last executing test programs:

1m38.53994569s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

1m19.456581731s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

58.154621305s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

38.397016939s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

17.957622118s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

13.7080203s ago: executing program 2 (id=2117):
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="e31825bd7000fedbdf251500000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000001140)=0x10000001)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000040)=@updsa={0x104, 0x12, 0x1, 0x0, 0x0, {{@in=@private=0xa010101, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in=@multicast2, 0x0, 0x3c}, @in6=@remote, {0x0, 0x0, 0xfffffffffffffffe}, {}, {}, 0x0, 0x3503, 0xa, 0x2, 0xfd, 0x2c}, [@coaddr={0x14, 0xe, @in=@broadcast}]}, 0x104}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_open_pts(r1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="780000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e00000000400002800600010000000000340003800c000100ffffff7f000000000c000100ffffffff0000000007000100ff000000000000000c000100ff0f000000000000080005008dbb9c8e9581f4cbd84e0cf4d3e5c343d2bfcc58d5d14ee67b733239508bc39f7f0169f856f0292ad3793da672d00e4e627466b10b", @ANYRES32=0x0, @ANYBLOB], 0x78}, 0x1, 0xba01}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000d190000f1000000000000063000000000000009500050000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xba, &(0x7f000000cf3d)=""/186, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3a)

11.896477458s ago: executing program 2 (id=2127):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x420702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
dup(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_PTRACER(0x59616d61, r1)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000187f00000000400000000de747ca0004000000a4c8380d75f6ab5ed737cd16f718690002040000"], 0x1c}}, 0x4004)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r6, @ANYRES32=r5], 0x4c}}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

7.940828692s ago: executing program 1 (id=2138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x5, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
inotify_init()
r4 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
write$binfmt_elf64(r4, &(0x7f0000000400)=ANY=[], 0x75)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = syz_open_dev$video(&(0x7f00000010c0), 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000200)={0x2, 0x100})
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/4096, 0x1000}}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x7290, &(0x7f0000000280)={0x0, 0x0, 0x2}, 0x0, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r6, 0x0)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000100), 0x12)
listen(0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

6.81387053s ago: executing program 3 (id=2139):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='attr\x00')
fchdir(r0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'gre0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
unshare(0x22020400)
getdents(r2, &(0x7f00000001c0)=""/137, 0x89)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_adj\x00')
r3 = socket$tipc(0x1e, 0x5, 0x0)
listen(r3, 0x9d0)
poll(&(0x7f00000001c0)=[{r3, 0x801c}], 0x1, 0xe)

6.654389014s ago: executing program 3 (id=2140):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0)

6.638316633s ago: executing program 2 (id=2141):
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a4", 0x19, 0xc001, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4, 0x7, @mcast1}}}, 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10}}, 0x5c}}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff00000000000000050000"], 0x310)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000040)={0x1, {{0xa, 0x1, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

6.407590431s ago: executing program 3 (id=2143):
socket$alg(0x26, 0x5, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0) (async, rerun: 64)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) (async, rerun: 64)
socket$nl_route(0x10, 0x3, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x1d)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) (async, rerun: 32)
r5 = timerfd_create(0x0, 0x0) (rerun: 32)
read$FUSE(r5, &(0x7f00000001c0)={0x2020}, 0x2020) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x2, 0x3, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x3}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_key={0x1, 0x8}]}, 0x58}, 0x1, 0x7}, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x12, 0x0, @fd_index=0x1})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) (async)
preadv(r9, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x18, 0x8, 0x0) (async, rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)

6.329503982s ago: executing program 2 (id=2144):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmget(0x1, 0x400000, 0x8, &(0x7f0000bff000/0x400000)=nil)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000480)=0x2)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8001, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id1\x00', 'timer1\x00', 0x0, 0x81, 0x1, 0xffffffffffffd0c4})
r6 = syz_io_uring_setup(0xa2e, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0x10000}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x57, 0x0, 0x27}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
io_uring_enter(r6, 0x5b3f, 0x0, 0x6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="8500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r9}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r10, 0x58, &(0x7f00000000c0)}, 0x10)

6.195735534s ago: executing program 3 (id=2146):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1c, 0x4, 0x0, 0x16, 0x70, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@broadcast, 0xfffffffd}, {@remote}, {@multicast1}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010105, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0xf, 0x0, [@dev, @multicast1, @private=0xa010102]}]}}}}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r4, r5, 0x2, 0x0, 0x0, @void, @value}, 0x10)
socket$kcm(0x2, 0x200000000000001, 0x106)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
r6 = dup(r2)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = socket$tipc(0x1e, 0x4, 0x0)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r9 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r9, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)="c4", 0x1}], 0x1}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xc080}, 0x20004840)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r7, 0xae9a)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000010140)=@mmap={0x3, 0x6, 0x4, 0x4400, 0x8, {}, {0x4, 0x1, 0x2, 0x5, 0x7, 0xf9, "9c47f410"}, 0x5, 0x1, {}, 0x8001})

6.123420414s ago: executing program 1 (id=2147):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet(0x2, 0x80001, 0x84)
bind$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x1, 0x39, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, 0x14)
r4 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)=@generic={0x0, 0x0, 0x8}, 0x18)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)={0x1b, 0x0, 0x0, 0xfffffdd7, 0x0, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r9 = openat$nvram(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r10}, 0x10)
r12 = bpf$ITER_CREATE(0xb, &(0x7f0000000240)={r11}, 0x8)
close(r12)
r13 = syz_open_dev$vcsn(&(0x7f0000000780), 0x0, 0x200000)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x5, 0x28, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000001000080000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000911c47beb0e24f241da7ac6e606f0b399d3e32ae6bb30e4216bf67edf33a247a566c4c4fb1c0cdbc5edc76f7de4c4fbc381f8129c6a742ffa4d0d28d9aa0526909b35c79f4f07c1f4204ee298ef476205bd9c03ac24a44b85663a3f796b0c6db9023c5276755bc57c73991cb96889c379cb83ae67e95b46f483cd455b52aaee57dce639c1352179f902073519b5733ef080b06a1c41f51936cb2171fe20763bae241aea2a4737e78b3cc8381f7d2b048f15d8cb7e972b8f90ab9f798d609a9f9169dc9b2d260c943d6dc393cf31fc6e4619d3b9645eb4c1adca8963b99ad165634264ae7192a5382a76e3e1f", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000d5a902001000000085100000050000008520000005000000b7080000000000007b8af8ff00000000b7080000fae900007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x9, 0x3c, &(0x7f0000000300)=""/60, 0x41000, 0xa, '\x00', 0x0, @fallback=0x29, r4, 0x8, &(0x7f0000000500)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0x5, 0x4, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[r5, r6, r7, 0xffffffffffffffff, r8, r9, r12, r13, 0xffffffffffffffff], 0x0, 0x10, 0x401, @void, @value}, 0x94)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r15 = dup(r14)
ioctl$KVM_SET_MSRS(r15, 0xc008aec1, &(0x7f00000000c0)=ANY=[@ANYBLOB="82"])

6.090904902s ago: executing program 0 (id=2148):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000004c0)="2c385aa3", 0x4)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="09de", 0x2}, {&(0x7f0000000680)="d5bb69fd2ec3a88c5df48b69469a", 0xe}], 0x2, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
socket(0x2, 0x3, 0xff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000002700)=""/102392, 0x18ff8)
ioctl$TCXONC(r7, 0x540a, 0x0)
ioctl$TIOCL_PASTESEL(r7, 0x541c, &(0x7f0000000040))
recvmmsg(r6, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/173, 0xad}], 0x1}}], 0x1, 0x0, 0x0)

4.832830947s ago: executing program 2 (id=2149):
modify_ldt$read(0x0, &(0x7f0000000540)=""/214, 0xd6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0xe6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="b9ff03076003008cb89e08f088a8", 0x0, 0xfffffe03, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000001304000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000000200)=@base={0x9, 0x7, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendto(0xffffffffffffffff, 0xfffffffffffffffc, 0x0, 0x4000, 0x0, 0x0)
msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r8, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
readv(r8, &(0x7f0000000240)=[{&(0x7f0000002600)=""/46, 0x2e}, {&(0x7f0000000300)=""/168, 0xa8}, {&(0x7f0000003640)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/4085, 0xff5}], 0x4)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
creat(&(0x7f0000000240)='./file0\x00', 0x0)

4.44455576s ago: executing program 3 (id=2150):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='attr\x00')
fchdir(r0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'gre0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
unshare(0x22020400)
getdents(r2, &(0x7f00000001c0)=""/137, 0x89)
r3 = socket$tipc(0x1e, 0x5, 0x0)
listen(r3, 0x9d0)
poll(&(0x7f00000001c0)=[{r3, 0x801c}], 0x1, 0xe)

4.428524658s ago: executing program 1 (id=2151):
socket$kcm(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'virt_wifi0\x00', @random="01000000b7d0"})

4.353010261s ago: executing program 0 (id=2152):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x47, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = add_key$user(&(0x7f00000004c0), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000200)="cc", 0x1, 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$FS_IOC_GETFSLABEL(r6, 0x81009431, &(0x7f0000000240))
r7 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000500)="da1103b23d6e9ec7b0960f8a45520fdee8bbafd038af5357cc2bf5969a77a332ef6c7c1a675389b16063696dee3af27a8f971dbce5b93d02d840ee08d2d124e67fa17642c4d99d45aa878237a1663a31f7ef396e4b22348c06000000ac87d8f9f5d19ceb0609e3b019c0a4814a268de5def201eb268f1dfb204aa37d70e75db23f9449afe074d5c17bd43d8450cefcb35bdabe30f169ea854c0d09bad3caab3dadbbcc04d1f6e2403c2ca21f837f62901da7a98ab45d458273ad1b8e46d5b95f20a7fe6f22a6a6bee5edd88147fba2164e2860f100104d923664f113e5ff8e258bda92eb9ea08b80e4f858457c81d574359e96b6c45d6a313e", 0xf9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, 0x0, r7}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={'wp384\x00'}})
fcntl$setlease(r0, 0x400, 0x0)

2.225856523s ago: executing program 0 (id=2153):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0)

2.147943421s ago: executing program 0 (id=2154):
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a4", 0x19, 0xc001, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4, 0x7, @mcast1}}}, 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10}}, 0x5c}}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005000000"], 0x310)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0)

1.377304773s ago: executing program 1 (id=2155):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x2, 0x5, 0x84)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280))
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x48, r5, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5}, {0x5, 0x3, 0xffffffffffffffff}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x48}}, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x47}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
close(0xffffffffffffffff)
r7 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0)
r8 = syz_io_uring_setup(0x4a9, &(0x7f0000000080)={0x0, 0x4, 0x10100}, &(0x7f0000000000)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r8, 0x2def, 0x0, 0x0, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)

1.304521279s ago: executing program 2 (id=2156):
r0 = socket$inet6(0xa, 0x6, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000002c00), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{0x0}, {&(0x7f0000006540)=""/72, 0x48}], 0x2, 0x7, 0x3)
mkdirat(r1, &(0x7f00000000c0)='./file0\x00', 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x1100, 0x2})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/custom0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x5c, 0x0, &(0x7f00000005c0)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000400)={@fda={0x66646185, 0x4, 0x0, 0x2f}, @flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000580)={0x0, 0x20, 0x38}}, 0x40}, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})
r5 = semget$private(0x0, 0x207, 0x514)
semtimedop(r5, &(0x7f00000002c0)=[{0x0, 0xff78}], 0x1, 0x0)
semctl$SETALL(r5, 0x0, 0x11, &(0x7f00000003c0))
r6 = open_tree(r4, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
semctl$SEM_STAT(r5, 0x0, 0x12, &(0x7f0000000300)=""/9)
close_range(r0, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000051b0000020000000480000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x6, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='virtio_transport_alloc_pkt\x00', r9}, 0x10)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18009dc7699175e3953f0000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xcf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r11}, 0x10)
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_SETMODE(r12, 0x5602, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
open(&(0x7f0000000180)='./file0\x00', 0x141b42, 0x50)
write$binfmt_script(r13, 0x0, 0xb)

1.16947873s ago: executing program 0 (id=2157):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
mkdir(0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
write$nbd(0xffffffffffffffff, 0x0, 0x8a)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000180)=0x19, 0x4)

1.168971181s ago: executing program 3 (id=2158):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x5, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
inotify_init()
r4 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
write$binfmt_elf64(r4, &(0x7f0000000400)=ANY=[], 0x75)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = syz_open_dev$video(&(0x7f00000010c0), 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000200)={0x2, 0x100})
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/4096, 0x1000}}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x7290, &(0x7f0000000280)={0x0, 0x0, 0x2}, 0x0, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r6, 0x0)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000100), 0x12)
listen(0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

283.757477ms ago: executing program 0 (id=2159):
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x8ce01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x800)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
getsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000000), &(0x7f00000001c0)=0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x2, 0x2ff7afedf}, 0xc)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x9, 0x4)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @multicast1}, 0x4}}, 0x2e)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="01000000000000000000020000000800090004"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0)

283.295505ms ago: executing program 1 (id=2160):
r0 = syz_io_uring_setup(0x24fd, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='1q'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index})
io_uring_enter(r0, 0x2d3e, 0xf0, 0x0, 0x0, 0x0)

93.238895ms ago: executing program 1 (id=2161):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071122e000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt(r0, 0x84, 0x82, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x5fb5, 0x0, 0xfffffffd}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
inotify_init()
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setresuid(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f000000c1c0))
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x40054)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
openat$audio(0xffffff9c, &(0x7f0000001140), 0x101000, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r5=>0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r5, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)

