last executing test programs:

23.394817321s ago: executing program 0 (id=101):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000ddc0)={0x2020}, 0x2020)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
unshare(0x26000400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18380000000000000000000001000000b7080000000000007b8af8ff00000000b508000000000000638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYRES32, @ANYBLOB="0000000002000000b703000008000000850000006900000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
writev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)='\t', 0x1}], 0x1)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x8001)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x101, 0x242, 0xc, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x529432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x3ff, 0x401, 0x6, 0x5, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x8, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0xfffffbff, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x5, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x8000, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x800001, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

19.921084161s ago: executing program 0 (id=109):
syz_usb_connect(0x2, 0x2d, &(0x7f0000001580)={{0x12, 0x1, 0x0, 0x2, 0x2f, 0xb0, 0x40, 0x4d8, 0xfd08, 0x59b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x8, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb1, 0x9, 0x1, 0xa, 0x5f, 0x92, 0x40, [], [{{0x9, 0x5, 0x30932787f67e0187, 0x2, 0x40, 0x2, 0x5}}]}}]}}]}}, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01000f2ad2c6748973fe1c0000001c00000003000000014dda000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0xff, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xf, 0x31, 0xffffffffffffffff, 0x0)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
process_madvise(r1, 0xffffffffffffffff, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
rt_sigprocmask(0x0, &(0x7f0000001480)={[0xffffffffffffffff]}, 0x0, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000b71000/0x3000)=nil, 0x3000, 0x1000008, 0x100010, r1, 0x0)
mmap$IORING_OFF_SQES(&(0x7f00006b8000/0x4000)=nil, 0x4000, 0x1, 0x10, r1, 0x10000000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)

17.004038506s ago: executing program 0 (id=120):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xf5ff, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x109}], {0x14}}, 0x3c}}, 0x0)

16.351989076s ago: executing program 0 (id=122):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x20000000000, 0x400c00)
keyctl$restrict_keyring(0xb, 0xfffffffffffffffc, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x58)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000180)={0x0, @aes128})
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x900000, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000540)='./file0/file0\x00', 0x89901)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f00000001c0)='\xab\xfa*\xcc\x83\xcem\xcb\xe3I\x7fc\xcf\xa5\xed\x02\x00\x00\x00')
r2 = accept4(r1, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000240)='./file0/../file0\x00', &(0x7f00000002c0), &(0x7f0000000300)='./file0/../file0\x00', 0x11, 0x1)
poll(&(0x7f00000000c0)=[{r2}], 0x1, 0x70)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@mpls_delroute={0x30, 0x19, 0x400, 0x70bd2d, 0x25dfdbff, {0x1c, 0x80, 0x10, 0x5, 0xfc, 0x3, 0xc8, 0x3, 0xb00}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0xf8}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x9, 0x4a, r3}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
ioctl$I2C_RETRIES(r0, 0x701, 0xffffffffffffff9f)

