ T8206]  ? __pfx_tomoyo_sb_mount+0x10/0x10
[  568.035063][ T8206]  security_sb_mount+0xbd/0x170
[  568.040221][ T8206]  path_mount+0x109/0x1f10
[  568.044932][ T8206]  ? user_path_at+0x32f/0x390
[  568.049905][ T8206]  __se_sys_mount+0x722/0x810
[  568.054915][ T8206]  __x64_sys_mount+0xe4/0x150
[  568.059908][ T8206]  x64_sys_call+0xed5/0x3c10
[  568.064817][ T8206]  do_syscall_64+0xcd/0x1e0
[  568.069604][ T8206]  ? clear_bhb_loop+0x25/0x80
[  568.074566][ T8206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.080812][ T8206] RIP: 0033:0x7fd4077773b9
[  568.085489][ T8206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.105515][ T8206] RSP: 002b:00007fd408550048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  568.114275][ T8206] RAX: ffffffffffffffda RBX: 00007fd407905f80 RCX: 00007fd4077773b9
[  568.122514][ T8206] RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
[  568.130738][ T8206] RBP: 00007fd4085500a0 R08: 0000000020000200 R09: 0000000000000000
[  568.138972][ T8206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  568.147183][ T8206] R13: 000000000000000b R14: 00007fd407905f80 R15: 00007ffe388897a8
[  568.155443][ T8206]  </TASK>
[  568.183428][ T8190] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.830 (8190)
[  568.209837][ T8190] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  568.220697][ T8190] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm
[  568.232455][ T8190] BTRFS info (device loop3): using free-space-tree
[  568.364103][ T6135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  568.375599][ T6135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  568.386552][ T6135] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  568.390846][ T8213] loop4: detected capacity change from 0 to 47
[  568.396831][ T6135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.459555][ T6135] usb 1-1: config 0 descriptor??
[  568.689612][ T6135] usb 1-1: can't set config #0, error -71
[  568.742709][ T8190] BTRFS error (device loop3): open_ctree failed
[  568.825843][ T6135] usb 1-1: USB disconnect, device number 47
[  569.175889][ T5244] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  569.392129][ T5244] usb 2-1: Using ep0 maxpacket: 32
[  569.426912][ T5244] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  569.439377][ T5244] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  569.516944][ T5244] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  569.526760][ T5244] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  569.539464][ T5244] usb 2-1: Product: syz
[  569.545192][ T5244] usb 2-1: Manufacturer: syz
[  569.550073][ T5244] usb 2-1: SerialNumber: syz
[  569.603858][ T5244] usb 2-1: config 0 descriptor??
[  569.643988][ T5244] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  569.670033][ T5244] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  569.902928][   T10] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  570.122071][   T10] usb 5-1: Using ep0 maxpacket: 16
[  570.151967][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  570.163963][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  570.237191][   T10] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  570.247056][   T10] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  570.259414][   T10] usb 5-1: Product: syz
[  570.265301][   T10] usb 5-1: Manufacturer: syz
[  570.270176][   T10] usb 5-1: SerialNumber: syz
[  570.296643][   T10] usb 5-1: config 0 descriptor??
[  570.309943][   T10] usb 5-1: NFC: intf ffff88803f212400 id ffffffff919101d0
[  571.551879][ T5244] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  571.808770][ T5244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  571.820568][ T5244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  571.838959][   T10] usb 2-1: USB disconnect, device number 26
[  571.846240][ T5244] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  571.847277][   T10] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  571.855673][ T5244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.879593][ T5244] usb 3-1: config 0 descriptor??
[  572.103103][ T8271] loop3: detected capacity change from 0 to 256
[  572.160817][ T8271] exFAT-fs (loop3): Invalid exboot-signature(sector = 2): 0x24550000
[  572.209544][ T8261] loop2: detected capacity change from 0 to 256
[  572.229819][ T8271] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x5119ab4a)
[  572.238184][ T8273] netlink: 20 bytes leftover after parsing attributes in process `syz.0.855'.
[  572.240723][ T8271] exFAT-fs (loop3): invalid boot region
[  572.255485][ T8271] exFAT-fs (loop3): failed to recognize exfat type
[  572.270742][ T8261] vfat: Bad value for 'fmask'
[  572.399237][ T8271] loop3: detected capacity change from 0 to 256
[  572.427830][ T8271] exfat: Unknown parameter '�0x0000000000000004'
[  572.496858][ T8271] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  572.534812][ T5244] usbhid 3-1:0.0: can't add hid device: -71
[  572.542182][ T5244] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  572.597557][ T5244] usb 3-1: USB disconnect, device number 30
[  572.752739][ T1521] usb 5-1: USB disconnect, device number 45
[  573.787412][ T8294] netlink: 'syz.2.862': attribute type 11 has an invalid length.
[  573.796389][ T8294] netlink: 134780 bytes leftover after parsing attributes in process `syz.2.862'.
[  574.832454][   T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  574.983192][ T8314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.871'.
[  574.993046][ T8314] netlink: 20 bytes leftover after parsing attributes in process `syz.1.871'.
[  575.044577][   T10] usb 4-1: Using ep0 maxpacket: 32
[  575.055603][ T8312] loop4: detected capacity change from 0 to 128
[  575.087168][   T10] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  575.097862][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  575.112025][ T5243] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  575.146282][   T10] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  575.155976][   T10] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  575.165062][   T10] usb 4-1: Product: syz
[  575.173239][   T10] usb 4-1: Manufacturer: syz
[  575.178121][   T10] usb 4-1: SerialNumber: syz
[  575.196601][   T10] usb 4-1: config 0 descriptor??
[  575.222360][   T10] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  575.235179][   T10] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  575.312443][ T5243] usb 1-1: Using ep0 maxpacket: 16
[  575.337170][ T5243] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  575.348480][ T5243] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  575.404730][ T5243] usb 1-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  575.414438][ T5243] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  575.423605][ T5243] usb 1-1: Product: syz
[  575.428038][ T5243] usb 1-1: Manufacturer: syz
[  575.433097][ T5243] usb 1-1: SerialNumber: syz
[  575.464244][ T5243] usb 1-1: config 0 descriptor??
[  575.491268][ T5243] usb 1-1: NFC: intf ffff88803f211400 id ffffffff919101d0
[  576.241462][ T8335] loop1: detected capacity change from 0 to 16
[  576.843264][ T5243] usb 1-1: USB disconnect, device number 48
[  577.504676][ T5243] usb 4-1: USB disconnect, device number 30
[  577.587215][ T5243] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  578.947008][ T8353] netlink: 'syz.2.879': attribute type 11 has an invalid length.