0s ago: executing program 4 (id=1250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800e7e6bf1fab9ba4ebaec2926a72c57b64d7981d000000"], 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=<r0=>0x0)
ptrace$peeksig(0x4209, r0, &(0x7f00000001c0)={0x1000000007ff, 0x1, 0x6}, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="180000000c14a7a5ac000000000052bfd320d78ac0eda0f54cf220d58b000100000000000000006611d0c0e8116d611ea1dffb2dabd517594ebb9e048971fa5e04e3905afea2c7ac7f1d2c2d72348930001f57730fc7876a86c334a1860314fe5fa2413504a9875e1c7dc7"], 0x18}}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x82}}, 0x2e)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007800010600000000000000000700000047"], 0x18}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

int 0x81 has an invalid bInterval 0, changing to 7
[  642.075402][T10379] libceph: connect (1)[c::]:6789 error -101
[  642.079788][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  642.094257][ T5892] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  642.112845][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.113019][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  642.129073][ T5892] usb 4-1: config 0 descriptor??
[  642.223441][T12620] rdma_op ffff8880125061f0 conn xmit_rdma 0000000000000000
[  642.242915][   T46] libceph: connect (1)[c::]:6789 error -101
[  642.268999][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  642.918959][T12601] ceph: No mds server is up or the cluster is laggy
[  642.928984][T12604] ceph: No mds server is up or the cluster is laggy
[  642.985501][T12455] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  643.044741][T12455] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  643.113940][T12455] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  643.477351][T12597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.111434][T12455] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  644.135075][T12597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.329698][ T5892] input: HID 041e:3100 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:041E:3100.0012/input/input16
[  644.407380][ T5892] creative-sb0540 0003:041E:3100.0012: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.3-1/input0
[  644.461787][ T5892] usb 4-1: USB disconnect, device number 40
[  644.578812][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  644.578832][   T29] audit: type=1326 audit(1732454668.579:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12633 comm="syz.1.1821" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x0
[  644.624734][T12455] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.641843][T12455] 8021q: adding VLAN 0 to HW filter on device team0
[  644.673129][T12455] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  644.683567][T12455] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  644.702028][ T6627] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.709169][ T6627] bridge0: port 1(bridge_slave_0) entered forwarding state
[  644.718120][ T6627] bridge0: port 2(bridge_slave_1) entered blocking state
[  644.725255][ T6627] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.447530][T12637] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1821'.
[  645.485991][T12637] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1821'.
[  645.673287][T12455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  645.845162][T12641] Process accounting resumed
[  645.865572][ T6612] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  646.195923][T12660] team0: Port device bridge2 added
[  647.064888][T12455] veth0_vlan: entered promiscuous mode
[  647.448093][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  647.474024][T12455] veth1_vlan: entered promiscuous mode
[  647.509645][T12455] veth0_macvtap: entered promiscuous mode
[  647.529847][T12455] veth1_macvtap: entered promiscuous mode
[  647.575101][T12668] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1828'.
[  647.590784][T12455] batman_adv: batadv0: Interface activated: batadv_slave_0
[  647.618642][T12455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.761728][T12455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.817873][T12455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.837475][T12455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.847459][T12455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.858137][T12455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.869388][T12455] batman_adv: batadv0: Interface activated: batadv_slave_1
[  647.881344][T12455] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  647.890203][T12455] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  647.899274][T12455] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  647.908045][T12455] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  648.172889][T11129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.180826][T11129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.192050][T11129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.200623][T11129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.467263][T12683] tipc: Failed to remove unknown binding: 66,1,1/10398378:3216742303/3216742305
[  648.476591][T12683] tipc: Failed to remove unknown binding: 66,1,1/10398378:3216742303/3216742305
[  649.398804][T12698] bridge0: port 4(vlan0) entered blocking state
[  649.417754][T12698] bridge0: port 4(vlan0) entered disabled state
[  649.463734][T12698] vlan0: entered allmulticast mode
[  649.485048][T12698] dummy0: entered allmulticast mode
[  649.524505][T12698] vlan0: entered promiscuous mode
[  649.529600][T12698] dummy0: entered promiscuous mode
[  649.548998][T12698] bridge0: port 4(vlan0) entered blocking state
[  649.555699][T12698] bridge0: port 4(vlan0) entered forwarding state
[  650.530682][ T6629] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.760114][ T6629] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.883141][ T6629] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.944902][ T6629] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.042257][ T6629] bridge_slave_1: left allmulticast mode
[  651.048381][ T6629] bridge_slave_1: left promiscuous mode
[  651.054147][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state
[  651.063220][ T6629] bridge_slave_0: left allmulticast mode
[  651.069913][ T6629] bridge_slave_0: left promiscuous mode
[  651.074969][T11129] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  651.079121][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.496293][ T6629] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  651.508232][ T6629] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  651.519207][ T6629] bond0 (unregistering): Released all slaves
[  651.717290][ T6629] hsr_slave_0: left promiscuous mode
[  651.729029][ T6629] hsr_slave_1: left promiscuous mode
[  651.736028][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.743700][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_0
[  651.752015][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  651.759876][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_1
[  651.786507][ T6629] veth1_macvtap: left promiscuous mode
[  651.792056][ T6629] veth0_macvtap: left promiscuous mode
[  651.797946][ T6629] veth1_vlan: left promiscuous mode
[  651.803259][ T6629] veth0_vlan: left promiscuous mode
[  652.074481][T12719] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  652.130505][T12719] qnx6: wrong signature (magic) in superblock #1.
[  652.138828][T12719] qnx6: unable to read the first superblock
[  652.853375][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  652.868742][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  652.877787][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  652.895448][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  652.904029][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  652.912912][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  652.937350][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  653.615348][ T6629] team0 (unregistering): Port device team_slave_1 removed
[  653.678714][ T6629] team0 (unregistering): Port device team_slave_0 removed
[  654.606815][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  654.682880][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  654.807758][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  654.895172][T12720] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  654.985548][T11380] Bluetooth: hci4: command tx timeout
[  655.188834][T12720] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  655.344145][T12728] chnl_net:caif_netlink_parms(): no params data found
[  655.441547][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  655.476434][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  655.516359][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  655.581116][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  655.583926][T12728] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.718190][T12728] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.797051][T12728] bridge_slave_0: entered allmulticast mode
[  655.809601][T12728] bridge_slave_0: entered promiscuous mode
[  655.820688][T12728] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.831453][T12728] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.844073][T12728] bridge_slave_1: entered allmulticast mode
[  655.862266][T12728] bridge_slave_1: entered promiscuous mode
[  655.874538][T12720] ip6gretap0 speed is unknown, defaulting to 1000
[  655.947998][T12728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  655.979623][T12728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  656.745473][ T6614] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  657.076551][T11380] Bluetooth: hci4: command tx timeout
[  657.521987][T12728] team0: Port device team_slave_0 added
[  657.537062][T12728] team0: Port device team_slave_1 added
[  657.595099][T12728] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.602076][T12728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.632739][T12728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.648115][T12728] batman_adv: batadv0: Adding interface: batadv_slave_1
[  657.655660][T12728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.683396][T12728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  657.721153][T12728] hsr_slave_0: entered promiscuous mode
[  657.727618][T12728] hsr_slave_1: entered promiscuous mode
[  657.733919][T12728] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  657.741567][T12728] Cannot create hsr debugfs directory
[  657.954935][   T25] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  658.013944][T12780] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1857'.
[  658.024101][T12780] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1857'.
[  658.024864][T10397] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  658.157768][   T25] usb 4-1: device descriptor read/64, error -71
[  658.486327][T10397] usb 2-1: Using ep0 maxpacket: 32
[  658.658597][T10397] usb 2-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae
[  658.668828][ T6627] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  658.804661][   T25] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  658.813170][T10397] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.823338][T10397] usb 2-1: Product: syz
[  658.829305][T10397] usb 2-1: Manufacturer: syz
[  658.834419][T10397] usb 2-1: SerialNumber: syz
[  658.846429][T10397] usb 2-1: config 0 descriptor??
[  658.855863][T10397] ums_eneub6250 2-1:0.0: USB Mass Storage device detected
[  658.944527][   T25] usb 4-1: device descriptor read/64, error -71
[  658.971739][T12728] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  659.010200][T12728] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  659.026537][T12728] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  659.040690][T12728] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  659.066359][   T25] usb usb4-port1: attempt power cycle
[  659.144728][T11380] Bluetooth: hci4: command tx timeout
[  659.186604][T12728] 8021q: adding VLAN 0 to HW filter on device bond0
[  659.207212][T12728] 8021q: adding VLAN 0 to HW filter on device team0
[  659.221587][ T6627] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.229035][ T6627] bridge0: port 1(bridge_slave_0) entered forwarding state
[  659.255266][T11129] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.262631][T11129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  659.474713][   T25] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  659.520783][   T25] usb 4-1: device descriptor read/8, error -71
[  659.755272][   T25] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  659.827157][   T25] usb 4-1: device descriptor read/8, error -71
[  659.954519][   T25] usb usb4-port1: unable to enumerate USB device
[  660.052471][T12728] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  660.484167][T12728] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.103594][T10453] usb 2-1: USB disconnect, device number 31
[  661.224808][T11380] Bluetooth: hci4: command tx timeout
[  661.458469][T12821] ip6gretap0 speed is unknown, defaulting to 1000
[  661.554712][  T971] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  661.704536][  T971] usb 3-1: Using ep0 maxpacket: 16
[  661.715577][  T971] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[  661.723808][  T971] usb 3-1: config 0 has no interface number 0
[  661.736048][T12728] veth0_vlan: entered promiscuous mode
[  661.745533][  T971] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  661.759808][  T971] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  661.769858][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.782665][T12728] veth1_vlan: entered promiscuous mode
[  661.793234][T12840] ubi0: attaching mtd0
[  661.799670][T12840] ubi0: scanning is finished
[  661.805104][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  661.817012][  T971] usb 3-1: Product: syz
[  661.821753][  T971] usb 3-1: Manufacturer: syz
[  661.837808][T12840] ubi0: empty MTD device detected
[  661.842984][  T971] usb 3-1: SerialNumber: syz
[  661.887172][  T971] usb 3-1: config 0 descriptor??
[  661.916656][T12728] veth0_macvtap: entered promiscuous mode
[  661.942509][T12728] veth1_macvtap: entered promiscuous mode
[  662.032921][T12728] batman_adv: batadv0: Interface activated: batadv_slave_0
[  662.121379][T12728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.158343][T12728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.169111][T12728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.172450][T12840] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  662.179924][T12728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.179940][T12728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.179958][T12728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.181142][T12728] batman_adv: batadv0: Interface activated: batadv_slave_1
[  662.188790][T12840] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  662.222062][T12728] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  662.247321][T12728] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  662.257504][T12728] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  662.267088][T12728] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  662.279635][T12840] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  662.312273][T12840] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  662.321217][T12840] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  662.336489][  T971] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[  662.347825][T12840] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  662.356925][T12840] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2838488204
[  662.368195][T12840] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  662.375108][  T971] usb 3-1: USB disconnect, device number 46
[  662.385279][T12842] ubi0: detaching mtd0
[  662.425081][T12842] ubi0: mtd0 is detached
[  662.456123][ T6614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  662.458056][ T6631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  662.472287][ T6631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  662.475921][ T6614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  662.780360][T12857] netlink: 'syz.0.1876': attribute type 9 has an invalid length.
[  662.808355][T12857] netlink: 'syz.0.1876': attribute type 7 has an invalid length.
[  662.829668][T12857] netlink: 'syz.0.1876': attribute type 8 has an invalid length.
[  663.210528][T12869] netlink: 'syz.2.1879': attribute type 2 has an invalid length.
[  663.623477][ T6629] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.708277][ T6629] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.723283][T12874] sch_tbf: burst 32855 is lower than device lo mtu (39799) !
[  663.812605][ T6629] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.900067][ T6629] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.003434][ T6629] bridge_slave_1: left allmulticast mode