15.804938126s ago: executing program 0 (id=126):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x18c9f, &(0x7f0000000100)=ANY=[@ANYBLOB="666c7573682c756e695f786c6174653d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c756e695f786c6174653d312c71756965742c00aaed2e6322e12ca43d55f4e47d9fb6f319fab9c81cd7b9b508d5df5619dad30ed85701f46d5bb2b85a6aecd28cb992054878a859b15b1598ee0b05192ff4df579d2dd32fb9a6a092bb22740cfe0636a3d8ff4e975e21fc6d6e2d6ece2beac2098361fe652ea69917e6d47463ceb0b35bc7a2f8799debe5e7b6e82c84ab25d06157c08f006d90e62a8026a845835dbf4ac25eec51c3ec73c82014eee15eaaa123084415546ca2e37c23d441b343cec1f74e52bc1f21eb18053a9b98d3a304fba3751bd0121940bc9d276f1e5352b9f4e674bb80ffeaaff6843ef1c8a7a7e0d592893a77ae91e025a35840e7ff4fdb3571d1986ed6f5a23d9ee6bf1cec94fb17af0627c04bf47586ce288a466c039a1ead7fd99feacc51d93da2e67f46a0b86b45e5d7cb4aff47b9c1c539a764f5cc12201ed2135caf31a64334d88ef69d84ab7f052b5bce5d6329bf9790177161"], 0xf5, 0x30a, &(0x7f0000000480)="$eJzs3c9rE00YwPEnaZM07du3Pb28iMJQQRTp0hS8ebBIC2JAaRvBCsLWbjVkm5RsKETE9iB49eyhB48iiODNi4jXXvwL/HXrpTcLFkc2+6NpsmxjpbWt38+hme48z+zszmybTpPN+sUnC6V5x/iuu6WFXvYLK3Lu/eqnU1Pv/vG+V2pibDo3qlRSRG49eDH0ttZ34/W/bzKyNnh7fWP069rJaZEf0/ckqYqOKmuttZqtVGoJN3mu6JQMpa7blulYqlh2rGpNmY16c9a21LxdWVysK7M819+7WLUcR5nluipZdVWrqFq1rsy7ZrGsDMNQ/b2tff47DYalZFtdIi6x8HxTa9lwByizIlrriOiVoJDyHzO/11kcJi3jHxvbNjm69rNnOAibujsc//Qu44/jx7v+Pz/t5PrH8TN1c+bqWD4/PqlUj8jC46XCUsF79Oo/9klRbLFkdfL8zJa4c8QnCffrxJX8+IhqGJQzC8t+/vJSwfvlMDbv5+dkwH2e0pQvQX7Oy1c781PS25QfPOmIyh8N8iXZlJ+Ws6eb9m/IgHy4IxWxZa7Rznb+w5xSl6/lW/afbcQBAAAAAAAAAHAUGSq0vX6fCP/VmzWMTOMVH2F91t3sxnkB4fr6iAzIVvT6/Ejk+n63nGh7yQkAAAAAANgPTv1+ybRtq/rrBekgputZNmYXKRFxCyKPhtzOxDb4n9/jliq3jYistIi0t9PVSZ/9QvaCt7+Xk37HZK8nah8LSRFp3uK9WcM9ePtVEJONOj9OMn4CNOoS4TkcTrefedO2ew70kJuPVLTWkcHSs7eJnYk8wE4Kia1gy/+RMTphp3ZrR5tBTHBh7rb3S9GXQ3whnAnu6Hsj2Hqihr947doxPzS+hUt8AAAAAI6Qpj+cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAH7KnO7EF9+3fWSX+R8S335Kt9XPiue8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEPoZwAAAP//k0Cqiw==")
socket$netlink(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x2e)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x20020, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50)

15.203958843s ago: executing program 0 (id=130):
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48)

13.790697835s ago: executing program 32 (id=130):
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48)

6.947632538s ago: executing program 3 (id=161):
socket$inet6(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

6.180660052s ago: executing program 3 (id=164):
openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x702, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x16, 0x701, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xc4}, 0x854)

5.32862146s ago: executing program 2 (id=168):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000080)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xe, r1, 0x1, 0x0, 0x6, @random="d5625f5145bb"}, 0x14)

5.311367019s ago: executing program 3 (id=169):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x401, @local, 0xb}, 0x1c)
listen(r0, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000740)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x1c, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x7, "9285737b27"}]}}}}}}}}, 0x0)

5.080341499s ago: executing program 1 (id=170):
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x30, 0x10, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x69803}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0xfffffd57}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400070200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

4.738314808s ago: executing program 4 (id=171):
getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x64, 0x0, &(0x7f0000000100))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newlink={0x3c, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4801, 0x15319}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

4.674187876s ago: executing program 2 (id=172):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f00000005c0)=@assoc_value, &(0x7f0000000580)=0x8)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x4, 0x8, 0x4, 0xfff, 0x20, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast2, 0x20, 0x8, 0x1b, 0x6}})
connect$netrom(r0, &(0x7f0000000000)={{0x6, @default}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x13, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x40}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
close(r0)

4.259736337s ago: executing program 1 (id=173):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000002300)={&(0x7f00000021c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000022c0)={&(0x7f0000002200)={0x40, 0x9, 0x6, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x8080}, 0x400c000)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.813391443s ago: executing program 3 (id=174):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x60, r1, 0x401, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x30, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x5}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x24008054)

3.77142579s ago: executing program 2 (id=175):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @default}, 0x1c)
bind$rose(r0, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)