[  578.959598][ T8353] netlink: 134780 bytes leftover after parsing attributes in process `syz.2.879'.
[  579.637202][ T8360] delete_channel: no stack
[  579.837217][ T8357] Process accounting resumed
[  580.560738][ T8376] FAULT_INJECTION: forcing a failure.
[  580.560738][ T8376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.575033][ T8376] CPU: 1 UID: 0 PID: 8376 Comm: syz.0.890 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  580.585969][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  580.596283][ T8376] Call Trace:
[  580.599786][ T8376]  <TASK>
[  580.602922][ T8376]  dump_stack_lvl+0x216/0x2d0
[  580.607903][ T8376]  dump_stack+0x1e/0x30
[  580.612331][ T8376]  should_fail_ex+0x74e/0x800
[  580.617367][ T8376]  should_fail+0x2a/0x40
[  580.622090][ T8376]  should_fail_usercopy+0x2e/0x40
[  580.627434][ T8376]  _copy_to_user+0x33/0x110
[  580.632230][ T8376]  simple_read_from_buffer+0x199/0x340
[  580.638035][ T8376]  proc_fail_nth_read+0x1e8/0x2c0
[  580.643359][ T8376]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  580.649194][ T8376]  vfs_read+0x2a1/0xf60
[  580.653622][ T8376]  ? kmsan_get_metadata+0x13e/0x1c0
[  580.659134][ T8376]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  580.665794][ T8376]  ksys_read+0x20f/0x4c0
[  580.670336][ T8376]  __x64_sys_read+0x93/0xe0
[  580.675160][ T8376]  x64_sys_call+0x347b/0x3c10
[  580.680165][ T8376]  do_syscall_64+0xcd/0x1e0
[  580.684946][ T8376]  ? clear_bhb_loop+0x25/0x80
[  580.689913][ T8376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.696170][ T8376] RIP: 0033:0x7fcbfdf75dfc
[  580.700941][ T8376] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  580.720866][ T8376] RSP: 002b:00007fcbfed5a040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  580.729591][ T8376] RAX: ffffffffffffffda RBX: 00007fcbfe105f80 RCX: 00007fcbfdf75dfc
[  580.737814][ T8376] RDX: 000000000000000f RSI: 00007fcbfed5a0b0 RDI: 0000000000000003
[  580.746025][ T8376] RBP: 00007fcbfed5a0a0 R08: 0000000000000000 R09: 0000000000000000
[  580.754240][ T8376] R10: 0000000000100800 R11: 0000000000000246 R12: 0000000000000001
[  580.762453][ T8376] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  580.770695][ T8376]  </TASK>
[  581.123582][ T5243] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  581.341836][ T5243] usb 4-1: Using ep0 maxpacket: 32
[  581.424561][ T5243] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  581.433398][ T5243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  581.507731][ T5243] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  581.520906][ T5243] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  581.531143][ T5243] usb 4-1: Product: syz
[  581.535995][ T5243] usb 4-1: Manufacturer: syz
[  581.540976][ T5243] usb 4-1: SerialNumber: syz
[  581.579339][ T5243] usb 4-1: config 0 descriptor??
[  581.611327][ T5243] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  581.652390][ T5243] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  582.554456][ T8385] loop2: detected capacity change from 0 to 4096
[  583.248202][ T8410] netlink: 'syz.0.899': attribute type 11 has an invalid length.
[  583.260944][ T8410] netlink: 134780 bytes leftover after parsing attributes in process `syz.0.899'.
[  583.343851][ T8411] loop4: detected capacity change from 0 to 128
[  583.818764][ T5243] usb 4-1: USB disconnect, device number 31
[  583.882040][ T5243] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  584.255352][ T5244] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  584.492124][ T5244] usb 3-1: Using ep0 maxpacket: 8
[  584.506806][ T5244] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  584.516973][ T5244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.580277][ T5244] usb 3-1: config 0 descriptor??
[  586.867929][ T8418] loop2: detected capacity change from 0 to 2048
[  587.319761][ T8435] loop3: detected capacity change from 0 to 32768
[  587.854839][ T5244] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  587.871836][ T5244] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9
[  587.975103][ T8435] loop3: detected capacity change from 0 to 64
[  587.995615][ T5244] asix 3-1:0.0: probe with driver asix failed with error -71
[  588.148151][ T5244] usb 3-1: USB disconnect, device number 31
[  588.754289][ T8457] loop1: detected capacity change from 0 to 256
[  588.868869][ T8459] fuse: Bad value for 'group_id'
[  588.874592][ T8459] fuse: Bad value for 'group_id'
[  589.064668][ T8456] netlink: 'syz.2.915': attribute type 11 has an invalid length.
[  589.073088][ T8456] netlink: 134780 bytes leftover after parsing attributes in process `syz.2.915'.
[  589.732412][ T5198] Bluetooth: hci1: command 0x0405 tx timeout
[  590.317693][ T8478] FAULT_INJECTION: forcing a failure.
[  590.317693][ T8478] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.335594][ T8478] CPU: 1 UID: 0 PID: 8478 Comm: syz.2.923 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  590.346545][ T8478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  590.357016][ T8478] Call Trace:
[  590.360489][ T8478]  <TASK>
[  590.363607][ T8478]  dump_stack_lvl+0x216/0x2d0
[  590.368569][ T8478]  dump_stack+0x1e/0x30
[  590.372986][ T8478]  should_fail_ex+0x74e/0x800
[  590.377999][ T8478]  should_fail+0x2a/0x40
[  590.382571][ T8478]  should_fail_usercopy+0x2e/0x40
[  590.387952][ T8478]  _copy_from_iter+0x1c9/0x2460
[  590.393119][ T8478]  ? __kmalloc_node_noprof+0x726/0xf50
[  590.398887][ T8478]  ? kfree+0x20/0xb70
[  590.403173][ T8478]  ? kmsan_get_metadata+0x13e/0x1c0
[  590.408707][ T8478]  file_tty_write+0x95d/0x1530
[  590.413773][ T8478]  ? kmsan_get_metadata+0x13e/0x1c0
[  590.419395][ T8478]  tty_write+0x4f/0x70
[  590.423767][ T8478]  vfs_write+0xb2f/0x1550
[  590.428419][ T8478]  ? __pfx_tty_write+0x10/0x10
[  590.433500][ T8478]  ksys_write+0x20f/0x4c0
[  590.438213][ T8478]  __x64_sys_write+0x93/0xe0
[  590.443099][ T8478]  x64_sys_call+0x3490/0x3c10
[  590.448092][ T8478]  do_syscall_64+0xcd/0x1e0
[  590.452869][ T8478]  ? clear_bhb_loop+0x25/0x80
[  590.457826][ T8478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.464063][ T8478] RIP: 0033:0x7f20cb9773b9
[  590.468809][ T8478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.488739][ T8478] RSP: 002b:00007f20cc703048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  590.497481][ T8478] RAX: ffffffffffffffda RBX: 00007f20cbb05f80 RCX: 00007f20cb9773b9
[  590.505707][ T8478] RDX: 0000000000001006 RSI: 0000000020002080 RDI: 0000000000000005
[  590.513928][ T8478] RBP: 00007f20cc7030a0 R08: 0000000000000000 R09: 0000000000000000
[  590.522173][ T8478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.530403][ T8478] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  590.538652][ T8478]  </TASK>
[  590.600325][ T8475] loop3: detected capacity change from 0 to 128
[  591.763979][ T8487] loop2: detected capacity change from 0 to 1764
[  591.776291][ T8487] iso9660: Unknown parameter '�8ȶ)���K�|�0��Љ�?8**|>��%:�u�68�AS�'
[  593.140992][ T8509] loop2: detected capacity change from 0 to 128
[  593.200871][ T8509] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  593.311416][ T8507] netlink: 84 bytes leftover after parsing attributes in process `syz.0.935'.