[  664.009311][ T6629] bridge_slave_1: left promiscuous mode
[  664.015182][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.025778][ T6629] bridge_slave_0: left allmulticast mode
[  664.031609][ T6629] bridge_slave_0: left promiscuous mode
[  664.037695][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.407707][ T6629] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  664.420570][ T6629] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  664.431885][ T6629] bond0 (unregistering): Released all slaves
[  664.446364][ T6614] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  664.686322][ T6629] hsr_slave_0: left promiscuous mode
[  664.692331][ T6629] hsr_slave_1: left promiscuous mode
[  664.701232][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  664.708806][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_0
[  664.775117][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  664.782557][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_1
[  665.151152][ T6629] veth1_macvtap: left promiscuous mode
[  665.157609][ T6629] veth0_macvtap: left promiscuous mode
[  665.163753][ T6629] veth1_vlan: left promiscuous mode
[  665.169791][ T6629] veth0_vlan: left promiscuous mode
[  666.579009][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  666.592252][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  666.677187][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  666.687267][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  666.695976][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  666.703991][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  666.908127][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  666.993060][T10397] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  667.154489][T10397] usb 2-1: Using ep0 maxpacket: 32
[  667.171495][T10397] usb 2-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=e1.fc
[  667.181579][T10397] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.193415][T10397] usb 2-1: config 0 descriptor??
[  667.202380][T10397] ljca 2-1:0.0: bulk endpoints not found
[  667.328867][ T6629] team0 (unregistering): Port device team_slave_1 removed
[  667.364433][ T5936] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  667.393792][ T6629] team0 (unregistering): Port device team_slave_0 removed
[  667.510053][ T5936] usb 3-1: device descriptor read/64, error -71
[  667.757847][ T5936] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  667.895613][ T5936] usb 3-1: device descriptor read/64, error -71
[  668.007286][ T5936] usb usb3-port1: attempt power cycle
[  668.137774][T12899] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1887'.
[  668.249373][T12909] ip6gretap0 speed is unknown, defaulting to 1000
[  668.981098][ T5936] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  669.049902][ T5936] usb 3-1: device descriptor read/8, error -71
[  669.067965][   T54] Bluetooth: hci4: command tx timeout
[  669.397149][ T5936] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  669.479775][ T5936] usb 3-1: device descriptor read/8, error -71
[  669.596693][T11129] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  669.735628][ T5936] usb usb3-port1: unable to enumerate USB device
[  670.535368][T12938] netlink: 'syz.0.1895': attribute type 2 has an invalid length.
[  670.700414][T12909] chnl_net:caif_netlink_parms(): no params data found
[  670.863921][T12943] overlay: ./file1 is not a directory
[  670.871688][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1897'.
[  670.884607][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1897'.
[  670.920327][ T5936] usb 2-1: USB disconnect, device number 32
[  671.175889][T12960] ip6gretap0 speed is unknown, defaulting to 1000
[  671.289205][   T54] Bluetooth: hci4: command tx timeout
[  671.382723][T12909] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.396076][T12909] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.404489][T12909] bridge_slave_0: entered allmulticast mode
[  671.426412][T12909] bridge_slave_0: entered promiscuous mode
[  671.450432][T12909] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.458925][T12909] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.468132][T12909] bridge_slave_1: entered allmulticast mode
[  671.484815][T12909] bridge_slave_1: entered promiscuous mode
[  671.863831][T12909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  671.919643][T12909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  672.083476][T12909] team0: Port device team_slave_0 added
[  672.105732][ T3507] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  672.139597][T12909] team0: Port device team_slave_1 added
[  672.203025][T12909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.210302][T12909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.269644][T12909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  672.296051][T12909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  672.303156][T12909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.331068][T12909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  672.446212][T12977] fuse: Bad value for 'fd'
[  673.209203][T10379] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  673.304468][T11380] Bluetooth: hci4: command tx timeout
[  673.512581][T10379] usb 2-1: device descriptor read/64, error -71
[  673.565663][T12909] hsr_slave_0: entered promiscuous mode
[  673.573582][T12909] hsr_slave_1: entered promiscuous mode
[  673.582888][T12909] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  673.591354][T12909] Cannot create hsr debugfs directory
[  673.735128][T12984] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  673.743446][T12984] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  673.849755][T10379] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  673.871330][T12984] x_tables: ip_tables: osf match: only valid for protocol 6
[  673.985212][T10379] usb 2-1: device descriptor read/64, error -71
[  674.123708][T10379] usb usb2-port1: attempt power cycle
[  674.555378][T12995] SET target dimension over the limit!
[  675.287666][ T3507] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  675.366657][T10379] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  675.403609][T10379] usb 2-1: device descriptor read/8, error -71
[  675.403882][T11380] Bluetooth: hci4: command tx timeout
[  676.418087][T13008] Process accounting paused
[  676.738457][T12909] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  676.805797][T12909] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  676.821321][T12909] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  676.855945][T12909] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  677.126472][T13026] fuse: Bad value for 'fd'
[  677.145393][T12909] 8021q: adding VLAN 0 to HW filter on device bond0
[  677.225391][ T6614] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  677.237073][T12909] 8021q: adding VLAN 0 to HW filter on device team0
[  677.705365][   T25] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  677.736478][T13031] ip6gretap0 speed is unknown, defaulting to 1000
[  677.929033][   T25] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  678.017252][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.024974][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  678.045222][   T25] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  678.059067][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.067119][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  678.075578][   T25] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  678.097522][   T25] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  678.107631][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.193683][   T25] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  678.238434][   T25] usb 3-1: invalid MIDI out EP 0
[  678.289953][T13036] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1920'.
[  678.385041][T13029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.394460][T13029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.440184][   T25] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  678.773197][T12909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  679.291427][T12909] veth0_vlan: entered promiscuous mode
[  679.310172][T12909] veth1_vlan: entered promiscuous mode
[  679.387392][T12909] veth0_macvtap: entered promiscuous mode
[  679.399932][T12909] veth1_macvtap: entered promiscuous mode
[  679.422459][T12909] batman_adv: batadv0: Interface activated: batadv_slave_0
[  679.433808][T12909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.445606][T12909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.456470][T12909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.468189][T12909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.479396][T12909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.490967][T12909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.506499][T12909] batman_adv: batadv0: Interface activated: batadv_slave_1
[  679.560081][T12909] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  679.571172][T12909] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  679.580792][T12909] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  679.590281][T12909] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  679.741374][T11129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.766872][T11129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.828446][T11129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.851405][T11129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.488717][ T5936] usb 3-1: USB disconnect, device number 51
[  681.095960][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  681.630237][T13117] netlink: 'syz.1.1927': attribute type 2 has an invalid length.
[  681.854057][T13121] bond0: (slave wlan1): Releasing backup interface
[  681.956054][T13121] mac80211_hwsim hwsim4 wlan1 (unregistering): left promiscuous mode
[  682.709200][ T6629] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.807074][ T6629] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.876588][ T6629] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.951726][ T6629] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.984933][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  683.045061][ T6629] bridge_slave_1: left allmulticast mode
[  683.051203][ T6629] bridge_slave_1: left promiscuous mode
[  683.058561][ T6629] bridge0: port 2(bridge_slave_1) entered disabled state
[  683.068540][ T6629] bridge_slave_0: left allmulticast mode
[  683.074641][ T6629] bridge_slave_0: left promiscuous mode
[  683.080350][ T6629] bridge0: port 1(bridge_slave_0) entered disabled state
[  683.562431][ T6629] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  683.575420][ T6629] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  683.588209][ T6629] bond0 (unregistering): Released all slaves
[  683.823209][ T6629] hsr_slave_0: left promiscuous mode
[  683.829951][ T6629] hsr_slave_1: left promiscuous mode
[  683.836570][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  683.845656][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_0
[  683.853734][ T6629] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  683.861598][ T6629] batman_adv: batadv0: Removing interface: batadv_slave_1
[  683.890669][ T6629] veth1_macvtap: left promiscuous mode
[  683.896417][ T6629] veth0_macvtap: left promiscuous mode
[  683.902010][ T6629] veth1_vlan: left promiscuous mode
[  683.907423][ T6629] veth0_vlan: left promiscuous mode
[  684.421984][T13139] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1935'.
[  685.583109][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  685.595108][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  685.614759][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  685.624384][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  685.632662][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  685.641011][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  685.734441][T10453] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  686.024076][T10453] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  686.107612][T10453] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  686.205927][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  686.214343][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  686.228594][T10453] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  686.485708][T10453] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  686.519785][T10453] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.586442][T10453] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  686.596901][T10453] usb 4-1: invalid MIDI out EP 0
[  686.727655][T13168] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  687.566999][T13144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.575933][T13144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.593620][T10453] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  687.706711][T11380] Bluetooth: hci4: command tx timeout
[  687.781038][ T6629] team0 (unregistering): Port device team_slave_1 removed
[  687.866242][T10453] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  687.879210][ T6629] team0 (unregistering): Port device team_slave_0 removed
[  688.037746][T10453] usb 2-1: Using ep0 maxpacket: 16
[  688.054069][T10453] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  688.087268][T10453] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  688.111905][T10453] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  688.121168][T10453] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.144056][T10453] usb 2-1: Product: syz
[  688.148375][T10453] usb 2-1: Manufacturer: syz
[  688.153368][T10453] usb 2-1: SerialNumber: syz
[  688.173850][T10453] usb 2-1: config 0 descriptor??
[  688.207503][T10453] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  688.217367][T10453] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  688.488176][T10453] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  688.620543][T10453] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  688.675103][T10453] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  688.712533][T10453] em28xx 2-1:0.0: No AC97 audio processor
[  688.750001][T13147] ip6gretap0 speed is unknown, defaulting to 1000
[  688.754725][ T6625] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  688.805614][T13164] netlink: 'syz.2.1940': attribute type 2 has an invalid length.
[  688.900813][T13156] ip6gretap0 speed is unknown, defaulting to 1000
[  688.918142][T13174] FAULT_INJECTION: forcing a failure.
[  688.918142][T13174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.933326][T13174] CPU: 0 UID: 0 PID: 13174 Comm: syz.0.1943 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  688.943772][T13174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  688.953830][T13174] Call Trace:
[  688.957112][T13174]  <TASK>
[  688.960041][T13174]  dump_stack_lvl+0x241/0x360
[  688.964731][T13174]  ? __pfx_dump_stack_lvl+0x10/0x10
[  688.969929][T13174]  ? __pfx__printk+0x10/0x10
[  688.974529][T13174]  ? snprintf+0xda/0x120
[  688.978778][T13174]  should_fail_ex+0x3b0/0x4e0
[  688.983472][T13174]  _copy_to_user+0x31/0xb0
[  688.987889][T13174]  simple_read_from_buffer+0xca/0x150
[  688.993273][T13174]  proc_fail_nth_read+0x1e9/0x250
[  688.998307][T13174]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  689.003860][T13174]  ? rw_verify_area+0x55e/0x6f0
[  689.008713][T13174]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  689.014265][T13174]  vfs_read+0x1fc/0xb70
[  689.018434][T13174]  ? __pfx___mutex_lock+0x10/0x10
[  689.023460][T13174]  ? __pfx_vfs_read+0x10/0x10
[  689.028141][T13174]  ? __fget_files+0x2a/0x410
[  689.032734][T13174]  ? __fget_files+0x395/0x410
[  689.037414][T13174]  ? __fget_files+0x2a/0x410
[  689.042013][T13174]  ksys_read+0x18f/0x2b0
[  689.046266][T13174]  ? __pfx_ksys_read+0x10/0x10
[  689.051034][T13174]  ? do_syscall_64+0x100/0x230
[  689.055798][T13174]  ? do_syscall_64+0xb6/0x230
[  689.060481][T13174]  do_syscall_64+0xf3/0x230
[  689.064996][T13174]  ? clear_bhb_loop+0x35/0x90
[  689.069672][T13174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.075574][T13174] RIP: 0033:0x7fd5eb77d25c
[  689.079994][T13174] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  689.099609][T13174] RSP: 002b:00007fd5ec561030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  689.108024][T13174] RAX: ffffffffffffffda RBX: 00007fd5eb935fa0 RCX: 00007fd5eb77d25c
[  689.115998][T13174] RDX: 000000000000000f RSI: 00007fd5ec5610a0 RDI: 0000000000000004
[  689.123962][T13174] RBP: 00007fd5ec561090 R08: 0000000000000000 R09: 0000000000000000
[  689.131933][T13174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  689.139908][T13174] R13: 0000000000000000 R14: 00007fd5eb935fa0 R15: 00007ffed5dbe328
[  689.147891][T13174]  </TASK>
[  689.223802][ T5888] usb 2-1: USB disconnect, device number 37
[  689.319893][ T5888] em28xx 2-1:0.0: Disconnecting em28xx
[  689.341447][ T5888] em28xx 2-1:0.0: Freeing device