3.656886642s ago: executing program 4 (id=176):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4a21, 0x9, @loopback, 0x40000001}, 0x1c)

3.459229477s ago: executing program 1 (id=177):
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), 0xffffffffffffffff)
r1 = socket(0x2a, 0x2, 0x0)
bind$xdp(r1, &(0x7f00000000c0)={0x2c, 0x8, 0x0, 0x3c}, 0x10)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x24, r0, 0xd5c15c672e322a81, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNELS={0x8}, @IEEE802154_ATTR_SCAN_TYPE={0x5}]}, 0x24}}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000400)='cubic', 0x6)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg(r2, &(0x7f0000005ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)='7', 0x1}], 0x1}}], 0x1, 0x0)
getpeername$l2tp(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, &(0x7f0000000180)=0x10)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xf, 0x0, 0x0, 0x0, 0x0, 0xf}})
r4 = socket$inet6(0x10, 0x2, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r7, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r5], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b04000000000000000002000002800204807c0201800c00010062697477697365006c020280080001400000000058020480bd000100022a334192c011de1a8bb1a985b6434983ec75a4e1b9a3c955951840bebdfe7430bb7fdbc350b825d2449a3fee7fdee9651866aeda20b7b413392edd973082cae060c6101d3701c432d43bcf12e94ecb7397b21a612eb8da302a7975c259253be3b7a0c07248d0835a9161717d832292538a4e4fde01792ce1a2958aa469cc79e93f0816a19d62abab2c96b9ad81d73e1f258e11394744f67e7ac4306106140abf8b4ac8ace04f1e471a6b838824e20a4462fc8a97858fc53f000000a2000100614f843e7275bcac73bde44e5bae5833f730287560bb9157cc04c4187aba0509571f4e2595c3a1a65de341787459cb8fbc113373e0334c036b0295f03e871184f3c5c7dd2c06a584f9f9869720276013fd3d3e41570e0bcc5456ed53a4ce9d600659bb640a42e7922bb4353e33d50c3416b321d45c3ef01451ae5bb74e5291b32cd4cf108e43c1c0d8374e8c18e415185363f19228fe7a2a4dae5bb4d60b0000f0000100188a17ccc7d6758316af528078ea3a725453fd57454577172faec0ab98249ee09ca1f50733c9579def40d06b8e1c66ec71cbc224e63ace448c5b12bade6995ff61b06154546ff4498150bf4f84c4484332feb7cfc5d9558c061385c0187396e37e8bbaff5e478c80464e833ddbce88a6274bfc0ca7f965919c6c101232f1329fd1a7cf6d9002ba72df95c8f147852c9d9d2fa46a782a4f01cf166da94b9fdeb2555422184f776d5720b20330d99a8099c209671f3738b56d99fbab51ac61c0247e2ae40f3c58e16b8aee6ff4cb2495a772af636e5e2796e85dd905bbf5635294ebff1e12dee811ab7709e0ab080003407fffffff0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x2d4}}, 0x0)
sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, 0x1402, 0x1, 0x70bd2a, 0x25dfdc02, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r9, 0x89f4, &(0x7f0000000140)={'sit0\x00', 0x0})
syz_emit_ethernet(0x4e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6087fb7e00000000fe880000000000000000000000000001fc0200000000000000000000000000000002000000000000040100010100c204"], 0x0)

3.183185436s ago: executing program 2 (id=178):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0xfff6, &(0x7f00000000c0)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0xc}, {0x3, 0xb}, {0xa, 0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4080, 0x0, 0x5, 0x1, 0xc}, 0xb, 0x0, 0x5, 0x5, 0x9, 0x14, 0x9, 0xf, 0x7, 0x1, {0xffff1c72, 0x3, 0x1000, 0xff, 0xfffffffe, 0x5}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x8840}, 0x4008000)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

3.121989529s ago: executing program 3 (id=179):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
socket$tipc(0x1e, 0x5, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
unshare(0x4000400)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
ppoll(&(0x7f0000000080)=[{r0, 0x2000}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000880}, 0x0)

3.015925533s ago: executing program 4 (id=180):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a80)={0x40, 0x0, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4f1}]}]}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x24004800}, 0x0)

2.571395026s ago: executing program 4 (id=181):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x4}, 0xe)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000500)={0xf127, 0x1, 0x4, 0xffff, r2}, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