[  593.487042][ T8513] loop1: detected capacity change from 0 to 128
[  597.157272][ T8540] netlink: 277 bytes leftover after parsing attributes in process `syz.1.944'.
[  597.199155][ T8536] loop4: detected capacity change from 0 to 1024
[  597.250570][ T8536] EXT4-fs: Ignoring removed orlov option
[  597.257124][ T8536] EXT4-fs: Ignoring removed nomblk_io_submit option
[  597.463539][ T8536] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  597.810567][ T8553] loop3: detected capacity change from 0 to 128
[  597.947231][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  598.010005][ T8553] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  598.024610][ T8554] netlink: 84 bytes leftover after parsing attributes in process `syz.0.949'.
[  598.068072][ T5189] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  598.086218][ T8553] ext4 filesystem being mounted at /134/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  598.088682][    C1] eth0: bad gso: type: 1, size: 1408
[  598.118475][ T8556] loop1: detected capacity change from 0 to 128
[  598.230937][ T8559] loop2: detected capacity change from 0 to 256
[  598.401995][ T8559] FAULT_INJECTION: forcing a failure.
[  598.401995][ T8559] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.419422][ T8559] CPU: 1 UID: 0 PID: 8559 Comm: syz.2.952 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  598.430366][ T8559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  598.440658][ T8559] Call Trace:
[  598.444118][ T8559]  <TASK>
[  598.447231][ T8559]  dump_stack_lvl+0x216/0x2d0
[  598.452202][ T8559]  dump_stack+0x1e/0x30
[  598.456614][ T8559]  should_fail_ex+0x74e/0x800
[  598.461636][ T8559]  should_fail+0x2a/0x40
[  598.466211][ T8559]  should_fail_usercopy+0x2e/0x40
[  598.471558][ T8559]  strncpy_from_user+0x39/0x5f0
[  598.476717][ T8559]  ? kmsan_get_metadata+0x13e/0x1c0
[  598.482234][ T8559]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  598.488366][ T8559]  getname_flags+0x187/0xa30
[  598.493274][ T8559]  __x64_sys_renameat2+0xc1/0x1f0
[  598.498621][ T8559]  x64_sys_call+0x3a0f/0x3c10
[  598.503789][ T8559]  do_syscall_64+0xcd/0x1e0
[  598.508561][ T8559]  ? clear_bhb_loop+0x25/0x80
[  598.513525][ T8559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.519807][ T8559] RIP: 0033:0x7f20cb9773b9
[  598.524578][ T8559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.544513][ T8559] RSP: 002b:00007f20cc703048 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  598.553236][ T8559] RAX: ffffffffffffffda RBX: 00007f20cbb05f80 RCX: 00007f20cb9773b9
[  598.561459][ T8559] RDX: 0000000000000004 RSI: 0000000020000100 RDI: 0000000000000004
[  598.569682][ T8559] RBP: 00007f20cc7030a0 R08: 0000000000000000 R09: 0000000000000000
[  598.577896][ T8559] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001
[  598.586105][ T8559] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  598.594338][ T8559]  </TASK>
[  598.709536][ T6231] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  598.921189][ T8564] loop4: detected capacity change from 0 to 128
[  598.985583][ T8564] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  599.373023][ T8576] loop3: detected capacity change from 0 to 256
[  599.405211][ T8576] exFAT-fs (loop3): Invalid exboot-signature(sector = 2): 0x24550000
[  599.427774][ T8576] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x5119ab4a)
[  599.442866][ T8576] exFAT-fs (loop3): invalid boot region
[  599.448655][ T8576] exFAT-fs (loop3): failed to recognize exfat type
[  599.619880][ T8576] loop3: detected capacity change from 0 to 256
[  599.660444][ T8576] exfat: Unknown parameter '�0x0000000000000004'
[  599.765552][ T8576] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  600.352375][ T5244] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  600.414036][ T8591] netlink: 84 bytes leftover after parsing attributes in process `syz.1.963'.
[  600.569868][ T5244] usb 5-1: device descriptor read/64, error -71
[  600.881811][ T5244] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  600.928069][    C1] eth0: bad gso: type: 1, size: 1408
[  600.968590][ T8601] loop1: detected capacity change from 0 to 64
[  601.101430][ T8602] loop2: detected capacity change from 0 to 128
[  601.108529][ T5244] usb 5-1: device descriptor read/64, error -71
[  601.150516][ T8601] FAULT_INJECTION: forcing a failure.