[  689.431168][   T25] usb 4-1: USB disconnect, device number 45
[  689.607542][T13185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1944'.
[  689.615062][T13183] vivid-003: disconnect
[  689.784868][T11380] Bluetooth: hci4: command tx timeout
[  690.116914][T13180] vivid-003: reconnect
[  690.234681][T13156] chnl_net:caif_netlink_parms(): no params data found
[  691.093200][T13156] bridge0: port 1(bridge_slave_0) entered blocking state
[  691.102490][T13156] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.118432][T13156] bridge_slave_0: entered allmulticast mode
[  691.175998][T13156] bridge_slave_0: entered promiscuous mode
[  691.184120][T13156] bridge0: port 2(bridge_slave_1) entered blocking state
[  691.196064][T13156] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.203241][T13156] bridge_slave_1: entered allmulticast mode
[  691.212547][T13156] bridge_slave_1: entered promiscuous mode
[  691.381400][T13156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  691.413841][T13156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  691.603340][T13156] team0: Port device team_slave_0 added
[  691.621295][T13156] team0: Port device team_slave_1 added
[  691.646209][T13212] FAULT_INJECTION: forcing a failure.
[  691.646209][T13212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.674614][T13212] CPU: 0 UID: 0 PID: 13212 Comm: syz.0.1951 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  691.685065][T13212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  691.695139][T13212] Call Trace:
[  691.698433][T13212]  <TASK>
[  691.701383][T13212]  dump_stack_lvl+0x241/0x360
[  691.706086][T13212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.711313][T13212]  ? __pfx__printk+0x10/0x10
[  691.715951][T13212]  should_fail_ex+0x3b0/0x4e0
[  691.720659][T13212]  strncpy_from_user+0x36/0x270
[  691.725537][T13212]  getname_flags+0xf1/0x540
[  691.730075][T13212]  path_setxattrat+0x400/0x510
[  691.734870][T13212]  ? __pfx_path_setxattrat+0x10/0x10
[  691.740178][T13212]  ? vfs_write+0x730/0xd30
[  691.744636][T13212]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  691.750623][T13212]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  691.756966][T13212]  __x64_sys_lsetxattr+0xbf/0xe0
[  691.761913][T13212]  do_syscall_64+0xf3/0x230
[  691.766420][T13212]  ? clear_bhb_loop+0x35/0x90
[  691.771105][T13212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.777004][T13212] RIP: 0033:0x7fd5eb77e819
[  691.781421][T13212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.801031][T13212] RSP: 002b:00007fd5ec561038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  691.809453][T13212] RAX: ffffffffffffffda RBX: 00007fd5eb935fa0 RCX: 00007fd5eb77e819
[  691.817425][T13212] RDX: 0000000020000c00 RSI: 0000000020000440 RDI: 0000000020000140
[  691.825396][T13212] RBP: 00007fd5ec561090 R08: 0000000000000000 R09: 0000000000000000
[  691.833373][T13212] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001
[  691.841340][T13212] R13: 0000000000000000 R14: 00007fd5eb935fa0 R15: 00007ffed5dbe328
[  691.849331][T13212]  </TASK>
[  691.865713][T11380] Bluetooth: hci4: command tx timeout
[  691.979273][T13156] batman_adv: batadv0: Adding interface: batadv_slave_0
[  691.996684][T13156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  692.033875][T13156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  692.065819][T13156] batman_adv: batadv0: Adding interface: batadv_slave_1
[  692.072856][T13156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  692.099614][T13156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  692.151423][T13156] hsr_slave_0: entered promiscuous mode
[  692.160468][T13156] hsr_slave_1: entered promiscuous mode
[  692.167224][T13156] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  692.209744][T13156] Cannot create hsr debugfs directory
[  692.384552][T13219] kvm: pic: non byte write
[  693.624923][T13236] ip6gretap0 speed is unknown, defaulting to 1000
[  693.957367][T11380] Bluetooth: hci4: command tx timeout
[  694.125897][T13240] lo: entered allmulticast mode
[  694.134941][T13240] tunl0: entered allmulticast mode
[  694.140540][T10453] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  694.153417][T13240] gre0: entered allmulticast mode
[  694.164044][T13240] gretap0: entered allmulticast mode
[  694.173134][T13240] erspan0: entered allmulticast mode
[  694.189494][T13240] ip_vti0: entered allmulticast mode
[  694.207320][T13240] ip6_vti0: entered allmulticast mode
[  694.217974][T13240] sit0: entered allmulticast mode
[  694.243819][T13240] ip6tnl0: entered allmulticast mode
[  694.257078][T13246] netlink: 'syz.1.1958': attribute type 10 has an invalid length.
[  694.268922][T13240] ip6gre0: entered allmulticast mode
[  694.284188][T13240] syz_tun: entered allmulticast mode
[  694.297062][T10453] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  694.313646][T10453] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  694.333684][T13240] ip6gretap0: entered allmulticast mode
[  694.339351][T10453] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  694.368045][T13240] bridge0: port 3(team0) entered disabled state
[  694.377315][T13240] bridge0: port 1(bridge_slave_0) entered disabled state
[  694.392523][T10453] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  694.403711][T13240] bridge0: entered allmulticast mode
[  694.411214][T10453] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.427386][T13240] vcan0: entered allmulticast mode
[  694.431813][T10453] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  694.434128][T13240] bond0: left promiscuous mode
[  694.444827][T10453] usb 3-1: invalid MIDI out EP 0
[  694.450869][T13240] bond_slave_0: left promiscuous mode
[  694.457128][T13240] bond_slave_1: left promiscuous mode
[  694.477626][T10453] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  694.494545][T13240] bond0: entered allmulticast mode
[  694.499889][T13240] bond_slave_0: entered allmulticast mode
[  694.521448][T13240] bond_slave_1: entered allmulticast mode
[  694.542535][T13240] dummy0: entered allmulticast mode
[  694.551640][T13240] nlmon0: entered allmulticast mode
[  694.563781][T13240] caif0: entered allmulticast mode
[  694.570280][T13240] vxcan0: entered allmulticast mode
[  694.581746][T13240] vxcan1: entered allmulticast mode
[  694.589559][T13240] veth0: entered allmulticast mode
[  694.604893][T13240] veth1: entered allmulticast mode
[  694.621675][T13240] wg0: entered allmulticast mode
[  694.652558][T13233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.662033][T13233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.681159][T13240] wg1: entered allmulticast mode
[  694.691234][T13240] wg2: entered allmulticast mode
[  694.703114][T13240] veth0_to_bridge: entered allmulticast mode
[  694.718536][T13240] veth1_to_bridge: entered allmulticast mode
[  694.733852][T13240] bridge_slave_1: entered allmulticast mode
[  694.749745][T13240] veth0_to_bond: entered allmulticast mode
[  694.760948][T13240] veth1_to_bond: entered allmulticast mode
[  694.792794][T13240] veth0_to_team: entered allmulticast mode
[  694.812291][T13240] veth1_to_team: entered allmulticast mode
[  694.838463][T13240] veth0_to_batadv: entered allmulticast mode
[  694.859064][T13240] batadv_slave_0: left promiscuous mode
[  694.869054][T13240] batadv_slave_0: entered allmulticast mode
[  694.878314][T13240] veth1_to_batadv: entered allmulticast mode
[  694.903584][T13240] batadv_slave_1: entered allmulticast mode
[  694.955834][T13240] xfrm0: entered allmulticast mode
[  694.978905][T13240] veth0_to_hsr: entered allmulticast mode
[  695.001563][T13240] hsr_slave_0: entered allmulticast mode
[  695.021847][T13240] veth1_to_hsr: entered allmulticast mode
[  695.035836][T13240] hsr_slave_1: entered allmulticast mode
[  695.048107][T13240] hsr0: entered allmulticast mode
[  695.058110][T13240] veth1_virt_wifi: entered allmulticast mode
[  695.077793][T13240] veth0_virt_wifi: entered allmulticast mode
[  695.087503][T13240] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  695.100403][T13240] veth1_vlan: entered allmulticast mode
[  695.110400][T13240] veth0_vlan: entered allmulticast mode
[  695.127266][T13240] vlan0: entered allmulticast mode
[  695.132580][T13240] vlan1: entered allmulticast mode
[  695.138739][T13240] macvlan0: entered allmulticast mode
[  695.150889][T13240] macvlan1: entered allmulticast mode
[  695.158998][T13240] ipvlan0: entered allmulticast mode
[  695.165885][T13240] ipvlan1: entered allmulticast mode
[  695.172909][T13240] veth1_macvtap: entered allmulticast mode
[  695.184791][T13240] veth0_macvtap: entered allmulticast mode
[  695.195310][T13240] macvtap0: entered allmulticast mode
[  695.204055][T13240] macsec0: entered allmulticast mode
[  695.212754][T13240] geneve0: entered allmulticast mode
[  695.220916][T13240] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.233875][T13240] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.244484][T13240] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.253440][T13240] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.266582][T13240] geneve1: entered allmulticast mode
[  695.276027][T13240] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  695.287569][T13240] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  695.303743][T13240] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  695.319784][T13240] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  695.336502][T13240] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode
[  695.346512][T13240] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  695.353898][T13240] bond1: entered allmulticast mode
[  695.359516][T13240] dummy0.1: entered allmulticast mode
[  695.366002][T13240] ip6gre1: entered allmulticast mode
[  695.390542][T13240] vxcan1.0: entered allmulticast mode
[  695.399563][T13240] X�: entered allmulticast mode
[  695.405029][T13240] geneve2: entered allmulticast mode
[  695.440255][T13246] 8021q: adding VLAN 0 to HW filter on device batadv0
[  695.494633][T13247] bond0: entered promiscuous mode
[  695.504087][T13247] bond_slave_0: entered promiscuous mode
[  695.511004][T13247] bond_slave_1: entered promiscuous mode
[  695.745883][ T5892] usb 3-1: USB disconnect, device number 52
[  697.601482][T13156] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  697.661385][T13156] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  697.690482][T13156] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  697.805557][T13156] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  697.932854][T13270] netlink: 'syz.2.1966': attribute type 2 has an invalid length.
[  698.052347][T13156] 8021q: adding VLAN 0 to HW filter on device bond0
[  698.071147][T13156] 8021q: adding VLAN 0 to HW filter on device team0
[  698.100330][T13156] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  698.111103][T13156] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  698.138967][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.146701][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  698.347691][ T6625] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  698.670832][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.678270][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.102181][T13156] 8021q: adding VLAN 0 to HW filter on device batadv0
[  699.570733][T13156] veth0_vlan: entered promiscuous mode
[  699.591091][T13299] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  699.633208][T13156] veth1_vlan: entered promiscuous mode
[  699.746337][T13301] netlink: 'syz.1.1974': attribute type 10 has an invalid length.
[  699.781360][T13301] 8021q: adding VLAN 0 to HW filter on device batadv0
[  699.827575][T13301] batadv0: entered promiscuous mode
[  699.913019][T13156] veth0_macvtap: entered promiscuous mode
[  699.974553][T13156] veth1_macvtap: entered promiscuous mode
[  700.077686][T13156] batman_adv: batadv0: Interface activated: batadv_slave_0
[  700.136474][T13156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  700.175012][T13156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  700.205969][T13156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  700.234395][T13156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  700.265088][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  700.282601][T13156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  700.323785][T13156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  700.369420][T13156] batman_adv: batadv0: Interface activated: batadv_slave_1
[  700.410257][T13156] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  700.453171][T13156] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  700.680418][T13156] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  700.705250][T13156] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  701.457337][T13310] IPv6: Can't replace route, no match found
[  701.870213][ T6631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  701.902963][ T6631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  701.914026][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  701.924358][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  702.264932][ T5888] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  702.368384][T13332] debugfs: Directory 'netdev:nicvf0' with parent 'phy9' already present!
[  702.436332][ T5888] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=51.d4
[  702.450416][ T5888] usb 2-1: New USB device strings: Mfr=231, Product=37, SerialNumber=191
[  702.460890][ T5888] usb 2-1: Product: syz
[  702.466275][ T5888] usb 2-1: Manufacturer: syz
[  702.471453][ T5888] usb 2-1: SerialNumber: syz
[  702.493766][ T5888] usb 2-1: config 0 descriptor??
[  702.734833][T13339] rdma_op ffff8880337c01f0 conn xmit_rdma 0000000000000000
[  703.518314][ T5888] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  703.557785][T13344] netlink: 'syz.3.1987': attribute type 10 has an invalid length.
[  703.670902][ T3507] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.732498][ T5888] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  703.751515][T13346] bond0: entered promiscuous mode
[  703.760319][T13346] bond_slave_0: entered promiscuous mode
[  703.760411][ T5888] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[  703.768716][T13346] bond_slave_1: entered promiscuous mode
[  703.780806][T13346] bond0: left allmulticast mode
[  703.951296][T10453] usb 2-1: USB disconnect, device number 38
[  704.035289][ T3507] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.105154][ T3507] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.115982][T11129] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  704.180032][ T3507] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.282530][ T3507] bridge_slave_1: left allmulticast mode
[  704.288366][ T3507] bridge_slave_1: left promiscuous mode
[  704.294170][ T3507] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.303379][ T3507] bridge_slave_0: left allmulticast mode
[  704.309728][ T3507] bridge_slave_0: left promiscuous mode
[  704.315636][ T3507] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.742044][ T3507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.757559][ T3507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.773298][ T3507] bond0 (unregistering): Released all slaves
[  705.017611][ T3507] hsr_slave_0: left promiscuous mode
[  705.023617][ T3507] hsr_slave_1: left promiscuous mode
[  705.029899][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  705.037471][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_0
[  705.048857][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  705.056379][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_1
[  705.085965][ T3507] veth1_macvtap: left promiscuous mode
[  705.091521][ T3507] veth0_macvtap: left promiscuous mode
[  705.097253][ T3507] veth1_vlan: left promiscuous mode
[  705.102546][ T3507] veth0_vlan: left promiscuous mode
[  705.305015][ T6614] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  705.760570][T13366] kvm: pic: non byte write
[  706.561085][T11380] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  706.571628][T11380] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  706.581475][T11380] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  706.603078][T11380] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  706.611117][T11380] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  706.618793][T11380] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  706.742541][ T3507] team0 (unregistering): Port device team_slave_1 removed
[  706.830024][ T3507] team0 (unregistering): Port device team_slave_0 removed
[  706.894330][ T5936] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  707.047051][ T5936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  707.068237][ T5936] usb 4-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00
[  707.077686][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.097611][ T5936] usb 4-1: config 0 descriptor??
[  707.314429][ T5936] apple 0003:05AC:027D.0013: unknown main item tag 0x1