2.204419767s ago: executing program 2 (id=182):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400070200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

2.166193273s ago: executing program 1 (id=183):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x28, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

1.955257353s ago: executing program 4 (id=184):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000180)=@ccm_128={{0x303}, "0104000400710891", "93593a5d69c3225c6820000000004e1a", "5ba63131", "d6ce9406eafd33a7"}, 0x28)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$int_in(r0, 0x5421, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)

660.516501ms ago: executing program 4 (id=185):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14)

656.729913ms ago: executing program 2 (id=186):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$inet_icmp(0x2, 0x2, 0x1)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0x215eb000)
r0 = socket(0xa, 0x5, 0x0)
sendto$inet6(r0, &(0x7f0000000080)="ac", 0x34000, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0x8, @loopback, 0xc5f}, 0x1c)

656.532746ms ago: executing program 1 (id=187):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000540), 0x0, 0x20000000}], 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r0, &(0x7f00000000c0)=ANY=[], 0xa)

307.818749ms ago: executing program 1 (id=188):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000600)=""/195, 0xc3}], 0x1)
shutdown(r0, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)

0s ago: executing program 3 (id=189):
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
socket(0x28, 0x5, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES8], 0x40}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts.
[  167.722949][ T5776] cgroup: Unknown subsys name 'net'
[  167.844477][ T5776] cgroup: Unknown subsys name 'cpuset'
[  167.858694][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  173.166267][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  177.208447][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  177.217774][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  177.228459][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  177.236585][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  177.246587][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  177.254478][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  177.265683][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  177.275420][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  177.284497][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  177.288811][ T5807] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  177.298157][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  177.302474][ T5807] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  177.310629][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  177.315351][ T5807] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  177.321788][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  177.333589][ T5807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  177.338597][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  177.356133][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  177.363651][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  177.395767][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  177.456027][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  177.524652][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  177.538907][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  177.661074][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  177.707772][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  178.477618][ T5797] chnl_net:caif_netlink_parms(): no params data found
[  178.923869][ T5804] chnl_net:caif_netlink_parms(): no params data found
[  179.023783][ T5794] chnl_net:caif_netlink_parms(): no params data found
[  179.404312][ T5795] chnl_net:caif_netlink_parms(): no params data found
[  179.429391][ T5802] Bluetooth: hci1: command tx timeout
[  179.429488][ T5803] Bluetooth: hci0: command tx timeout
[  179.489339][ T5803] Bluetooth: hci3: command tx timeout
[  179.494953][ T5803] Bluetooth: hci2: command tx timeout
[  179.576563][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.584424][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.592830][ T5797] bridge_slave_0: entered allmulticast mode
[  179.602160][ T5797] bridge_slave_0: entered promiscuous mode
[  179.710954][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.718751][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.727166][ T5797] bridge_slave_1: entered allmulticast mode
[  179.736399][ T5797] bridge_slave_1: entered promiscuous mode
[  179.826319][ T5802] Bluetooth: hci4: command tx timeout
[  179.909970][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.001583][ T5811] chnl_net:caif_netlink_parms(): no params data found
[  180.029427][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.057246][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.064820][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.072684][ T5804] bridge_slave_0: entered allmulticast mode
[  180.082525][ T5804] bridge_slave_0: entered promiscuous mode
[  180.197294][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.205106][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.217593][ T5804] bridge_slave_1: entered allmulticast mode
[  180.226115][ T5804] bridge_slave_1: entered promiscuous mode
[  180.265806][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.273401][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.281284][ T5794] bridge_slave_0: entered allmulticast mode
[  180.290887][ T5794] bridge_slave_0: entered promiscuous mode
[  180.309581][ T5797] team0: Port device team_slave_0 added
[  180.405990][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.413626][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.428778][ T5794] bridge_slave_1: entered allmulticast mode