[  601.150516][ T8601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.164366][ T8601] CPU: 1 UID: 0 PID: 8601 Comm: syz.1.966 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  601.175319][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  601.185750][ T8601] Call Trace:
[  601.189260][ T8601]  <TASK>
[  601.192411][ T8601]  dump_stack_lvl+0x216/0x2d0
[  601.197430][ T8601]  dump_stack+0x1e/0x30
[  601.201922][ T8601]  should_fail_ex+0x74e/0x800
[  601.206985][ T8601]  should_fail+0x2a/0x40
[  601.211586][ T8601]  should_fail_usercopy+0x2e/0x40
[  601.216953][ T8601]  strncpy_from_user+0x39/0x5f0
[  601.222293][ T8601]  ? kmsan_get_metadata+0x13e/0x1c0
[  601.227846][ T8601]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  601.234085][ T8601]  getname_flags+0x187/0xa30
[  601.239041][ T8601]  getname+0x30/0x40
[  601.243326][ T8601]  do_sys_openat2+0xc3/0x2f0
[  601.248243][ T8601]  __x64_sys_openat+0x2a1/0x310
[  601.253444][ T8601]  x64_sys_call+0x1fe/0x3c10
[  601.258347][ T8601]  do_syscall_64+0xcd/0x1e0
[  601.263171][ T8601]  ? clear_bhb_loop+0x25/0x80
[  601.268164][ T8601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.274417][ T8601] RIP: 0033:0x7fd407775d50
[  601.279104][ T8601] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8e 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8e 02 00 8b 44
[  601.299037][ T8601] RSP: 002b:00007fd40854fb80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  601.307762][ T8601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd407775d50
[  601.315985][ T8601] RDX: 0000000000000000 RSI: 00007fd40854fc20 RDI: 00000000ffffff9c
[  601.324227][ T8601] RBP: 00007fd40854fc20 R08: 0000000000000000 R09: 0000000000000000
[  601.332665][ T8601] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  601.340875][ T8601] R13: 000000000000000b R14: 00007fd407905f80 R15: 00007ffe388897a8
[  601.349116][ T8601]  </TASK>
[  601.377413][ T5244] usb usb5-port1: attempt power cycle
[  601.842581][ T5244] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  601.885773][ T5244] usb 5-1: device descriptor read/8, error -71
[  602.089814][ T8613] loop1: detected capacity change from 0 to 128
[  602.125112][ T8613] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  602.174924][ T5244] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  602.225893][ T5244] usb 5-1: device descriptor read/8, error -71
[  602.236266][ T8617] netlink: 16 bytes leftover after parsing attributes in process `syz.0.973'.
[  602.266798][ T8619] loop3: detected capacity change from 0 to 256
[  602.300483][ T8619] exFAT-fs (loop3): Invalid exboot-signature(sector = 2): 0x24550000
[  602.336478][ T8619] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x5119ab4a)
[  602.347887][ T8619] exFAT-fs (loop3): invalid boot region
[  602.354077][ T8619] exFAT-fs (loop3): failed to recognize exfat type
[  602.362957][ T5244] usb usb5-port1: unable to enumerate USB device
[  602.439120][ T8619] loop3: detected capacity change from 0 to 256
[  602.449548][ T8619] exfat: Unknown parameter '�0x0000000000000004'
[  602.521361][ T8619] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  603.210510][ T8629] netlink: 84 bytes leftover after parsing attributes in process `syz.1.976'.
[  603.358653][ T8636] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  603.565527][ T8641] tap0: tun_chr_ioctl cmd 2147767517
[  604.100022][    C1] eth0: bad gso: type: 1, size: 1408
[  604.133555][ T8647] Process accounting resumed
[  604.636163][ T8654] netlink: 16 bytes leftover after parsing attributes in process `syz.1.985'.
[  604.846140][ T8665] FAULT_INJECTION: forcing a failure.
[  604.846140][ T8665] name failslab, interval 1, probability 0, space 0, times 0
[  604.859534][ T8665] CPU: 0 UID: 0 PID: 8665 Comm: syz.2.989 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  604.870582][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  604.881004][ T8665] Call Trace:
[  604.884506][ T8665]  <TASK>
[  604.887646][ T8665]  dump_stack_lvl+0x216/0x2d0
[  604.892660][ T8665]  dump_stack+0x1e/0x30
[  604.897113][ T8665]  should_fail_ex+0x74e/0x800
[  604.902168][ T8665]  should_failslab+0x17f/0x210
[  604.907319][ T8665]  __kmalloc_noprof+0x175/0xf30
[  604.912526][ T8665]  ? tomoyo_encode+0x5f8/0xa40
[  604.917610][ T8665]  ? kmsan_get_metadata+0x13e/0x1c0
[  604.923167][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  604.929398][ T8665]  tomoyo_encode+0x5f8/0xa40
[  604.934352][ T8665]  tomoyo_realpath_from_path+0x9dd/0xaa0
[  604.940371][ T8665]  tomoyo_path_number_perm+0x1d9/0x8f0
[  604.946222][ T8665]  ? kmsan_get_metadata+0x13e/0x1c0
[  604.951808][ T8665]  ? kmsan_get_metadata+0x13e/0x1c0
[  604.957385][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  604.963609][ T8665]  tomoyo_file_ioctl+0x42/0x50
[  604.968707][ T8665]  ? __pfx_tomoyo_file_ioctl+0x10/0x10
[  604.974521][ T8665]  security_file_ioctl+0xa8/0x160
[  604.979927][ T8665]  __se_sys_ioctl+0xd3/0x450
[  604.984846][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  604.991055][ T8665]  __x64_sys_ioctl+0x96/0xe0
[  604.995977][ T8665]  x64_sys_call+0x1a06/0x3c10
[  605.001019][ T8665]  do_syscall_64+0xcd/0x1e0
[  605.005835][ T8665]  ? clear_bhb_loop+0x25/0x80
[  605.010829][ T8665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.017116][ T8665] RIP: 0033:0x7f20cb9773b9
[  605.021814][ T8665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.024953][ T8668] loop3: detected capacity change from 0 to 128
[  605.041733][ T8665] RSP: 002b:00007f20cc703048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  605.041895][ T8665] RAX: ffffffffffffffda RBX: 00007f20cbb05f80 RCX: 00007f20cb9773b9
[  605.042009][ T8665] RDX: 0000000020000040 RSI: 0000000000000001 RDI: 0000000000000003
[  605.042111][ T8665] RBP: 00007f20cc7030a0 R08: 0000000000000000 R09: 0000000000000000
[  605.042215][ T8665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.042314][ T8665] R13: 000000000000000b R14: 00007f20cbb05f80 R15: 00007ffd0024fbe8
[  605.098002][ T8665]  </TASK>
[  605.106805][ T8665] ERROR: Out of memory at tomoyo_realpath_from_path.
[  605.116309][ T8665] program syz.2.989 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  605.129505][ T8668] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  605.832210][   T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  606.004475][ T8679] bridge0: port 3(syz_tun) entered blocking state
[  606.011959][ T8679] bridge0: port 3(syz_tun) entered disabled state
[  606.019344][ T8679] syz_tun: entered allmulticast mode
[  606.028191][ T8679] syz_tun: entered promiscuous mode
[  606.036432][ T8679] bridge0: port 3(syz_tun) entered blocking state
[  606.043723][ T8679] bridge0: port 3(syz_tun) entered forwarding state
[  606.061872][   T10] usb 3-1: device descriptor read/64, error -71
[  606.331849][   T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  606.522685][   T10] usb 3-1: device descriptor read/64, error -71
[  606.657777][   T10] usb usb3-port1: attempt power cycle
[  606.899957][    C1] eth0: bad gso: type: 1, size: 1408
[  606.988636][ T8691] loop4: detected capacity change from 0 to 128
[  607.111993][   T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  607.139830][ T8698] FAULT_INJECTION: forcing a failure.