[  707.337216][ T5936] apple 0003:05AC:027D.0013: hidraw0: USB HID vff.ff Device [HID 05ac:027d] on usb-dummy_hcd.3-1/input0
[  707.522879][ T5936] usb 4-1: USB disconnect, device number 46
[  708.130203][T13359] Process accounting resumed
[  708.207791][T13370] ip6gretap0 speed is unknown, defaulting to 1000
[  708.690633][T11380] Bluetooth: hci4: command tx timeout
[  709.251636][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  709.958145][T13370] chnl_net:caif_netlink_parms(): no params data found
[  710.352083][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  710.418355][T13406] netlink: 'syz.3.2002': attribute type 2 has an invalid length.
[  710.441545][T13370] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.460064][T13370] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.503482][T13370] bridge_slave_0: entered allmulticast mode
[  710.531763][T13370] bridge_slave_0: entered promiscuous mode
[  710.539544][T13370] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.546852][T13370] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.555015][T13370] bridge_slave_1: entered allmulticast mode
[  710.563335][T13370] bridge_slave_1: entered promiscuous mode
[  710.720878][T13370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.744842][T11380] Bluetooth: hci4: command tx timeout
[  710.844784][T13370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.078672][T13370] team0: Port device team_slave_0 added
[  712.090866][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2006'.
[  712.122188][T13370] team0: Port device team_slave_1 added
[  712.244790][T13370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  712.252353][T13370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  712.278412][    C1] vkms_vblank_simulate: vblank timer overrun
[  712.303610][T13370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  712.356035][T13370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  712.363904][T13370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  712.412125][T13370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  712.920108][T13429] 9pnet_fd: Insufficient options for proto=fd
[  712.935476][T11380] Bluetooth: hci4: command tx timeout
[  713.012576][T13370] hsr_slave_0: entered promiscuous mode
[  713.026707][T13370] hsr_slave_1: entered promiscuous mode
[  713.059666][T13370] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  713.092124][T13370] Cannot create hsr debugfs directory
[  713.967599][T13427] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2010'.
[  714.496552][T13437] team0: left allmulticast mode
[  714.539606][T13437] team_slave_0: left allmulticast mode
[  714.729993][T13437] team_slave_1: left allmulticast mode
[  714.915378][T13437] geneve0: left allmulticast mode
[  714.998626][ T3507] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  715.006313][T11380] Bluetooth: hci4: command tx timeout
[  715.054178][T13437] team0: left promiscuous mode
[  715.150122][T13437] team_slave_0: left promiscuous mode
[  715.258204][T13437] team_slave_1: left promiscuous mode
[  715.360802][T13437] geneve0: left promiscuous mode
[  715.457300][T13437] bridge0: port 3(team0) entered disabled state
[  715.625114][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  715.637729][T13437] bond0: (slave batadv0): Releasing backup interface
[  715.692294][T13437] batadv0: left promiscuous mode
[  715.752272][T13437] bridge_slave_0: left allmulticast mode
[  715.792358][T13437] bridge_slave_0: left promiscuous mode
[  715.833407][T13437] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.917550][T13437] bridge_slave_1: left allmulticast mode
[  715.937796][T13437] bridge_slave_1: left promiscuous mode
[  715.972144][T13437] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.020969][T13437] bond0: (slave bond_slave_0): Releasing backup interface
[  716.061148][T13437] bond_slave_0: left promiscuous mode
[  716.179445][T13437] bond0: (slave bond_slave_1): Releasing backup interface
[  716.224307][T13437] bond_slave_1: left promiscuous mode
[  716.567802][T13437] team0: Port device team_slave_0 removed
[  716.661183][T13437] team0: Port device team_slave_1 removed
[  716.679665][T13437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  716.766064][T13437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  716.786769][T13437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  716.949930][T13437] team0: Port device geneve0 removed
[  716.963900][T13437] vlan0: left allmulticast mode
[  716.972257][T13437] dummy0: left allmulticast mode
[  716.981391][T13451] ptrace attach of "./syz-executor exec"[13452] was attempted by "\x5c"[13451]
[  716.991166][T13437] vlan0: left promiscuous mode
[  716.991229][T13437] dummy0: left promiscuous mode
[  717.014691][T13437] bridge0: port 4(vlan0) entered disabled state
[  718.055466][T13370] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  718.110661][T13464] FAULT_INJECTION: forcing a failure.
[  718.110661][T13464] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.111174][T13370] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  718.132389][T13464] CPU: 0 UID: 0 PID: 13464 Comm: syz.2.2020 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  718.142842][T13464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  718.152920][T13464] Call Trace:
[  718.156214][T13464]  <TASK>
[  718.159162][T13464]  dump_stack_lvl+0x241/0x360
[  718.163872][T13464]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.169101][T13464]  ? __pfx__printk+0x10/0x10
[  718.173735][T13464]  should_fail_ex+0x3b0/0x4e0
[  718.178452][T13464]  _copy_to_user+0x31/0xb0
[  718.182895][T13464]  pagemap_read+0x5bb/0x910
[  718.187428][T13464]  ? __pfx_pagemap_read+0x10/0x10
[  718.192464][T13464]  ? rw_verify_area+0x55e/0x6f0
[  718.197318][T13464]  ? __pfx_pagemap_read+0x10/0x10
[  718.202351][T13464]  vfs_read+0x1fc/0xb70
[  718.206510][T13464]  ? do_sys_openat2+0x17a/0x1d0
[  718.211366][T13464]  ? __pfx_vfs_read+0x10/0x10
[  718.216049][T13464]  ? do_sys_openat2+0x17a/0x1d0
[  718.220903][T13464]  ? __pfx_do_sys_openat2+0x10/0x10
[  718.226110][T13464]  ? put_files_struct+0x23d/0x310
[  718.231153][T13464]  __x64_sys_pread64+0x1ac/0x240
[  718.236099][T13464]  ? __pfx___x64_sys_pread64+0x10/0x10
[  718.241565][T13464]  ? do_syscall_64+0x100/0x230
[  718.246333][T13464]  ? do_syscall_64+0xb6/0x230
[  718.251006][T13464]  do_syscall_64+0xf3/0x230
[  718.255506][T13464]  ? clear_bhb_loop+0x35/0x90
[  718.260182][T13464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.266075][T13464] RIP: 0033:0x7f047af7e819
[  718.270487][T13464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.290091][T13464] RSP: 002b:00007f047bdb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  718.298506][T13464] RAX: ffffffffffffffda RBX: 00007f047b135fa0 RCX: 00007f047af7e819
[  718.306473][T13464] RDX: 0000000000200000 RSI: 0000000020001240 RDI: 0000000000000003
[  718.314437][T13464] RBP: 00007f047bdb9090 R08: 0000000000000000 R09: 0000000000000000
[  718.322399][T13464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  718.330369][T13464] R13: 0000000000000000 R14: 00007f047b135fa0 R15: 00007ffdc65a63d8
[  718.338354][T13464]  </TASK>
[  718.481543][T13370] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  718.522343][T13370] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  718.847795][T13370] 8021q: adding VLAN 0 to HW filter on device bond0
[  718.890042][T13370] 8021q: adding VLAN 0 to HW filter on device team0
[  718.944813][ T6614] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.951941][ T6614] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.988882][ T6631] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.996061][ T6631] bridge0: port 2(bridge_slave_1) entered forwarding state
[  719.024640][    T8] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  719.224619][    T8] usb 3-1: Using ep0 maxpacket: 32
[  719.233374][    T8] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  719.248441][T13468] Process accounting resumed
[  719.252931][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.296116][    T8] usb 3-1: Product: syz
[  719.312865][    T8] usb 3-1: Manufacturer: syz
[  719.338322][    T8] usb 3-1: SerialNumber: syz
[  719.376032][    T8] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  719.463095][T13370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  719.966618][T13370] veth0_vlan: entered promiscuous mode
[  719.986304][T13473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  719.995006][T13473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  720.008433][T13370] veth1_vlan: entered promiscuous mode
[  720.067529][T13370] veth0_macvtap: entered promiscuous mode
[  720.076819][T13370] veth1_macvtap: entered promiscuous mode
[  720.105195][ T6625] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  720.118446][T13370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  720.143819][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.174395][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.194928][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.224560][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.265423][T13370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  720.293546][T10379] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  720.298016][T13370] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  720.341246][T13370] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  720.354359][T13370] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  720.373494][T13370] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  720.454285][T10379] usb 4-1: device descriptor read/64, error -71
[  720.532267][ T6631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.542085][ T6631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.590386][ T6614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.604904][ T6614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.702712][T10379] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  720.755034][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  721.045053][    T8] gspca_stk1135: reg_w 0x200 err -71
[  721.046603][T10379] usb 4-1: device descriptor read/64, error -71
[  721.058456][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.068838][    T8] gspca_stk1135: Sensor write failed
[  721.074137][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.094831][    T8] gspca_stk1135: Sensor write failed
[  721.100167][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.106774][    T8] gspca_stk1135: Sensor read failed
[  721.112112][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.324109][T13504] ip6gretap0 speed is unknown, defaulting to 1000
[  721.809188][    T8] gspca_stk1135: Sensor read failed
[  721.814510][    T8] gspca_stk1135: Detected sensor type unknown (0x0)
[  721.821150][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.827561][    T8] gspca_stk1135: Sensor read failed
[  721.832818][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.839523][    T8] gspca_stk1135: Sensor read failed
[  721.839892][T10379] usb usb4-port1: attempt power cycle
[  721.844778][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.844794][    T8] gspca_stk1135: Sensor write failed
[  721.844819][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  721.875072][    T8] gspca_stk1135: Sensor write failed
[  721.880405][    T8] stk1135 3-1:64.0: probe with driver stk1135 failed with error -71
[  721.893112][    T8] usb 3-1: USB disconnect, device number 53
[  722.337159][T13509] FAULT_INJECTION: forcing a failure.
[  722.337159][T13509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  722.354914][T10379] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  722.372581][T13510] ipip0: entered promiscuous mode
[  722.380583][T13510] ipip0: entered allmulticast mode
[  722.388260][T13509] CPU: 0 UID: 0 PID: 13509 Comm: syz.2.2031 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  722.398689][T13509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  722.408748][T13509] Call Trace:
[  722.412043][T13509]  <TASK>
[  722.415002][T13509]  dump_stack_lvl+0x241/0x360
[  722.419680][T13509]  ? __pfx_dump_stack_lvl+0x10/0x10
[  722.424868][T13509]  ? __pfx__printk+0x10/0x10
[  722.429490][T13509]  should_fail_ex+0x3b0/0x4e0
[  722.434185][T13509]  _copy_from_user+0x2f/0xc0
[  722.434800][T10379] usb 4-1: device descriptor read/8, error -71
[  722.438771][T13509]  sctp_setsockopt+0xcc/0x11c0
[  722.449671][T13509]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  722.455551][T13509]  do_sock_setsockopt+0x3af/0x720
[  722.460563][T13509]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  722.466098][T13509]  ? __fget_files+0x395/0x410
[  722.470764][T13509]  ? __fget_files+0x2a/0x410
[  722.475345][T13509]  __x64_sys_setsockopt+0x1ee/0x280
[  722.480542][T13509]  do_syscall_64+0xf3/0x230
[  722.485032][T13509]  ? clear_bhb_loop+0x35/0x90
[  722.489698][T13509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.495582][T13509] RIP: 0033:0x7f047af7e819
[  722.499992][T13509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.519584][T13509] RSP: 002b:00007f047bdb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  722.527990][T13509] RAX: ffffffffffffffda RBX: 00007f047b135fa0 RCX: 00007f047af7e819
[  722.535949][T13509] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003
[  722.543910][T13509] RBP: 00007f047bdb9090 R08: 000000000000009c R09: 0000000000000000
[  722.551869][T13509] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  722.559829][T13509] R13: 0000000000000000 R14: 00007f047b135fa0 R15: 00007ffdc65a63d8
[  722.567798][T13509]  </TASK>
[  722.785404][T13519] FAULT_INJECTION: forcing a failure.
[  722.785404][T13519] name failslab, interval 1, probability 0, space 0, times 0
[  722.804416][T10379] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  722.839521][T10379] usb 4-1: device descriptor read/8, error -71
[  722.851628][T13519] CPU: 1 UID: 0 PID: 13519 Comm: syz.2.2033 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  722.862117][T13519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  722.872280][T13519] Call Trace:
[  722.875574][T13519]  <TASK>
[  722.878520][T13519]  dump_stack_lvl+0x241/0x360
[  722.883225][T13519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  722.888446][T13519]  ? __pfx__printk+0x10/0x10
[  722.893062][T13519]  ? __kmalloc_noprof+0xb0/0x400
[  722.898015][T13519]  ? __pfx___might_resched+0x10/0x10
[  722.903330][T13519]  should_fail_ex+0x3b0/0x4e0
[  722.908032][T13519]  ? nla_strdup+0x9c/0x140
[  722.912468][T13519]  should_failslab+0xac/0x100
[  722.917158][T13519]  ? nla_strdup+0x9c/0x140
[  722.921590][T13519]  __kmalloc_noprof+0xd8/0x400
[  722.926372][T13519]  ? __kasan_kmalloc+0x98/0xb0
[  722.931157][T13519]  nla_strdup+0x9c/0x140
[  722.935418][T13519]  nf_tables_newchain+0x2102/0x3310
[  722.940648][T13519]  ? __pfx_lock_release+0x10/0x10
[  722.945702][T13519]  ? __pfx_nf_tables_newchain+0x10/0x10
[  722.951287][T13519]  ? __pfx_lock_acquire+0x10/0x10
[  722.956327][T13519]  ? nfnl_pernet+0x23/0x240
[  722.960852][T13519]  ? __pfx_lock_release+0x10/0x10
[  722.965925][T13519]  ? __nla_parse+0x40/0x60
[  722.970364][T13519]  nfnetlink_rcv+0x14e3/0x2ab0
[  722.975176][T13519]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  722.980353][T13519]  ? netlink_deliver_tap+0x2e/0x1b0
[  722.985567][T13519]  ? skb_clone+0x240/0x390
[  722.990003][T13519]  ? __pfx_lock_release+0x10/0x10
[  722.995054][T13519]  ? netlink_deliver_tap+0x2e/0x1b0
[  723.000278][T13519]  netlink_unicast+0x7f6/0x990
[  723.005066][T13519]  ? __pfx_netlink_unicast+0x10/0x10
[  723.010362][T13519]  ? __virt_addr_valid+0x183/0x530
[  723.015496][T13519]  ? __check_object_size+0x48e/0x900
[  723.020806][T13519]  netlink_sendmsg+0x8e4/0xcb0
[  723.025608][T13519]  ? __pfx_netlink_sendmsg+0x10/0x10
[  723.030943][T13519]  ? __pfx_netlink_sendmsg+0x10/0x10
[  723.036243][T13519]  __sock_sendmsg+0x221/0x270
[  723.040960][T13519]  sock_sendmsg+0x134/0x200
[  723.045490][T13519]  ? __pfx_sock_sendmsg+0x10/0x10
[  723.050554][T13519]  ? iov_iter_bvec+0x4e/0x180
[  723.055260][T13519]  splice_to_socket+0xa10/0x10b0
[  723.060240][T13519]  ? __pfx_splice_to_socket+0x10/0x10
[  723.065649][T13519]  ? __lock_acquire+0x1397/0x2100
[  723.070692][T13519]  ? bpf_lsm_file_permission+0x9/0x10
[  723.076066][T13519]  ? security_file_permission+0x74/0x280
[  723.081694][T13519]  ? rw_verify_area+0x1c3/0x6f0
[  723.086548][T13519]  ? __pfx_splice_to_socket+0x10/0x10
[  723.091917][T13519]  do_splice+0xd68/0x18e0
[  723.096246][T13519]  ? __pfx_lock_release+0x10/0x10
[  723.101269][T13519]  ? vfs_write+0x730/0xd30
[  723.105699][T13519]  ? __mutex_unlock_slowpath+0x21e/0x790
[  723.111336][T13519]  ? pipe_clear_nowait+0x196/0x220
[  723.116447][T13519]  ? __pfx_do_splice+0x10/0x10
[  723.121203][T13519]  ? __fget_files+0x2a/0x410
[  723.125806][T13519]  __se_sys_splice+0x2e0/0x450
[  723.130571][T13519]  ? __pfx___se_sys_splice+0x10/0x10
[  723.135853][T13519]  ? do_syscall_64+0x100/0x230
[  723.140611][T13519]  ? __x64_sys_splice+0x21/0xf0