[  180.441936][ T5794] bridge_slave_1: entered promiscuous mode
[  180.458162][ T5797] team0: Port device team_slave_1 added
[  180.609114][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.657737][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.667896][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.675785][ T5795] bridge_slave_0: entered allmulticast mode
[  180.684812][ T5795] bridge_slave_0: entered promiscuous mode
[  180.783242][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.793572][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.801442][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.809322][ T5795] bridge_slave_1: entered allmulticast mode
[  180.818560][ T5795] bridge_slave_1: entered promiscuous mode
[  180.837404][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.858269][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.870357][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.879547][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  180.905881][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.064558][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.072005][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.100056][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.201818][ T5804] team0: Port device team_slave_0 added
[  181.298114][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.315497][ T5794] team0: Port device team_slave_0 added
[  181.332193][ T5804] team0: Port device team_slave_1 added
[  181.347031][ T5794] team0: Port device team_slave_1 added
[  181.354581][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.362164][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.369836][ T5811] bridge_slave_0: entered allmulticast mode
[  181.378609][ T5811] bridge_slave_0: entered promiscuous mode
[  181.398271][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  181.472741][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.480507][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.488109][ T5802] Bluetooth: hci0: command tx timeout
[  181.495431][ T5811] bridge_slave_1: entered allmulticast mode
[  181.495585][ T5802] Bluetooth: hci1: command tx timeout
[  181.504819][ T5811] bridge_slave_1: entered promiscuous mode
[  181.574116][ T5802] Bluetooth: hci2: command tx timeout
[  181.574146][ T5803] Bluetooth: hci3: command tx timeout
[  181.710173][ T5795] team0: Port device team_slave_0 added
[  181.747643][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.754826][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.781451][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.806127][ T5797] hsr_slave_0: entered promiscuous mode
[  181.815896][ T5797] hsr_slave_1: entered promiscuous mode
[  181.827174][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.834295][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.860988][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.874714][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.882147][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  181.908919][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.924040][ T5802] Bluetooth: hci4: command tx timeout
[  181.954926][ T5795] team0: Port device team_slave_1 added
[  181.999599][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.006978][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  182.034029][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.085961][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.166545][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.173661][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  182.200498][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.217755][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.224875][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  182.253213][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.301470][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.540567][ T5804] hsr_slave_0: entered promiscuous mode
[  182.550131][ T5804] hsr_slave_1: entered promiscuous mode
[  182.558410][ T5804] debugfs: 'hsr0' already exists in 'hsr'
[  182.564384][ T5804] Cannot create hsr debugfs directory
[  182.618090][ T5794] hsr_slave_0: entered promiscuous mode
[  182.627300][ T5794] hsr_slave_1: entered promiscuous mode
[  182.634815][ T5794] debugfs: 'hsr0' already exists in 'hsr'
[  182.640846][ T5794] Cannot create hsr debugfs directory
[  182.719100][ T5811] team0: Port device team_slave_0 added
[  182.736131][ T5811] team0: Port device team_slave_1 added
[  182.782626][ T5795] hsr_slave_0: entered promiscuous mode
[  182.792546][ T5795] hsr_slave_1: entered promiscuous mode
[  182.801067][ T5795] debugfs: 'hsr0' already exists in 'hsr'
[  182.807280][ T5795] Cannot create hsr debugfs directory
[  183.029979][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[  183.038515][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  183.065688][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  183.199820][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[  183.207047][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  183.233417][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  183.572693][ T5802] Bluetooth: hci1: command tx timeout
[  183.572734][ T5803] Bluetooth: hci0: command tx timeout
[  183.647934][ T5802] Bluetooth: hci2: command tx timeout
[  183.667295][ T5802] Bluetooth: hci3: command tx timeout
[  183.683614][ T5811] hsr_slave_0: entered promiscuous mode
[  183.692477][ T5811] hsr_slave_1: entered promiscuous mode
[  183.700703][ T5811] debugfs: 'hsr0' already exists in 'hsr'
[  183.706811][ T5811] Cannot create hsr debugfs directory
[  183.965824][ T5802] Bluetooth: hci4: command tx timeout