[  607.139830][ T8698] name failslab, interval 1, probability 0, space 0, times 0
[  607.153422][ T8698] CPU: 1 UID: 0 PID: 8698 Comm: syz.0.1001 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  607.164462][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  607.174800][ T8698] Call Trace:
[  607.178302][ T8698]  <TASK>
[  607.181467][ T8698]  dump_stack_lvl+0x216/0x2d0
[  607.186478][ T8698]  dump_stack+0x1e/0x30
[  607.190916][ T8698]  should_fail_ex+0x74e/0x800
[  607.197510][ T8698]  should_failslab+0x17f/0x210
[  607.204124][ T8698]  __kmalloc_noprof+0x175/0xf30
[  607.209220][ T8698]  ? tomoyo_encode+0x5f8/0xa40
[  607.214244][ T8698]  ? kmsan_get_metadata+0x13e/0x1c0
[  607.219820][ T8698]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  607.225424][   T10] usb 3-1: device descriptor read/8, error -71
[  607.225909][ T8698]  tomoyo_encode+0x5f8/0xa40
[  607.237114][ T8698]  tomoyo_realpath_from_path+0x9dd/0xaa0
[  607.243140][ T8698]  tomoyo_path_perm+0x246/0xa50
[  607.248390][ T8698]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  607.254508][ T8698]  ? __pfx_tomoyo_inode_getattr+0x10/0x10
[  607.260477][ T8698]  tomoyo_inode_getattr+0x34/0x40
[  607.265826][ T8698]  security_inode_getattr+0x12a/0x210
[  607.271582][ T8698]  vfs_getattr+0x75/0x530
[  607.276274][ T8698]  ? __fdget_raw+0x132/0x250
[  607.281191][ T8698]  do_statx_fd+0x178/0x6d0
[  607.285908][ T8698]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  607.292584][ T8698]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  607.298977][ T8698]  ? kmsan_get_metadata+0x13e/0x1c0
[  607.304430][ T8698]  ? vfs_write+0xf45/0x1550
[  607.309186][ T8698]  __se_sys_statx+0x373/0x420
[  607.314170][ T8698]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  607.320979][ T8698]  ? kmsan_get_metadata+0x13e/0x1c0
[  607.326560][ T8698]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  607.332722][ T8698]  ? kmsan_get_metadata+0x13e/0x1c0
[  607.338204][ T8698]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  607.344303][ T8698]  __x64_sys_statx+0xe4/0x150
[  607.349318][ T8698]  x64_sys_call+0x2ee7/0x3c10
[  607.354388][ T8698]  do_syscall_64+0xcd/0x1e0
[  607.359212][ T8698]  ? clear_bhb_loop+0x25/0x80
[  607.364238][ T8698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.370539][ T8698] RIP: 0033:0x7fcbfdf773b9
[  607.375238][ T8698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.395252][ T8698] RSP: 002b:00007fcbfed5a048 EFLAGS: 00000246 ORIG_RAX: 000000000000014c
[  607.403982][ T8698] RAX: ffffffffffffffda RBX: 00007fcbfe105f80 RCX: 00007fcbfdf773b9
[  607.412207][ T8698] RDX: 0000000000001000 RSI: 0000000000000000 RDI: 0000000000000004
[  607.420454][ T8698] RBP: 00007fcbfed5a0a0 R08: 0000000020000440 R09: 0000000000000000
[  607.428714][ T8698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.436937][ T8698] R13: 000000000000000b R14: 00007fcbfe105f80 R15: 00007fffdfaee498
[  607.445132][ T8698]  </TASK>
[  607.462743][ T8698] ERROR: Out of memory at tomoyo_realpath_from_path.
[  607.481960][ T5243] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  607.537067][   T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  607.599858][   T10] usb 3-1: device descriptor read/8, error -71
[  607.722651][ T5243] usb 4-1: Using ep0 maxpacket: 32
[  607.748545][ T5243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.760265][ T5243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  607.770524][ T5243] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  607.780099][ T5243] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.802452][   T10] usb usb3-port1: unable to enumerate USB device
[  607.845942][ T5243] usb 4-1: config 0 descriptor??
[  608.017327][ T8704] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1003'.
[  608.108509][ T5243] ft260 0003:0403:6030.0014: unknown main item tag 0x0
[  608.261241][ T8713] loop4: detected capacity change from 0 to 128
[  608.314717][ T8713] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  608.413198][ T5243] ft260 0003:0403:6030.0014: failed to retrieve chip version
[  608.422834][ T5243] ft260 0003:0403:6030.0014: probe with driver ft260 failed with error -71
[  608.501386][ T5243] usb 4-1: USB disconnect, device number 32
[  609.161847][ T5243] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  609.339155][ T8728] bridge0: port 3(syz_tun) entered blocking state
[  609.348223][ T8728] bridge0: port 3(syz_tun) entered disabled state
[  609.355760][ T8728] syz_tun: entered allmulticast mode
[  609.376230][ T8728] syz_tun: entered promiscuous mode
[  609.384348][ T8728] bridge0: port 3(syz_tun) entered blocking state
[  609.391660][ T8728] bridge0: port 3(syz_tun) entered forwarding state
[  609.421834][ T5243] usb 4-1: Using ep0 maxpacket: 16
[  609.452035][ T5243] usb 4-1: config 0 has no interfaces?
[  609.513744][ T5243] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  609.523687][ T5243] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  609.532803][ T5243] usb 4-1: Manufacturer: syz
[  609.594842][ T5243] usb 4-1: config 0 descriptor??
[  610.210112][    C1] eth0: bad gso: type: 1, size: 1408
[  610.243163][ T8741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.252947][ T8741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.321928][ T8741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.331230][ T8741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.417956][ T8741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.419903][ T8745] program syz.4.1015 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  610.427501][ T8741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.469789][ T8740] loop2: detected capacity change from 0 to 128
[  611.372138][ T5243] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  611.572316][ T5243] usb 5-1: device descriptor read/64, error -71
[  611.800921][ T8757] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1020'.