[  723.145457][T13519]  do_syscall_64+0xf3/0x230
[  723.149956][T13519]  ? clear_bhb_loop+0x35/0x90
[  723.154638][T13519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.160543][T13519] RIP: 0033:0x7f047af7e819
[  723.164963][T13519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.184563][T13519] RSP: 002b:00007f047bd98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  723.192975][T13519] RAX: ffffffffffffffda RBX: 00007f047b136080 RCX: 00007f047af7e819
[  723.200942][T13519] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  723.208906][T13519] RBP: 00007f047bd98090 R08: 0000000000007fff R09: 0000000000000000
[  723.216879][T13519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  723.224846][T13519] R13: 0000000000000001 R14: 00007f047b136080 R15: 00007ffdc65a63d8
[  723.232837][T13519]  </TASK>
[  723.274861][T10379] usb usb4-port1: unable to enumerate USB device
[  723.515809][T13525] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2035'.
[  723.631659][ T6631] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.675772][ T6631] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.741545][ T6631] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.780146][ T6631] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.839196][ T6631] bridge_slave_1: left allmulticast mode
[  724.845090][ T6631] bridge_slave_1: left promiscuous mode
[  724.850746][ T6631] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.859814][ T6631] bridge_slave_0: left allmulticast mode
[  724.865880][ T6631] bridge_slave_0: left promiscuous mode
[  724.871520][ T6631] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.004111][T13538] FAULT_INJECTION: forcing a failure.
[  725.004111][T13538] name failslab, interval 1, probability 0, space 0, times 0
[  725.104708][T13538] CPU: 1 UID: 0 PID: 13538 Comm: syz.2.2040 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  725.115181][T13538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  725.125262][T13538] Call Trace:
[  725.128559][T13538]  <TASK>
[  725.131506][T13538]  dump_stack_lvl+0x241/0x360
[  725.136211][T13538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.141431][T13538]  ? __pfx__printk+0x10/0x10
[  725.146053][T13538]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  725.152061][T13538]  ? __pfx___might_resched+0x10/0x10
[  725.157396][T13538]  should_fail_ex+0x3b0/0x4e0
[  725.162101][T13538]  should_failslab+0xac/0x100
[  725.166806][T13538]  ? __alloc_skb+0x1c3/0x440
[  725.171422][T13538]  kmem_cache_alloc_node_noprof+0x71/0x320
[  725.177256][T13538]  __alloc_skb+0x1c3/0x440
[  725.181700][T13538]  ? __pfx___alloc_skb+0x10/0x10
[  725.186660][T13538]  ? netlink_autobind+0xd6/0x2f0
[  725.191617][T13538]  ? netlink_autobind+0x2b0/0x2f0
[  725.196670][T13538]  netlink_sendmsg+0x638/0xcb0
[  725.201506][T13538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.206824][T13538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.212128][T13538]  __sock_sendmsg+0x221/0x270
[  725.216831][T13538]  ____sys_sendmsg+0x52a/0x7e0
[  725.221626][T13538]  ? __pfx_____sys_sendmsg+0x10/0x10
[  725.226930][T13538]  ? __fget_files+0x2a/0x410
[  725.231590][T13538]  ? __fget_files+0x2a/0x410
[  725.236262][T13538]  __sys_sendmsg+0x269/0x350
[  725.240871][T13538]  ? __pfx_lock_release+0x10/0x10
[  725.245919][T13538]  ? __pfx___sys_sendmsg+0x10/0x10
[  725.251071][T13538]  ? __pfx_vfs_write+0x10/0x10
[  725.255883][T13538]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  725.262241][T13538]  ? do_syscall_64+0x100/0x230
[  725.267025][T13538]  ? do_syscall_64+0xb6/0x230
[  725.271718][T13538]  do_syscall_64+0xf3/0x230
[  725.276235][T13538]  ? clear_bhb_loop+0x35/0x90
[  725.280921][T13538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.286822][T13538] RIP: 0033:0x7f047af7e819
[  725.291232][T13538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.310840][T13538] RSP: 002b:00007f047bdb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  725.319257][T13538] RAX: ffffffffffffffda RBX: 00007f047b135fa0 RCX: 00007f047af7e819
[  725.327225][T13538] RDX: 0000000004008004 RSI: 0000000020000100 RDI: 0000000000000003
[  725.335195][T13538] RBP: 00007f047bdb9090 R08: 0000000000000000 R09: 0000000000000000
[  725.343166][T13538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.351139][T13538] R13: 0000000000000000 R14: 00007f047b135fa0 R15: 00007ffdc65a63d8
[  725.359120][T13538]  </TASK>
[  725.525698][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  725.626497][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  725.664767][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  725.734353][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  725.773663][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  725.794301][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  725.907760][ T6633] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  726.231666][T13558] tipc: Failed to remove unknown binding: 66,1,1/10398378:896550550/896550552
[  726.252319][T13558] tipc: Failed to remove unknown binding: 66,1,1/10398378:896550550/896550552
[  726.284347][T10379] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  726.392523][ T6631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  726.406296][ T6631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  726.416741][ T6631] bond0 (unregistering): Released all slaves
[  726.455392][T10379] usb 2-1: Using ep0 maxpacket: 32
[  726.472639][T13544] ip6gretap0 speed is unknown, defaulting to 1000
[  726.484986][T10379] usb 2-1: config 0 has an invalid interface number: 237 but max is 0
[  726.493188][T10379] usb 2-1: config 0 has no interface number 0
[  726.508350][ T6614] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  726.514268][T10379] usb 2-1: config 0 interface 237 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  726.563519][T10379] usb 2-1: config 0 interface 237 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  726.602885][T10379] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  726.636791][T10379] usb 2-1: config 0 interface 237 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  726.654819][T10379] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  726.665160][T10379] usb 2-1: config 0 interface 237 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  726.675943][T10379] usb 2-1: config 0 interface 237 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  726.692667][T10379] usb 2-1: New USB device found, idVendor=eb1a, idProduct=2860, bcdDevice=47.b6
[  726.714678][T10379] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.723707][T10379] usb 2-1: Product: syz
[  726.728133][T10379] usb 2-1: Manufacturer: syz
[  726.732800][T10379] usb 2-1: SerialNumber: syz
[  726.757020][T10379] usb 2-1: config 0 descriptor??
[  726.771945][T13541] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  726.781978][T10379] em28xx 2-1:0.237: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  726.962323][T13544] chnl_net:caif_netlink_parms(): no params data found
[  727.094560][T13580] rdma_op ffff8881442dc1f0 conn xmit_rdma 0000000000000000
[  727.827174][T10379] usb 3-1: new full-speed USB device number 54 using dummy_hcd
[  727.945550][   T54] Bluetooth: hci4: command tx timeout
[  727.964313][T10379] usb 3-1: device descriptor read/64, error -71
[  728.764298][   T46] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  728.799140][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2052'.
[  728.802767][   T25] usb 2-1: USB disconnect, device number 39
[  728.820769][ T6631] hsr_slave_0: left promiscuous mode
[  728.840995][T10379] usb 3-1: new full-speed USB device number 55 using dummy_hcd
[  728.849143][ T6631] hsr_slave_1: left promiscuous mode
[  728.858047][ T6631] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  728.866942][ T6631] batman_adv: batadv0: Removing interface: batadv_slave_0
[  728.881577][ T6631] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  728.889268][ T6631] batman_adv: batadv0: Removing interface: batadv_slave_1
[  728.926249][   T46] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  728.940271][   T46] usb 4-1: config 0 has no interface number 0
[  728.942541][ T6631] veth1_macvtap: left promiscuous mode
[  728.946476][   T29] audit: type=1804 audit(1732454752.969:393): pid=13593 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.2052" name="/newroot/464/bus/file0" dev="overlay" ino=2454 res=1 errno=0
[  728.952203][ T6631] veth0_macvtap: left promiscuous mode
[  728.973165][   T46] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  728.985963][ T6631] veth1_vlan: left promiscuous mode
[  728.989677][T10379] usb 3-1: device descriptor read/64, error -71
[  728.999977][T13595] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2053'.
[  729.013959][   T46] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  729.026741][ T6631] veth0_vlan: left promiscuous mode
[  729.028833][   T46] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  729.041842][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.050253][   T46] usb 4-1: Product: syz
[  729.054632][   T46] usb 4-1: Manufacturer: syz
[  729.059254][   T46] usb 4-1: SerialNumber: syz
[  729.075940][   T46] usb 4-1: config 0 descriptor??
[  729.082851][T13583] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  729.091950][   T46] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  729.103199][   T46] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  729.134724][T10379] usb usb3-port1: attempt power cycle
[  729.474693][T10379] usb 3-1: new full-speed USB device number 56 using dummy_hcd
[  729.505817][T10379] usb 3-1: device descriptor read/8, error -71
[  729.580869][ T6631] team0 (unregistering): Port device team_slave_1 removed
[  729.638639][ T6631] team0 (unregistering): Port device team_slave_0 removed
[  729.754510][T10379] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[  729.774910][T10379] usb 3-1: device descriptor read/8, error -71
[  729.893272][T10379] usb usb3-port1: unable to enumerate USB device
[  730.031952][   T54] Bluetooth: hci4: command tx timeout
[  730.311134][T13544] bridge0: port 1(bridge_slave_0) entered blocking state
[  730.320880][T13544] bridge0: port 1(bridge_slave_0) entered disabled state
[  730.332779][T13544] bridge_slave_0: entered allmulticast mode
[  730.341766][T13544] bridge_slave_0: entered promiscuous mode
[  730.359160][T13592] macvlan0: entered promiscuous mode
[  730.367712][T13592] macvlan0: entered allmulticast mode
[  730.376605][T13592] netlink: 31 bytes leftover after parsing attributes in process `syz.0.2052'.
[  730.396799][T10379] usb 4-1: USB disconnect, device number 51
[  730.415432][T10379] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  730.431950][T13544] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.452311][T13544] bridge0: port 2(bridge_slave_1) entered disabled state
[  730.462343][T10379] cyberjack 4-1:0.69: device disconnected
[  730.474349][T13544] bridge_slave_1: entered allmulticast mode
[  730.510488][T13544] bridge_slave_1: entered promiscuous mode
[  730.570823][T13544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  730.595914][T13544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  730.798185][T13544] team0: Port device team_slave_0 added
[  730.852178][T13544] team0: Port device team_slave_1 added
[  730.911750][T13544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  730.935636][T13622] FAULT_INJECTION: forcing a failure.
[  730.935636][T13622] name failslab, interval 1, probability 0, space 0, times 0
[  730.939418][T13544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  730.956316][T13622] CPU: 1 UID: 0 PID: 13622 Comm: syz.1.2060 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  730.985308][T13622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  730.995398][T13622] Call Trace:
[  730.998681][T13622]  <TASK>
[  731.001610][T13622]  dump_stack_lvl+0x241/0x360
[  731.006295][T13622]  ? __pfx_dump_stack_lvl+0x10/0x10
[  731.011488][T13622]  ? __pfx__printk+0x10/0x10
[  731.016092][T13622]  ? fs_reclaim_acquire+0x93/0x130
[  731.021204][T13622]  ? __pfx___might_resched+0x10/0x10
[  731.026502][T13622]  should_fail_ex+0x3b0/0x4e0
[  731.031187][T13622]  should_failslab+0xac/0x100
[  731.035861][T13622]  __kmalloc_node_track_caller_noprof+0xda/0x440
[  731.042187][T13622]  ? smk_import_entry+0x18d/0x610
[  731.047208][T13622]  kstrndup+0x41/0xb0
[  731.051191][T13622]  smk_import_entry+0x18d/0x610
[  731.056050][T13622]  smk_set_cipso+0x2bf/0xbb0
[  731.060727][T13622]  ? __pfx_lock_acquire+0x10/0x10
[  731.065749][T13622]  ? __pfx_smk_set_cipso+0x10/0x10
[  731.070890][T13622]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  731.076801][T13622]  vfs_writev+0x5a9/0xba0
[  731.081142][T13622]  ? __pfx_smk_write_cipso+0x10/0x10
[  731.086425][T13622]  ? __pfx_vfs_writev+0x10/0x10
[  731.091286][T13622]  ? __fget_files+0x2a/0x410
[  731.095879][T13622]  ? __fget_files+0x395/0x410
[  731.100553][T13622]  ? __fget_files+0x2a/0x410
[  731.105150][T13622]  do_writev+0x1b6/0x360
[  731.109397][T13622]  ? __pfx_do_writev+0x10/0x10
[  731.114158][T13622]  ? do_syscall_64+0x100/0x230
[  731.118932][T13622]  ? do_syscall_64+0xb6/0x230
[  731.123614][T13622]  do_syscall_64+0xf3/0x230
[  731.128117][T13622]  ? clear_bhb_loop+0x35/0x90
[  731.132797][T13622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.138699][T13622] RIP: 0033:0x7fa0bf77e819
[  731.143112][T13622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  731.162737][T13622] RSP: 002b:00007fa0c062a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  731.171162][T13622] RAX: ffffffffffffffda RBX: 00007fa0bf935fa0 RCX: 00007fa0bf77e819
[  731.179143][T13622] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000003
[  731.187122][T13622] RBP: 00007fa0c062a090 R08: 0000000000000000 R09: 0000000000000000
[  731.195088][T13622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  731.203052][T13622] R13: 0000000000000000 R14: 00007fa0bf935fa0 R15: 00007ffcec061178
[  731.211037][T13622]  </TASK>
[  731.222037][T13623] netlink: 'syz.2.2057': attribute type 11 has an invalid length.
[  731.230024][T13623] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2057'.
[  731.280983][T13544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  731.307409][T13544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  731.314652][T13544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.341372][T13544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  731.392597][T13544] hsr_slave_0: entered promiscuous mode
[  731.399730][T13544] hsr_slave_1: entered promiscuous mode
[  732.133983][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  732.174629][   T54] Bluetooth: hci4: command tx timeout
[  732.184443][T13544] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  732.326626][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  732.370587][T13544] Cannot create hsr debugfs directory
[  732.891932][T13641] team0: Device veth0_vlan failed to register rx_handler
[  733.000852][T13641] syz.2.2065 (13641) used greatest stack depth: 18480 bytes left
[  733.052911][ T6631] tipc: Resetting bearer <eth:macvlan0>
[  734.184504][   T54] Bluetooth: hci4: command tx timeout
[  734.220266][T13656] FAULT_INJECTION: forcing a failure.
[  734.220266][T13656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  734.227894][T13636] ip6gretap0 speed is unknown, defaulting to 1000
[  734.279616][T13656] CPU: 0 UID: 0 PID: 13656 Comm: syz.1.2069 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  734.290093][T13656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  734.300182][T13656] Call Trace:
[  734.303484][T13656]  <TASK>
[  734.306425][T13656]  dump_stack_lvl+0x241/0x360
[  734.311111][T13656]  ? __pfx_dump_stack_lvl+0x10/0x10
[  734.316312][T13656]  ? __pfx__printk+0x10/0x10
[  734.320912][T13656]  ? __pfx_lock_release+0x10/0x10
[  734.325942][T13656]  should_fail_ex+0x3b0/0x4e0
[  734.330621][T13656]  ? kvm_arch_vcpu_ioctl+0x476/0x2a30
[  734.336006][T13656]  _copy_from_user+0x2f/0xc0
[  734.340595][T13656]  memdup_user+0x64/0xc0
[  734.344841][T13656]  kvm_arch_vcpu_ioctl+0x1bac/0x2a30
[  734.350124][T13656]  ? validate_chain+0x11e/0x5920
[  734.355059][T13656]  ? kvm_arch_vcpu_ioctl+0x476/0x2a30
[  734.360437][T13656]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  734.366070][T13656]  ? __pfx_lock_release+0x10/0x10
[  734.371091][T13656]  ? unwind_next_frame+0x18e6/0x22d0
[  734.376375][T13656]  ? preempt_count_add+0x93/0x190
[  734.381492][T13656]  ? __pfx_validate_chain+0x10/0x10
[  734.386693][T13656]  ? 0xffffffffa000094c
[  734.390849][T13656]  ? is_bpf_text_address+0x285/0x2a0
[  734.396135][T13656]  ? is_bpf_text_address+0x26/0x2a0
[  734.401332][T13656]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  734.407490][T13656]  ? kernel_text_address+0xa7/0xe0
[  734.412604][T13656]  ? __kernel_text_address+0xd/0x40
[  734.417808][T13656]  ? unwind_get_return_address+0x4d/0x90
[  734.423439][T13656]  ? arch_stack_walk+0xfd/0x150
[  734.428298][T13656]  ? stack_trace_save+0x118/0x1d0
[  734.433326][T13656]  ? mark_lock+0x9a/0x360