[  184.072750][ T5797] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  184.097352][ T5797] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  184.133759][ T5797] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  184.172472][ T5797] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  184.460622][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  184.522594][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  184.596395][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  184.614844][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  184.756215][ T5804] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  184.786611][ T5804] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  184.805626][ T5804] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  184.825466][ T5804] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  185.019085][ T5795] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  185.050813][ T5795] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  185.088830][ T5795] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  185.111529][ T5795] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  185.401785][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  185.439609][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  185.462626][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  185.493425][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  185.650760][ T5802] Bluetooth: hci1: command tx timeout
[  185.650954][ T5803] Bluetooth: hci0: command tx timeout
[  185.677290][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.726138][ T5803] Bluetooth: hci3: command tx timeout
[  185.731850][ T5803] Bluetooth: hci2: command tx timeout
[  185.875667][ T5797] 8021q: adding VLAN 0 to HW filter on device team0
[  185.913948][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.944640][ T4130] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.952215][ T4130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.989140][ T4130] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.996964][ T4130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.031478][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.049147][ T5802] Bluetooth: hci4: command tx timeout
[  186.086829][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[  186.173162][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.180714][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.199890][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.207517][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.319279][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[  186.458509][ T4130] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.466111][ T4130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.490699][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.552199][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.559761][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.772825][ T5795] 8021q: adding VLAN 0 to HW filter on device team0
[  186.898889][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.906472][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.942786][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.978211][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.985895][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.220444][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[  187.330449][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.338051][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.456028][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.463504][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.280212][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.442620][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.730991][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.898629][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.002593][ T5794] veth0_vlan: entered promiscuous mode
[  189.130773][ T5794] veth1_vlan: entered promiscuous mode
[  189.314205][ T5804] veth0_vlan: entered promiscuous mode
[  189.452582][ T5804] veth1_vlan: entered promiscuous mode
[  189.494450][ T5794] veth0_macvtap: entered promiscuous mode
[  189.515100][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.588183][ T5794] veth1_macvtap: entered promiscuous mode
[  189.601094][ T5795] veth0_vlan: entered promiscuous mode
[  189.731039][ T5795] veth1_vlan: entered promiscuous mode
[  189.866438][ T5804] veth0_macvtap: entered promiscuous mode
[  189.898953][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[  189.959910][ T5804] veth1_macvtap: entered promiscuous mode
[  189.991782][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.074778][ T5811] veth0_vlan: entered promiscuous mode
[  190.124784][ T1867] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.160602][ T1867] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.198933][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.226076][ T1867] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.264874][ T5795] veth0_macvtap: entered promiscuous mode
[  190.304932][ T1867] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  190.328883][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.375800][ T4130] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.401492][   T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.443571][ T5811] veth1_vlan: entered promiscuous mode
[  190.460738][ T5795] veth1_macvtap: entered promiscuous mode
[  190.487348][   T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.567518][   T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  190.683854][ T5797] veth0_vlan: entered promiscuous mode
[  190.712745][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.811686][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.866153][ T5797] veth1_vlan: entered promiscuous mode
[  190.903078][ T5811] veth0_macvtap: entered promiscuous mode
[  190.930674][   T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.962353][ T5811] veth1_macvtap: entered promiscuous mode