[  611.857370][ T5243] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  611.898010][   T44] usb 4-1: USB disconnect, device number 33
[  612.042746][ T5243] usb 5-1: device descriptor read/64, error -71
[  612.198084][ T5243] usb usb5-port1: attempt power cycle
[  612.537487][ T8766] loop3: detected capacity change from 0 to 64
[  612.589281][ T8765] IPVS: set_ctl: invalid protocol: 55 10.1.1.0:20002
[  612.633657][ T5243] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  612.674445][ T5243] usb 5-1: device descriptor read/8, error -71
[  612.911971][   T10] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  612.955901][ T5243] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  613.004632][ T5243] usb 5-1: device descriptor read/8, error -71
[  613.136992][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 187, changing to 11
[  613.149080][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9759, setting to 1024
[  613.164482][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  613.179283][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  613.188813][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.200713][ T5243] usb usb5-port1: unable to enumerate USB device
[  613.224426][   T10] usb 4-1: config 0 descriptor??
[  613.233877][ T8766] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  613.532947][    C1] eth0: bad gso: type: 1, size: 1408
[  613.703542][   T10] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  613.768108][   T10] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  614.165507][ T8778] ------------[ cut here ]------------
[  614.173133][ T8778] WARNING: CPU: 1 PID: 8778 at fs/buffer.c:1181 mark_buffer_dirty+0x2a6/0x4d0
[  614.187955][ T8778] Modules linked in:
[  614.193662][ T8778] CPU: 1 UID: 0 PID: 8778 Comm: syz.3.1024 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  614.204971][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  614.215536][ T8778] RIP: 0010:mark_buffer_dirty+0x2a6/0x4d0
[  614.221887][ T8778] Code: 8b 75 00 4c 89 ef e8 c9 df cc ff 48 83 38 00 0f 85 b2 00 00 00 4c 89 f7 be 04 00 00 00 e8 82 a5 f9 ff eb 24 e8 db 90 37 ff 90 <0f> 0b 90 e9 ba fd ff ff 44 89 ff e8 ca ea cc ff 4d 85 ed 0f 84 79
[  614.244497][ T8778] RSP: 0018:ffff888123f8f680 EFLAGS: 00010283
[  614.246150][ T8777] Process accounting resumed
[  614.258837][ T8778] RAX: ffffffff827becb5 RBX: 0000000000000000 RCX: 0000000000040000
[  614.267757][ T8778] RDX: ffffc90007845000 RSI: 000000000000085c RDI: 000000000000085d
[  614.276248][ T8778] RBP: ffff888123f8f6b0 R08: ffffffff827bea6a R09: 0000000000000200
[  614.289312][ T8778] R10: ffff88812a0ea800 R11: ffff888121d9d200 R12: ffff888116538b40
[  614.299103][ T8778] R13: 0000000000000000 R14: ffff8880131e4c30 R15: 0000000000000001
[  614.307741][ T8778] FS:  00007f48596826c0(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[  614.317176][ T8778] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  614.324488][ T8778] CR2: 00007f296d200400 CR3: 000000011a280000 CR4: 00000000003506f0
[  614.335348][ T8778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  614.344592][ T8778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  614.353147][ T8778] Call Trace:
[  614.356640][ T8778]  <TASK>
[  614.359788][ T8778]  ? show_trace_log_lvl+0x3b1/0x500
[  614.365511][ T8778]  ? bfs_get_block+0xefd/0x1560
[  614.370768][ T8778]  ? show_regs+0x148/0x160
[  614.375742][ T8778]  ? __warn+0x2c2/0x770
[  614.380237][ T8778]  ? mark_buffer_dirty+0x2a6/0x4d0
[  614.391095][ T8778]  ? report_bug+0x929/0xbd0
[  614.397435][ T8778]  ? mark_buffer_dirty+0x2a6/0x4d0
[  614.403121][ T8778]  ? handle_bug+0x47/0x70
[  614.407776][ T8778]  ? exc_invalid_op+0x1f/0x50
[  614.413358][ T8778]  ? asm_exc_invalid_op+0x1f/0x30
[  614.418722][ T8778]  ? mark_buffer_dirty+0x5a/0x4d0
[  614.424337][ T8778]  ? mark_buffer_dirty+0x2a5/0x4d0
[  614.429853][ T8778]  ? mark_buffer_dirty+0x2a6/0x4d0
[  614.438018][ T8778]  bfs_get_block+0xefd/0x1560
[  614.443984][ T8778]  __block_write_begin_int+0xa6b/0x2f80
[  614.449920][ T8778]  ? __pfx_bfs_get_block+0x10/0x10
[  614.455723][ T8778]  ? kmsan_get_shadow_origin_ptr+0x38/0xb0
[  614.462167][ T8778]  block_write_begin+0x143/0x450
[  614.467452][ T8778]  ? __pfx_bfs_get_block+0x10/0x10
[  614.473140][ T8778]  bfs_write_begin+0x59/0x1b0
[  614.478184][ T8778]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  614.484567][ T8778]  ? __pfx_bfs_write_begin+0x10/0x10
[  614.495190][ T8778]  ? __pfx_bfs_write_begin+0x10/0x10
[  614.500949][ T8778]  generic_perform_write+0x4ba/0x12e0
[  614.508362][ T8778]  __generic_file_write_iter+0x20a/0x460
[  614.514770][ T8778]  generic_file_write_iter+0x103/0x5b0
[  614.520612][ T8778]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  614.527545][ T8778]  ? kmsan_get_metadata+0x13e/0x1c0
[  614.533281][ T8778]  vfs_write+0xb2f/0x1550
[  614.540428][ T8778]  ? __pfx_generic_file_write_iter+0x10/0x10
[  614.547804][ T8778]  ksys_write+0x20f/0x4c0
[  614.552667][ T8778]  __x64_sys_write+0x93/0xe0
[  614.557689][ T8778]  x64_sys_call+0x3490/0x3c10
[  614.562871][ T8778]  do_syscall_64+0xcd/0x1e0
[  614.567712][ T8778]  ? clear_bhb_loop+0x25/0x80
[  614.573273][ T8778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.579581][ T8778] RIP: 0033:0x7f48589773b9
[  614.584453][ T8778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.610039][ T8778] RSP: 002b:00007f4859682048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  614.620407][ T8778] RAX: ffffffffffffffda RBX: 00007f4858b06058 RCX: 00007f48589773b9
[  614.628959][ T8778] RDX: 0000000000001006 RSI: 0000000020000c00 RDI: 0000000000000006
[  614.640444][ T8778] RBP: 00007f48589e48e6 R08: 0000000000000000 R09: 0000000000000000
[  614.649622][ T8778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  614.658058][ T8778] R13: 000000000000006e R14: 00007f4858b06058 R15: 00007fff546b01a8
[  614.666659][ T8778]  </TASK>
[  614.669898][ T8778] ---[ end trace 0000000000000000 ]---
[  614.886607][ T8783] loop1: detected capacity change from 0 to 64
[  614.980527][ T8783] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  615.236923][   T10] usb 4-1: reset high-speed USB device number 34 using dummy_hcd
[  615.403614][ T8787] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1032'.