[  734.437662][T13656]  ? __lock_acquire+0x1397/0x2100
[  734.442683][T13656]  ? tomoyo_path_number_perm+0x679/0x860
[  734.448329][T13656]  ? __mutex_trylock_common+0x183/0x2e0
[  734.453871][T13656]  ? __pfx___might_resched+0x10/0x10
[  734.459160][T13656]  ? __pfx___mutex_trylock_common+0x10/0x10
[  734.465056][T13656]  ? rcu_is_watching+0x15/0xb0
[  734.469815][T13656]  ? trace_contention_end+0x3c/0x120
[  734.475097][T13656]  ? __mutex_lock+0x37f/0xee0
[  734.479774][T13656]  ? kfree+0x1a0/0x440
[  734.483838][T13656]  ? tomoyo_path_number_perm+0x679/0x860
[  734.489465][T13656]  ? kvm_vcpu_ioctl+0x1da/0xea0
[  734.494321][T13656]  ? __pfx___mutex_lock+0x10/0x10
[  734.499344][T13656]  ? tomoyo_path_number_perm+0x6f9/0x860
[  734.504977][T13656]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  734.510956][T13656]  kvm_vcpu_ioctl+0x73e/0xea0
[  734.515645][T13656]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  734.520844][T13656]  ? smack_file_ioctl+0x353/0x3a0
[  734.525869][T13656]  ? __pfx_smack_file_ioctl+0x10/0x10
[  734.531238][T13656]  ? __fget_files+0x2a/0x410
[  734.535829][T13656]  ? __fget_files+0x2a/0x410
[  734.540421][T13656]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  734.545618][T13656]  __se_sys_ioctl+0xf5/0x170
[  734.550217][T13656]  do_syscall_64+0xf3/0x230
[  734.554715][T13656]  ? clear_bhb_loop+0x35/0x90
[  734.559387][T13656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.565282][T13656] RIP: 0033:0x7fa0bf77e819
[  734.569691][T13656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  734.589294][T13656] RSP: 002b:00007fa0c062a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  734.597705][T13656] RAX: ffffffffffffffda RBX: 00007fa0bf935fa0 RCX: 00007fa0bf77e819
[  734.605670][T13656] RDX: 0000000020000080 RSI: 000000004008ae89 RDI: 0000000000000007
[  734.613639][T13656] RBP: 00007fa0c062a090 R08: 0000000000000000 R09: 0000000000000000
[  734.621606][T13656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  734.629581][T13656] R13: 0000000000000000 R14: 00007fa0bf935fa0 R15: 00007ffcec061178
[  734.637566][T13656]  </TASK>
[  734.694860][T13544] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  734.715336][T13544] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  734.877746][T13544] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  734.938060][T13544] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  735.169807][T13668] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  735.262276][T13544] 8021q: adding VLAN 0 to HW filter on device bond0
[  735.308040][T13544] 8021q: adding VLAN 0 to HW filter on device team0
[  735.320440][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.327592][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  735.365751][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.372911][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.076804][    T8] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  736.092531][T13544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  736.105424][T13544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  736.319122][T13679] rdma_op ffff888060b9f1f0 conn xmit_rdma 0000000000000000
[  736.951219][T13681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.964604][   T29] audit: type=1326 audit(1732454761.009:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.048213][T13681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  737.060529][   T29] audit: type=1326 audit(1732454761.009:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.131581][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[  737.140508][    T8] usb 3-1: unable to read config index 0 descriptor/start: -71
[  737.148133][T13544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  737.157318][    T8] usb 3-1: can't read configurations, error -71
[  737.186638][   T29] audit: type=1326 audit(1732454761.009:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.246879][   T29] audit: type=1326 audit(1732454761.009:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.332991][   T29] audit: type=1326 audit(1732454761.009:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.355733][   T29] audit: type=1326 audit(1732454761.009:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.377466][   T29] audit: type=1326 audit(1732454761.009:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.399620][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  737.408434][   T29] audit: type=1326 audit(1732454761.009:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.432775][   T29] audit: type=1326 audit(1732454761.009:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.459273][   T29] audit: type=1326 audit(1732454761.009:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13680 comm="syz.1.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0bf77e819 code=0x7ffc0000
[  737.485435][ T5936] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  737.519654][T13544] veth0_vlan: entered promiscuous mode
[  737.531303][T13544] veth1_vlan: entered promiscuous mode
[  737.557543][T13544] veth0_macvtap: entered promiscuous mode
[  737.567621][T13544] veth1_macvtap: entered promiscuous mode
[  737.580901][T13544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  737.595345][T13544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  737.606030][T13544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  737.617040][T13544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  737.627945][T13544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  737.647007][ T5936] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  737.654093][T13544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  737.666088][ T5936] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x2 has an invalid bInterval 109, changing to 10
[  737.668809][T13544] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  737.688631][T13544] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  737.700402][T13544] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  737.708763][ T5936] usb 2-1: config 1 interface 0 has no altsetting 0
[  737.710908][T13544] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  737.745318][ T5936] usb 2-1: New USB device found, idVendor=056a, idProduct=0335, bcdDevice= 0.40
[  737.783338][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.803618][ T5936] usb 2-1: Product: syz
[  737.811227][ T5936] usb 2-1: Manufacturer: 蕁櫭逻➒䢞鞴僂导迯鿷侟䛐」嶉耉套䜘灘㍷凃鈸욪瀐㵢撑郟㽿Ꮽ觟䇸雳贚鮵问ሙ죈瘇勞῍﷿⍏♿晴ᦳ뾇粂ᨾ謨⟂淋鏹涣鄒ꙮ﨓毚⛭㬾귚ꭡȀ屙䈱秔顂ㅂ둽ۢ죢ᙷ
[  737.836766][ T5936] usb 2-1: SerialNumber: syz
[  737.883915][ T6631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.750966][ T6629] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  738.759912][ T6625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.826415][ T6631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  738.844576][ T6625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  740.130752][T13717] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2085'.
[  740.159352][ T5936] usbhid 2-1:1.0: can't add hid device: -71
[  740.172355][ T5936] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  740.183909][ T5936] usb 2-1: USB disconnect, device number 40
[  740.420440][T13723] input: syz0 as /devices/virtual/input/input21
[  740.542259][T13727] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2088'.
[  740.840653][T13736] rdma_op ffff8880345421f0 conn xmit_rdma 0000000000000000
[  741.520118][T13689] Process accounting paused
[  741.761343][T13747] rdma_op ffff88801dfde1f0 conn xmit_rdma 0000000000000000
[  743.147721][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  743.860208][T13771] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2104'.
[  743.945672][T13773] sg_write: data in/out 246879826/42 bytes for SCSI command 0xeb-- guessing data in;
[  743.945672][T13773]    program syz.0.2101 not setting count and/or reply_len properly
[  744.138760][ T6625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.428594][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  744.603049][ T6625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.701014][ T6625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.760544][ T6625] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.833180][ T6625] bridge_slave_1: left allmulticast mode
[  744.839932][ T6625] bridge_slave_1: left promiscuous mode
[  744.845663][ T6625] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.858166][ T6625] bridge_slave_0: left allmulticast mode
[  744.863822][ T6625] bridge_slave_0: left promiscuous mode
[  744.869888][ T6625] bridge0: port 1(bridge_slave_0) entered disabled state
[  745.233689][ T6625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  745.244120][ T6625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  745.254432][ T6625] bond0 (unregistering): Released all slaves
[  745.533637][ T6625] hsr_slave_0: left promiscuous mode
[  745.540704][ T6625] hsr_slave_1: left promiscuous mode
[  745.547743][ T6625] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.555411][ T6625] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.563114][ T6625] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.570609][ T6625] batman_adv: batadv0: Removing interface: batadv_slave_1
[  745.592010][ T6625] veth1_macvtap: left promiscuous mode
[  745.597598][ T6625] veth0_macvtap: left promiscuous mode
[  745.603137][ T6625] veth1_vlan: left promiscuous mode
[  745.608543][ T6625] veth0_vlan: left promiscuous mode
[  746.041213][ T6625] team0 (unregistering): Port device team_slave_1 removed
[  746.088173][ T6625] team0 (unregistering): Port device team_slave_0 removed
[  746.318814][   T29] kauditd_printk_skb: 13 callbacks suppressed
[  746.318834][   T29] audit: type=1326 audit(1732454770.339:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.351547][   T29] audit: type=1326 audit(1732454770.339:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.378874][   T29] audit: type=1326 audit(1732454770.339:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.522226][   T29] audit: type=1326 audit(1732454770.339:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.544430][   T29] audit: type=1326 audit(1732454770.339:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.566469][   T29] audit: type=1326 audit(1732454770.339:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.588190][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.600047][   T29] audit: type=1326 audit(1732454770.339:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.621614][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.628257][   T29] audit: type=1326 audit(1732454770.339:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.649976][   T29] audit: type=1326 audit(1732454770.339:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.663936][T11380] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  746.671427][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.684924][   T29] audit: type=1326 audit(1732454770.339:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122bb7e819 code=0x7ffc0000
[  746.690944][T11380] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  746.706468][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.726289][T11380] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  746.737519][T11380] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  746.753189][T11380] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  746.764399][T11380] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  746.994816][T13780] vcan0: Master is either lo or non-ether device
[  747.055933][T13789] ip6gretap0 speed is unknown, defaulting to 1000
[  747.222889][T13803] syz.3.2113 (13803): /proc/13803/oom_adj is deprecated, please use /proc/13803/oom_score_adj instead.
[  747.644962][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  747.651411][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  747.789881][T13789] chnl_net:caif_netlink_parms(): no params data found
[  748.055896][T13812] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  748.153410][T13789] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.179694][T13789] bridge0: port 1(bridge_slave_0) entered disabled state
[  748.214437][T13789] bridge_slave_0: entered allmulticast mode
[  748.221571][T13789] bridge_slave_0: entered promiscuous mode
[  748.273080][T13789] bridge0: port 2(bridge_slave_1) entered blocking state
[  748.286820][T13824] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2117'.
[  748.308945][T13789] bridge0: port 2(bridge_slave_1) entered disabled state
[  748.329035][T13789] bridge_slave_1: entered allmulticast mode
[  748.340568][T13789] bridge_slave_1: entered promiscuous mode
[  748.397972][T13789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  748.421163][T13789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  748.531322][T13789] team0: Port device team_slave_0 added
[  748.549796][T13789] team0: Port device team_slave_1 added
[  748.645083][T13789] batman_adv: batadv0: Adding interface: batadv_slave_0
[  748.691843][T13789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  748.824655][   T54] Bluetooth: hci4: command tx timeout
[  748.856725][T13789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  748.882991][T13789] batman_adv: batadv0: Adding interface: batadv_slave_1
[  748.905201][ T6625] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  748.976483][T13850] rdma_op ffff88807e5a31f0 conn xmit_rdma 0000000000000000
[  748.991634][T13789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  749.303183][T13789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  749.809145][T13789] hsr_slave_0: entered promiscuous mode
[  749.829371][T13789] hsr_slave_1: entered promiscuous mode
[  749.887440][T13789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  749.899966][T13789] Cannot create hsr debugfs directory
[  750.186252][ T6631] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  750.267589][T13859] ip6gretap0 speed is unknown, defaulting to 1000
[  750.911652][   T54] Bluetooth: hci4: command tx timeout
[  751.826704][T13874] FAULT_INJECTION: forcing a failure.
[  751.826704][T13874] name failslab, interval 1, probability 0, space 0, times 0
[  751.839534][T13874] CPU: 0 UID: 0 PID: 13874 Comm: syz.3.2131 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  751.849946][T13874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  751.860020][T13874] Call Trace:
[  751.863291][T13874]  <TASK>
[  751.866215][T13874]  dump_stack_lvl+0x241/0x360
[  751.870889][T13874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  751.876079][T13874]  ? __pfx__printk+0x10/0x10
[  751.880670][T13874]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  751.886223][T13874]  ? __pfx___might_resched+0x10/0x10
[  751.891509][T13874]  should_fail_ex+0x3b0/0x4e0
[  751.896192][T13874]  ? getname_flags+0xb7/0x540
[  751.900867][T13874]  should_failslab+0xac/0x100
[  751.905541][T13874]  ? getname_flags+0xb7/0x540
[  751.910218][T13874]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  751.915599][T13874]  getname_flags+0xb7/0x540
[  751.920093][T13874]  ? do_syscall_64+0x100/0x230
[  751.924853][T13874]  __x64_sys_renameat2+0xba/0xe0
[  751.929782][T13874]  do_syscall_64+0xf3/0x230
[  751.934280][T13874]  ? clear_bhb_loop+0x35/0x90
[  751.938947][T13874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.944844][T13874] RIP: 0033:0x7f122bb7e819
[  751.949253][T13874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  751.968867][T13874] RSP: 002b:00007f122c8de038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  751.977282][T13874] RAX: ffffffffffffffda RBX: 00007f122bd35fa0 RCX: 00007f122bb7e819
[  751.985247][T13874] RDX: ffffffffffffff9c RSI: 0000000020000480 RDI: ffffffffffffff9c
[  751.993205][T13874] RBP: 00007f122c8de090 R08: 0000000000000000 R09: 0000000000000000
[  752.001195][T13874] R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000001
[  752.009181][T13874] R13: 0000000000000000 R14: 00007f122bd35fa0 R15: 00007ffc66bf5728
[  752.017165][T13874]  </TASK>
[  752.319717][ T5892] libceph: connect (1)[c::]:6789 error -101
[  752.324462][   T25] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  752.327424][ T5892] libceph: mon0 (1)[c::]:6789 connect error
[  752.386477][T10379] libceph: connect (1)[c::]:6789 error -101
[  752.392549][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  752.493627][T13789] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  752.585715][T13789] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  752.618369][ T5892] libceph: connect (1)[c::]:6789 error -101
[  752.624234][ T5892] libceph: mon0 (1)[c::]:6789 connect error
[  752.657939][ T5888] libceph: connect (1)[c::]:6789 error -101
[  752.659225][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  752.706189][T13789] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  752.801061][T13789] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  753.045378][   T54] Bluetooth: hci4: command tx timeout
[  753.167717][ T5892] libceph: connect (1)[c::]:6789 error -101
[  753.175904][ T5892] libceph: mon0 (1)[c::]:6789 connect error