[  190.974376][   T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.002746][   T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.040375][   T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.141908][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.216041][ T5797] veth0_macvtap: entered promiscuous mode
[  191.295589][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.316513][ T5797] veth1_macvtap: entered promiscuous mode
[  191.369529][ T4052] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.429983][ T4052] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.479378][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.494453][ T4052] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.556995][ T4052] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.585612][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.664919][ T1867] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.702051][ T1867] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.772103][ T1867] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.836080][ T4052] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  195.712489][ T1888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.723220][ T1888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  195.904377][ T1867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.915509][ T1867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.066584][ T4052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.075480][ T4052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.252087][ T5794] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  196.308823][ T4052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.317020][ T4052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.401354][ T4052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.410123][ T4052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.644496][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.644598][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.921299][ T5982] loop0: detected capacity change from 0 to 512
[  197.000157][ T5982] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  197.024660][ T4130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.033419][ T4130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.075777][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.083898][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.307644][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.315883][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.347804][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.347892][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.798863][ T6000] loop0: detected capacity change from 0 to 1764
[  199.024639][ T6008] loop2: detected capacity change from 0 to 1764
[  199.191507][ T6004] FAULT_INJECTION: forcing a failure.
[  199.191507][ T6004] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  199.205411][ T6004] CPU: 1 UID: 0 PID: 6004 Comm: syz.2.8 Not tainted syzkaller #0 PREEMPT(none) 
[  199.205537][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  199.205620][ T6004] Call Trace:
[  199.205671][ T6004]  <TASK>
[  199.205716][ T6004]  __dump_stack+0x26/0x30
[  199.205872][ T6004]  dump_stack_lvl+0x1df/0x270
[  199.206022][ T6004]  dump_stack+0x1e/0x25
[  199.206155][ T6004]  should_fail_ex+0x7dc/0x8a0
[  199.206317][ T6004]  should_fail+0x2a/0x40
[  199.206449][ T6004]  should_fail_usercopy+0x2e/0x40
[  199.206597][ T6004]  _copy_to_user+0x35/0x120
[  199.206743][ T6004]  simple_read_from_buffer+0x1b2/0x340
[  199.206926][ T6004]  proc_fail_nth_read+0x1e0/0x2d0
[  199.207099][ T6004]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.207262][ T6004]  vfs_read+0x27c/0xf90
[  199.207428][ T6004]  ? stack_depot_save_flags+0x35/0x7b0
[  199.207563][ T6004]  ? kmsan_get_metadata+0xfb/0x160
[  199.207703][ T6004]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  199.207898][ T6004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  199.208049][ T6004]  __x64_sys_read+0x1fb/0x4d0
[  199.208186][ T6004]  x64_sys_call+0x2f9c/0x3e30
[  199.208348][ T6004]  do_syscall_64+0xd9/0xfa0
[  199.208515][ T6004]  ? irqentry_exit+0x16/0x60
[  199.208657][ T6004]  ? clear_bhb_loop+0x40/0x90
[  199.208791][ T6004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.208924][ T6004] RIP: 0033:0x7fb3bf58e15c
[  199.209035][ T6004] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  199.209141][ T6004] RSP: 002b:00007fb3c04a2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.209268][ T6004] RAX: ffffffffffffffda RBX: 00007fb3bf7e5fa0 RCX: 00007fb3bf58e15c
[  199.209351][ T6004] RDX: 000000000000000f RSI: 00007fb3c04a20a0 RDI: 0000000000000004
[  199.209433][ T6004] RBP: 00007fb3c04a2090 R08: 0000000000000000 R09: 0000000000000000
[  199.209509][ T6004] R10: 00002000000003c0 R11: 0000000000000246 R12: 0000000000000001
[  199.209582][ T6004] R13: 00007fb3bf7e6038 R14: 00007fb3bf7e5fa0 R15: 00007ffe27349298
[  199.209698][ T6004]  </TASK>
[  199.535483][ T6010] loop4: detected capacity change from 0 to 4096
[  199.677305][ T6006] loop3: detected capacity change from 0 to 1764
[  199.686347][ T6010] NILFS (loop4): invalid segment: Checksum error in segment payload
[  199.694683][ T6010] NILFS (loop4): trying rollback from an earlier position
[  199.811205][ T6010] NILFS (loop4): recovery complete
[  199.890525][ T6017] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  200.452750][ T6019] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  200.626404][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13'.
[  200.813102][ T6025] loop2: detected capacity change from 0 to 2048
[  200.962827][ T6025] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.785067][ T6037] loop3: detected capacity change from 0 to 1024
[  201.794932][ T6037] EXT4-fs: Ignoring removed nomblk_io_submit option
[  201.799453][ T6040] loop0: detected capacity change from 0 to 64