[  615.422003][   T10] usb 4-1: device descriptor read/64, error -32
[  615.645672][ T8794] loop2: detected capacity change from 0 to 128
[  615.745513][ T8794] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  615.812259][   T10] usb 4-1: reset high-speed USB device number 34 using dummy_hcd
[  616.021866][   T10] usb 4-1: device descriptor read/64, error -32
[  616.357598][ T8802] bridge0: port 3(syz_tun) entered blocking state
[  616.366564][ T8802] bridge0: port 3(syz_tun) entered disabled state
[  616.376596][ T8802] syz_tun: entered allmulticast mode
[  616.385424][ T8802] syz_tun: entered promiscuous mode
[  616.393529][ T8802] bridge0: port 3(syz_tun) entered blocking state
[  616.400977][ T8802] bridge0: port 3(syz_tun) entered forwarding state
[  616.669860][ T8815] delete_channel: no stack
[  616.681181][ T8808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1040'.
[  616.690815][ T8808] netlink: 'syz.0.1040': attribute type 30 has an invalid length.
[  617.100838][ T1057] usb 4-1: USB disconnect, device number 34
[  617.795721][ T8828] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1046'.
[  618.069634][   T29] audit: type=1326 audit(1722429479.914:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.097641][   T29] audit: type=1326 audit(1722429479.914:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.123247][   T29] audit: type=1326 audit(1722429479.934:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.146124][   T29] audit: type=1326 audit(1722429479.934:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.169085][   T29] audit: type=1326 audit(1722429479.944:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.197699][   T29] audit: type=1326 audit(1722429479.944:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.230041][   T29] audit: type=1326 audit(1722429479.944:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.254049][   T29] audit: type=1326 audit(1722429480.104:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.281785][   T29] audit: type=1326 audit(1722429480.104:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.305056][   T29] audit: type=1326 audit(1722429480.134:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8834 comm="syz.0.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fcbfdf773b9 code=0x7ffc0000
[  618.759493][ T8846] FAULT_INJECTION: forcing a failure.
[  618.759493][ T8846] name failslab, interval 1, probability 0, space 0, times 0
[  618.772800][ T8846] CPU: 1 UID: 0 PID: 8846 Comm: syz.1.1050 Tainted: G        W          6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  618.785364][ T8846] Tainted: [W]=WARN
[  618.789386][ T8846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  618.799809][ T8846] Call Trace:
[  618.803287][ T8846]  <TASK>
[  618.806410][ T8846]  dump_stack_lvl+0x216/0x2d0
[  618.811401][ T8846]  dump_stack+0x1e/0x30
[  618.815860][ T8846]  should_fail_ex+0x74e/0x800
[  618.820912][ T8846]  should_failslab+0x17f/0x210
[  618.826016][ T8846]  kmem_cache_alloc_noprof+0xe2/0xb20
[  618.831696][ T8846]  ? kmsan_get_metadata+0x13e/0x1c0
[  618.837250][ T8846]  ? alloc_empty_file+0x1e2/0x820
[  618.842611][ T8846]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  618.848751][ T8846]  alloc_empty_file+0x1e2/0x820
[  618.853949][ T8846]  alloc_file_clone+0x66/0x1c0
[  618.859045][ T8846]  do_shmat+0x8c9/0x1650
[  618.863600][ T8846]  __x64_sys_shmat+0xbf/0x190
[  618.868568][ T8846]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  618.875216][ T8846]  x64_sys_call+0x3577/0x3c10
[  618.880229][ T8846]  do_syscall_64+0xcd/0x1e0
[  618.885013][ T8846]  ? clear_bhb_loop+0x25/0x80
[  618.889974][ T8846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.896223][ T8846] RIP: 0033:0x7fd4077773b9
[  618.900882][ T8846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  618.920801][ T8846] RSP: 002b:00007fd40852f048 EFLAGS: 00000246 ORIG_RAX: 000000000000001e
[  618.929535][ T8846] RAX: ffffffffffffffda RBX: 00007fd407906058 RCX: 00007fd4077773b9
[  618.937759][ T8846] RDX: 0000000000007000 RSI: 0000000020ffd000 RDI: 0000000000000000
[  618.946091][ T8846] RBP: 00007fd40852f0a0 R08: 0000000000000000 R09: 0000000000000000
[  618.954315][ T8846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  618.962543][ T8846] R13: 000000000000006e R14: 00007fd407906058 R15: 00007ffe388897a8
[  618.970795][ T8846]  </TASK>
[  619.411323][ T8857] loop4: detected capacity change from 0 to 128
[  619.416956][ T8859] delete_channel: no stack
[  619.455455][ T8857] vfat: Unknown parameter '184467440737095516150x0000000000000003�b�?��T�P��``��L\��-n�_'��z��1W-2X�FnI��k�3#�3j@#��r'EUP)7�}q��c��e��.B�����"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  620.596841][    C1] eth0: bad gso: type: 1, size: 1408
[  620.602144][ T8874] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1060'.
[  620.706643][ T8877] =====================================================
[  620.714594][ T8877] BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260
[  620.722912][ T8877]  tcf_ct_flow_table_get+0x611/0x2260
[  620.728547][ T8877]  tcf_ct_init+0xa67/0x2890
[  620.733630][ T8877]  tcf_action_init_1+0x6cc/0xb30
[  620.738853][ T8877]  tcf_action_init+0x458/0xf00
[  620.748641][ T8877]  tc_ctl_action+0x4be/0x19d0
[  620.755143][ T8877]  rtnetlink_rcv_msg+0x12fc/0x1410
[  620.760648][ T8877]  netlink_rcv_skb+0x375/0x650
[  620.766187][ T8877]  rtnetlink_rcv+0x34/0x40
[  620.770877][ T8877]  netlink_unicast+0xf52/0x1260
[  620.776116][ T8877]  netlink_sendmsg+0x10da/0x11e0
[  620.781382][ T8877]  __sock_sendmsg+0x30f/0x380
[  620.786488][ T8877]  ____sys_sendmsg+0x877/0xb60
[  620.791732][ T8877]  ___sys_sendmsg+0x28d/0x3c0
[  620.796727][ T8877]  __x64_sys_sendmsg+0x307/0x4a0
[  620.802262][ T8877]  x64_sys_call+0x2dd6/0x3c10
[  620.807219][ T8877]  do_syscall_64+0xcd/0x1e0
[  620.812062][ T8877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.818251][ T8877] 
[  620.820693][ T8877] Local variable key created at:
[  620.825925][ T8877]  tcf_ct_flow_table_get+0x4a/0x2260
[  620.831605][ T8877]  tcf_ct_init+0xa67/0x2890
[  620.840871][ T8877] 
[  620.844930][ T8877] CPU: 0 UID: 0 PID: 8877 Comm: syz.1.1062 Tainted: G        W          6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  620.857739][ T8877] Tainted: [W]=WARN
[  620.861862][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  620.872321][ T8877] =====================================================
[  620.879416][ T8877] Disabling lock debugging due to kernel taint
[  620.885906][ T8877] Kernel panic - not syncing: kmsan.panic set ...