[  753.209075][T13885] ceph: No mds server is up or the cluster is laggy
[  753.209307][T13889] ceph: No mds server is up or the cluster is laggy
[  753.233140][ T5888] libceph: connect (1)[c::]:6789 error -101
[  753.257759][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  753.559301][T10379] libceph: connect (1)[c::]:6789 error -101
[  753.565399][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  753.608087][    T8] libceph: connect (1)[c::]:6789 error -101
[  753.616536][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  753.730850][T13789] 8021q: adding VLAN 0 to HW filter on device bond0
[  753.884583][T10379] libceph: connect (1)[c::]:6789 error -101
[  753.884785][    T8] libceph: connect (1)[c::]:6789 error -101
[  753.890629][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  753.905233][T13912] FAULT_INJECTION: forcing a failure.
[  753.905233][T13912] name failslab, interval 1, probability 0, space 0, times 0
[  754.127844][T13912] CPU: 0 UID: 0 PID: 13912 Comm: syz.3.2137 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  754.138305][T13912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  754.148884][T13912] Call Trace:
[  754.152244][T13912]  <TASK>
[  754.155192][T13912]  dump_stack_lvl+0x241/0x360
[  754.159889][T13912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  754.165096][T13912]  ? __pfx__printk+0x10/0x10
[  754.169717][T13912]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  754.175189][T13912]  ? __pfx___might_resched+0x10/0x10
[  754.180484][T13912]  should_fail_ex+0x3b0/0x4e0
[  754.185257][T13912]  should_failslab+0xac/0x100
[  754.189939][T13912]  ? ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  754.195321][T13912]  __kmalloc_cache_noprof+0x6c/0x2c0
[  754.200621][T13912]  ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  754.205838][T13912]  genl_rcv_msg+0xb14/0xec0
[  754.210355][T13912]  ? __pfx_genl_rcv_msg+0x10/0x10
[  754.215404][T13912]  ? __pfx_lock_acquire+0x10/0x10
[  754.220428][T13912]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  754.226155][T13912]  ? __pfx___might_resched+0x10/0x10
[  754.231451][T13912]  netlink_rcv_skb+0x1e3/0x430
[  754.236217][T13912]  ? __pfx_genl_rcv_msg+0x10/0x10
[  754.241244][T13912]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  754.246731][T13912]  genl_rcv+0x28/0x40
[  754.250721][T13912]  netlink_unicast+0x7f6/0x990
[  754.255502][T13912]  ? __pfx_netlink_unicast+0x10/0x10
[  754.260784][T13912]  ? __virt_addr_valid+0x183/0x530
[  754.265899][T13912]  ? __check_object_size+0x48e/0x900
[  754.271189][T13912]  netlink_sendmsg+0x8e4/0xcb0
[  754.276222][T13912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  754.281518][T13912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  754.286799][T13912]  __sock_sendmsg+0x221/0x270
[  754.291482][T13912]  ____sys_sendmsg+0x52a/0x7e0
[  754.296259][T13912]  ? __pfx_____sys_sendmsg+0x10/0x10
[  754.301547][T13912]  ? __fget_files+0x2a/0x410
[  754.306140][T13912]  ? __fget_files+0x2a/0x410
[  754.310744][T13912]  __sys_sendmsg+0x269/0x350
[  754.315351][T13912]  ? __pfx_lock_release+0x10/0x10
[  754.320377][T13912]  ? __pfx___sys_sendmsg+0x10/0x10
[  754.325507][T13912]  ? __pfx_vfs_write+0x10/0x10
[  754.330299][T13912]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  754.336629][T13912]  ? do_syscall_64+0x100/0x230
[  754.341397][T13912]  ? do_syscall_64+0xb6/0x230
[  754.346073][T13912]  do_syscall_64+0xf3/0x230
[  754.350577][T13912]  ? clear_bhb_loop+0x35/0x90
[  754.355341][T13912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.361237][T13912] RIP: 0033:0x7f122bb7e819
[  754.365652][T13912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  754.385351][T13912] RSP: 002b:00007f122c8bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  754.393764][T13912] RAX: ffffffffffffffda RBX: 00007f122bd36080 RCX: 00007f122bb7e819
[  754.401739][T13912] RDX: 0000000004004880 RSI: 0000000020000100 RDI: 0000000000000003
[  754.409726][T13912] RBP: 00007f122c8bd090 R08: 0000000000000000 R09: 0000000000000000
[  754.417710][T13912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  754.425701][T13912] R13: 0000000000000001 R14: 00007f122bd36080 R15: 00007ffc66bf5728
[  754.433715][T13912]  </TASK>
[  754.436849][    C0] vkms_vblank_simulate: vblank timer overrun
[  754.629423][T10379] libceph: connect (1)[c::]:6789 error -101
[  754.635593][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  754.640190][T13789] 8021q: adding VLAN 0 to HW filter on device team0
[  754.648407][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  754.664766][ T6633] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  754.673180][ T6625] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.680296][ T6625] bridge0: port 1(bridge_slave_0) entered forwarding state
[  754.691238][ T6625] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.698342][ T6625] bridge0: port 2(bridge_slave_1) entered forwarding state
[  754.739110][T13789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  754.804735][T13789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  754.926216][T13899] ceph: No mds server is up or the cluster is laggy
[  754.967467][T13898] ceph: No mds server is up or the cluster is laggy
[  755.144447][   T54] Bluetooth: hci4: command tx timeout
[  755.280705][T13789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  755.469196][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  755.469215][   T29] audit: type=1326 audit(1732454779.509:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13937 comm="syz.2.2144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f047af7e819 code=0x0
[  755.496776][    C0] vkms_vblank_simulate: vblank timer overrun
[  755.736365][   T25] libceph: connect (1)[c::]:6789 error -101
[  755.742620][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  755.772765][T13789] veth0_vlan: entered promiscuous mode
[  755.782955][T13789] veth1_vlan: entered promiscuous mode
[  755.802216][ T5888] libceph: connect (1)[c::]:6789 error -101
[  755.808683][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  755.839063][T13789] veth0_macvtap: entered promiscuous mode
[  755.857074][T13789] veth1_macvtap: entered promiscuous mode
[  755.873841][T13789] batman_adv: batadv0: Interface activated: batadv_slave_0
[  755.891750][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.903804][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.932357][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.958838][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  755.966656][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  756.019112][T10379] libceph: connect (1)[c::]:6789 error -101
[  756.035551][T13789] batman_adv: batadv0: Interface activated: batadv_slave_1
[  756.049360][T10379] libceph: mon0 (1)[c::]:6789 connect error
[  756.253467][ T5888] libceph: connect (1)[c::]:6789 error -101
[  756.275225][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  757.034502][T13789] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  757.106240][T13789] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  757.168084][T13789] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  757.177139][T13789] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  757.202346][T13952] ceph: No mds server is up or the cluster is laggy
[  757.216781][T13956] ceph: No mds server is up or the cluster is laggy
[  757.411452][T13970] team0: left allmulticast mode
[  757.528725][T13970] team_slave_0: left allmulticast mode
[  757.584658][T13970] team_slave_1: left allmulticast mode
[  757.608345][T13970] team0: left promiscuous mode
[  757.650777][T13970] team_slave_0: left promiscuous mode
[  757.665038][T13970] team_slave_1: left promiscuous mode
[  757.675177][T13970] bridge0: port 3(team0) entered disabled state
[  759.516809][T13970] bond0: (slave batadv0): Releasing backup interface
[  759.557057][T13970] batadv0: left promiscuous mode
[  759.583913][T13970] bridge_slave_0: left allmulticast mode
[  759.604318][T13970] bridge_slave_0: left promiscuous mode
[  759.614060][T13970] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.763137][T13970] bridge_slave_1: left allmulticast mode
[  759.779050][T13970] bridge_slave_1: left promiscuous mode
[  759.786491][ T6625] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  759.804897][T13970] bridge0: port 2(bridge_slave_1) entered disabled state
[  760.195790][T13970] bond0: (slave bond_slave_0): Releasing backup interface
[  760.203441][T13970] bond_slave_0: left promiscuous mode
[  760.215317][T13970] bond0: (slave bond_slave_1): Releasing backup interface
[  760.223328][T13970] bond_slave_1: left promiscuous mode
[  760.242589][T13970] team0: Port device team_slave_0 removed
[  760.256232][T13970] team0: Port device team_slave_1 removed
[  760.262510][T13970] batman_adv: batadv0: Removing interface: batadv_slave_0
[  760.271222][T13970] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  760.279106][T13970] batman_adv: batadv0: Removing interface: batadv_slave_1
[  760.289819][T13970] tipc: Resetting bearer <eth:macvlan0>
[  760.898464][ T3507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  761.054472][ T3507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  761.066714][ T6633] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  761.344431][ T6625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  761.352379][ T6625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  761.702727][ T6631] team0: left promiscuous mode
[  761.729977][ T6631] team_slave_0: left promiscuous mode
[  761.749157][ T6631] team_slave_1: left promiscuous mode
[  761.761569][ T6631] bridge0: port 3(team0) entered disabled state
[  761.780796][ T6631] bridge_slave_0: left promiscuous mode
[  761.786960][ T6631] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.585947][T11380] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  762.642189][T11380] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  762.661746][T11380] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  762.684093][T11380] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  762.692203][T11380] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  762.699789][T11380] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  762.991175][ T6631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  763.000113][ T6631] bond_slave_0: left promiscuous mode
[  763.007398][ T6631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  763.016428][ T6631] bond_slave_1: left promiscuous mode
[  763.022366][ T6631] bond0 (unregistering): Released all slaves
[  763.032061][ T6631] bond1 (unregistering): Released all slaves
[  763.054679][T14010] ip6gretap0 speed is unknown, defaulting to 1000
[  763.100855][ T6631] X�: left promiscuous mode
[  763.183238][T14010] chnl_net:caif_netlink_parms(): no params data found
[  763.209112][ T6631] ------------[ cut here ]------------
[  763.215090][ T6631] WARNING: CPU: 1 PID: 6631 at net/l2tp/l2tp_core.c:1881 l2tp_exit_net+0x165/0x170
[  763.225084][ T6631] Modules linked in:
[  763.229562][ T6631] CPU: 1 UID: 0 PID: 6631 Comm: kworker/u8:24 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  763.240431][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  763.250889][ T6631] Workqueue: netns cleanup_net
[  763.256495][ T6631] RIP: 0010:l2tp_exit_net+0x165/0x170
[  763.261961][ T6631] Code: 0f 0b 90 e9 3b ff ff ff e8 18 40 b0 f6 eb 05 e8 11 40 b0 f6 90 0f 0b 90 e9 7a ff ff ff e8 03 40 b0 f6 eb 05 e8 fc 3f b0 f6 90 <0f> 0b 90 eb b5 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90
[  763.282107][ T6631] RSP: 0018:ffffc9001b0c7a98 EFLAGS: 00010293
[  763.288300][ T6631] RAX: ffffffff8ae59fbd RBX: ffff88806283a888 RCX: ffff8880362f3c00
[  763.296445][ T6631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  763.305007][ T6631] RBP: ffffc9001b0c7bb0 R08: ffffffff8bb74686 R09: 1ffffffff203846e
[  763.313005][ T6631] R10: dffffc0000000000 R11: fffffbfff203846f R12: dffffc0000000000
[  763.321102][ T6631] R13: 1ffffffff1fda388 R14: ffff88806283a930 R15: ffff88806283a840
[  763.329259][ T6631] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  763.338388][ T6631] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  763.345070][ T6631] CR2: 00007ff85331e440 CR3: 000000000e738000 CR4: 00000000003526f0
[  763.353160][ T6631] DR0: fffffffffffffffc DR1: 00000000000000fc DR2: 0000000000000002
[  763.361195][ T6631] DR3: 000000000000023f DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  763.369228][ T6631] Call Trace:
[  763.372506][ T6631]  <TASK>
[  763.375518][ T6631]  ? __warn+0x168/0x4e0
[  763.379723][ T6631]  ? l2tp_exit_net+0x165/0x170
[  763.384585][ T6631]  ? report_bug+0x2b3/0x500
[  763.389119][ T6631]  ? l2tp_exit_net+0x165/0x170
[  763.393909][ T6631]  ? handle_bug+0x60/0x90
[  763.398272][ T6631]  ? exc_invalid_op+0x1a/0x50
[  763.402942][ T6631]  ? asm_exc_invalid_op+0x1a/0x20
[  763.408043][ T6631]  ? idr_destroy+0x56/0x290
[  763.412565][ T6631]  ? l2tp_exit_net+0x15d/0x170
[  763.417351][ T6631]  ? l2tp_exit_net+0x165/0x170
[  763.422113][ T6631]  ? l2tp_exit_net+0x15d/0x170
[  763.426954][ T6631]  cleanup_net+0x802/0xcc0
[  763.431471][ T6631]  ? __pfx_cleanup_net+0x10/0x10
[  763.436575][ T6631]  ? process_scheduled_works+0x976/0x1850
[  763.442313][ T6631]  process_scheduled_works+0xa63/0x1850
[  763.447979][ T6631]  ? __pfx_process_scheduled_works+0x10/0x10
[  763.453982][ T6631]  ? assign_work+0x364/0x3d0
[  763.458601][ T6631]  worker_thread+0x870/0xd30
[  763.463186][ T6631]  ? __kthread_parkme+0x169/0x1d0
[  763.468350][ T6631]  ? __pfx_worker_thread+0x10/0x10
[  763.473496][ T6631]  kthread+0x2f0/0x390
[  763.477614][ T6631]  ? __pfx_worker_thread+0x10/0x10
[  763.482720][ T6631]  ? __pfx_kthread+0x10/0x10
[  763.487391][ T6631]  ret_from_fork+0x4b/0x80
[  763.491821][ T6631]  ? __pfx_kthread+0x10/0x10
[  763.496457][ T6631]  ret_from_fork_asm+0x1a/0x30
[  763.501260][ T6631]  </TASK>
[  763.504355][ T6631] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  763.511641][ T6631] CPU: 1 UID: 0 PID: 6631 Comm: kworker/u8:24 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  763.522217][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  763.532274][ T6631] Workqueue: netns cleanup_net
[  763.537059][ T6631] Call Trace:
[  763.540354][ T6631]  <TASK>
[  763.543321][ T6631]  dump_stack_lvl+0x241/0x360
[  763.548016][ T6631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  763.553233][ T6631]  ? __pfx__printk+0x10/0x10
[  763.557839][ T6631]  ? _printk+0xd5/0x120
[  763.562006][ T6631]  ? __init_begin+0x41000/0x41000
[  763.567036][ T6631]  ? vscnprintf+0x5d/0x90
[  763.571375][ T6631]  panic+0x349/0x880
[  763.575278][ T6631]  ? __warn+0x177/0x4e0
[  763.579443][ T6631]  ? __pfx_panic+0x10/0x10
[  763.583854][ T6631]  ? show_trace_log_lvl+0x3b2/0x410
[  763.589061][ T6631]  ? ret_from_fork_asm+0x1a/0x30
[  763.594006][ T6631]  __warn+0x34b/0x4e0
[  763.597991][ T6631]  ? l2tp_exit_net+0x165/0x170
[  763.602758][ T6631]  report_bug+0x2b3/0x500
[  763.607285][ T6631]  ? l2tp_exit_net+0x165/0x170
[  763.612072][ T6631]  handle_bug+0x60/0x90
[  763.616319][ T6631]  exc_invalid_op+0x1a/0x50
[  763.620841][ T6631]  asm_exc_invalid_op+0x1a/0x20
[  763.625779][ T6631] RIP: 0010:l2tp_exit_net+0x165/0x170
[  763.631242][ T6631] Code: 0f 0b 90 e9 3b ff ff ff e8 18 40 b0 f6 eb 05 e8 11 40 b0 f6 90 0f 0b 90 e9 7a ff ff ff e8 03 40 b0 f6 eb 05 e8 fc 3f b0 f6 90 <0f> 0b 90 eb b5 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90
[  763.650858][ T6631] RSP: 0018:ffffc9001b0c7a98 EFLAGS: 00010293
[  763.656970][ T6631] RAX: ffffffff8ae59fbd RBX: ffff88806283a888 RCX: ffff8880362f3c00
[  763.664956][ T6631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  763.673031][ T6631] RBP: ffffc9001b0c7bb0 R08: ffffffff8bb74686 R09: 1ffffffff203846e
[  763.681102][ T6631] R10: dffffc0000000000 R11: fffffbfff203846f R12: dffffc0000000000
[  763.689161][ T6631] R13: 1ffffffff1fda388 R14: ffff88806283a930 R15: ffff88806283a840
[  763.697224][ T6631]  ? idr_destroy+0x56/0x290
[  763.701738][ T6631]  ? l2tp_exit_net+0x15d/0x170
[  763.706512][ T6631]  ? l2tp_exit_net+0x15d/0x170
[  763.711335][ T6631]  cleanup_net+0x802/0xcc0
[  763.715762][ T6631]  ? __pfx_cleanup_net+0x10/0x10
[  763.720802][ T6631]  ? process_scheduled_works+0x976/0x1850
[  763.726559][ T6631]  process_scheduled_works+0xa63/0x1850
[  763.732231][ T6631]  ? __pfx_process_scheduled_works+0x10/0x10
[  763.738238][ T6631]  ? assign_work+0x364/0x3d0
[  763.742844][ T6631]  worker_thread+0x870/0xd30
[  763.747539][ T6631]  ? __kthread_parkme+0x169/0x1d0
[  763.752748][ T6631]  ? __pfx_worker_thread+0x10/0x10
[  763.758340][ T6631]  kthread+0x2f0/0x390
[  763.762430][ T6631]  ? __pfx_worker_thread+0x10/0x10
[  763.767538][ T6631]  ? __pfx_kthread+0x10/0x10
[  763.772310][ T6631]  ret_from_fork+0x4b/0x80
[  763.776725][ T6631]  ? __pfx_kthread+0x10/0x10
[  763.781311][ T6631]  ret_from_fork_asm+0x1a/0x30
[  763.786085][ T6631]  </TASK>
[  763.789440][ T6631] Kernel Offset: disabled
[  763.793832][ T6631] Rebooting in 86400 seconds..