[  620.892481][ T8877] CPU: 0 UID: 0 PID: 8877 Comm: syz.1.1062 Tainted: G    B   W          6.11.0-rc1-syzkaller-00044-g22f546873149 #0
[  620.904973][ T8877] Tainted: [B]=BAD_PAGE, [W]=WARN
[  620.910127][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  620.920351][ T8877] Call Trace:
[  620.923763][ T8877]  <TASK>
[  620.926829][ T8877]  dump_stack_lvl+0x216/0x2d0
[  620.931725][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  620.937780][ T8877]  dump_stack+0x1e/0x30
[  620.942118][ T8877]  panic+0x4e2/0xcd0
[  620.946272][ T8877]  ? kmsan_get_metadata+0x61/0x1c0
[  620.951643][ T8877]  kmsan_report+0x2c7/0x2d0
[  620.956399][ T8877]  ? pcpu_alloc_area+0x114e/0x12c0
[  620.961724][ T8877]  ? __msan_warning+0x95/0x120
[  620.966695][ T8877]  ? tcf_ct_flow_table_get+0x611/0x2260
[  620.972461][ T8877]  ? tcf_ct_init+0xa67/0x2890
[  620.977328][ T8877]  ? tcf_action_init_1+0x6cc/0xb30
[  620.982671][ T8877]  ? tcf_action_init+0x458/0xf00
[  620.987838][ T8877]  ? tc_ctl_action+0x4be/0x19d0
[  620.992943][ T8877]  ? rtnetlink_rcv_msg+0x12fc/0x1410
[  620.998446][ T8877]  ? netlink_rcv_skb+0x375/0x650
[  621.003621][ T8877]  ? rtnetlink_rcv+0x34/0x40
[  621.008505][ T8877]  ? netlink_unicast+0xf52/0x1260
[  621.013709][ T8877]  ? netlink_sendmsg+0x10da/0x11e0
[  621.019025][ T8877]  ? __sock_sendmsg+0x30f/0x380
[  621.024127][ T8877]  ? ____sys_sendmsg+0x877/0xb60
[  621.029260][ T8877]  ? ___sys_sendmsg+0x28d/0x3c0
[  621.034316][ T8877]  ? __x64_sys_sendmsg+0x307/0x4a0
[  621.039635][ T8877]  ? x64_sys_call+0x2dd6/0x3c10
[  621.044706][ T8877]  ? do_syscall_64+0xcd/0x1e0
[  621.049568][ T8877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.056342][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.061779][ T8877]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  621.068339][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.073781][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  621.079831][ T8877]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  621.085879][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.091306][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.096748][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  621.102795][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.108228][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  621.114279][ T8877]  __msan_warning+0x95/0x120
[  621.119186][ T8877]  tcf_ct_flow_table_get+0x611/0x2260
[  621.124800][ T8877]  ? nf_ct_tmpl_alloc+0xbd/0x2d0
[  621.129979][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.135420][ T8877]  tcf_ct_init+0xa67/0x2890
[  621.140138][ T8877]  ? kmsan_get_shadow_origin_ptr+0x20/0xb0
[  621.146353][ T8877]  tcf_action_init_1+0x6cc/0xb30
[  621.151643][ T8877]  ? __pfx_tcf_ct_init+0x10/0x10
[  621.156916][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  621.163083][ T8877]  tcf_action_init+0x458/0xf00
[  621.168091][ T8877]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  621.174912][ T8877]  tc_ctl_action+0x4be/0x19d0
[  621.179817][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.185315][ T8877]  ? __pfx_tc_ctl_action+0x10/0x10
[  621.190753][ T8877]  ? __pfx_tc_ctl_action+0x10/0x10
[  621.196135][ T8877]  rtnetlink_rcv_msg+0x12fc/0x1410
[  621.201473][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.206946][ T8877]  netlink_rcv_skb+0x375/0x650
[  621.211936][ T8877]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  621.217627][ T8877]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  621.222944][ T8877]  rtnetlink_rcv+0x34/0x40
[  621.227563][ T8877]  netlink_unicast+0xf52/0x1260
[  621.232628][ T8877]  netlink_sendmsg+0x10da/0x11e0
[  621.237876][ T8877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.243371][ T8877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.248871][ T8877]  __sock_sendmsg+0x30f/0x380
[  621.253808][ T8877]  ____sys_sendmsg+0x877/0xb60
[  621.258833][ T8877]  ___sys_sendmsg+0x28d/0x3c0
[  621.263731][ T8877]  ? __rcu_read_unlock+0x7b/0xe0
[  621.268910][ T8877]  ? __fget_files+0x4fe/0x5d0
[  621.273796][ T8877]  ? kmsan_get_metadata+0x13e/0x1c0
[  621.279400][ T8877]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  621.285450][ T8877]  __x64_sys_sendmsg+0x307/0x4a0
[  621.290620][ T8877]  x64_sys_call+0x2dd6/0x3c10
[  621.295522][ T8877]  do_syscall_64+0xcd/0x1e0
[  621.300210][ T8877]  ? clear_bhb_loop+0x25/0x80
[  621.305087][ T8877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.311505][ T8877] RIP: 0033:0x7fd4077773b9
[  621.316080][ T8877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.336517][ T8877] RSP: 002b:00007fd408550048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  621.345128][ T8877] RAX: ffffffffffffffda RBX: 00007fd407905f80 RCX: 00007fd4077773b9
[  621.353272][ T8877] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000005
[  621.361408][ T8877] RBP: 00007fd4077e48e6 R08: 0000000000000000 R09: 0000000000000000
[  621.369724][ T8877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  621.377853][ T8877] R13: 000000000000000b R14: 00007fd407905f80 R15: 00007ffe388897a8
[  621.386012][ T8877]  </TASK>
[  621.389479][ T8877] Kernel Offset: disabled
[  621.393896][ T8877] Rebooting in 86400 seconds..