[  201.862707][ T6037] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal
[  202.081506][ T6045] loop4: detected capacity change from 0 to 256
[  202.429155][ T6051] loop2: detected capacity change from 0 to 1024
[  202.480424][ T1875] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  202.563913][ T6054] netlink: 'syz.0.26': attribute type 10 has an invalid length.
[  202.572237][ T6054] netlink: 'syz.0.26': attribute type 17 has an invalid length.
[  202.675656][ T1875] usb 5-1: Using ep0 maxpacket: 32
[  202.712921][ T1875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.727530][ T1875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.738782][ T1875] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  202.748284][ T1875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.785006][ T1875] usb 5-1: config 0 descriptor??
[  202.865035][ T1875] hub 5-1:0.0: USB hub found
[  202.883367][ T1888] hfsplus: b-tree write err: -5, ino 4
[  203.010768][ T1875] hub 5-1:0.0: config failed, can't read hub descriptor (err -90)
[  203.243907][ T6060] netlink: 48 bytes leftover after parsing attributes in process `syz.3.27'.
[  203.392075][ T6065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.28'.
[  203.636476][ T1875] usbhid 5-1:0.0: can't add hid device: -71
[  203.643050][ T1875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  203.753598][ T6064] loop0: detected capacity change from 0 to 2048
[  203.768479][ T1875] usb 5-1: USB disconnect, device number 2
[  203.893472][ T6070] netlink: 'syz.1.30': attribute type 1 has an invalid length.
[  203.902082][ T6070] netlink: 224 bytes leftover after parsing attributes in process `syz.1.30'.
[  203.980304][ T6064] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  205.338357][ T6093] loop0: detected capacity change from 0 to 128
[  205.393076][ T6093] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  205.469119][ T6093] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  205.480862][ T6096] netlink: 12 bytes leftover after parsing attributes in process `syz.3.41'.
[  205.852860][ T6091] loop2: detected capacity change from 0 to 4096
[  205.869675][ T6091] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  225.018631][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  225.026419][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  244.368480][ T6120] loop0: detected capacity change from 0 to 4096
[  244.390157][ T6132] netlink: 'syz.1.51': attribute type 1 has an invalid length.
[  244.398602][ T6132] netlink: 'syz.1.51': attribute type 2 has an invalid length.
[  244.399897][ T6125] loop3: detected capacity change from 0 to 4096
[  244.410390][ T6132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.51'.
[  244.465698][ T6120] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  244.502499][ T6125] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  244.538488][ T6133] netlink: 'syz.1.51': attribute type 1 has an invalid length.
[  244.546561][ T6133] netlink: 'syz.1.51': attribute type 2 has an invalid length.
[  244.554451][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.51'.
[  244.966638][ T6125] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  245.396395][   T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  245.625397][   T24] usb 4-1: Using ep0 maxpacket: 16
[  245.691848][   T24] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  245.701398][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.443126][ T6154] loop1: detected capacity change from 0 to 32768
[  246.457229][ T6154] =======================================================
[  246.457229][ T6154] WARNING: The mand mount option has been deprecated and
[  246.457229][ T6154]          and is ignored by this kernel. Remove the mand
[  246.457229][ T6154]          option from the mount to silence this warning.
[  246.457229][ T6154] =======================================================
[  246.518263][   T24] usb 4-1: config 0 descriptor??
[  246.540408][   T24] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  246.704212][ T6154] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  246.781207][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.49'.
[  246.917971][ T6154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.54'.
[  247.145964][   T24] usb 4-1: Detected FT232A
[  247.199501][   T24] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  247.249249][   T24] usb 4-1: USB disconnect, device number 2
[  247.275019][ T5804] ocfs2: Unmounting device (7,1) on (node local)
[  247.342559][   T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  247.356365][   T24] ftdi_sio 4-1:0.0: device disconnected
[  248.070313][ T6171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.60'.
[  248.517293][ T6174] process 'syz.0.62' launched '/dev/fd/3' with NULL argv: empty string added
[  248.609428][ T6174] loop0: detected capacity change from 0 to 8
[  248.743715][ T6174] SQUASHFS error: lzo decompression failed, data probably corrupt
[  248.752087][ T6174] SQUASHFS error: Failed to read block 0x91: -5
[  248.758759][ T6174] SQUASHFS error: Unable to read metadata cache entry [8f]
[  248.766438][ T6174] SQUASHFS error: Unable to read inode 0x11f
[  248.774918][ T6178] loop4: detected capacity change from 0 to 128
[  248.904179][   T30] audit: type=1804 audit(1763867833.323:2): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.64" name="/newroot/11/file2/file0" dev="loop4" ino=1048608 res=1 errno=0
[  249.128008][ T6176] syz.4.64: attempt to access beyond end of device
[  249.128008][ T6176] loop4: rw=2049, sector=138, nr_sectors = 2 limit=128
[  249.688802][ T1875] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  249.735561][ T6197] Zero length message leads to an empty skb
[  249.885955][ T1875] usb 2-1: Using ep0 maxpacket: 8
[  249.907214][ T1875] usb 2-1: config 0 has no interfaces?
[  249.961636][ T1875] usb 2-1: New USB device found, idVendor=19d2, idProduct=0167, bcdDevice=bc.89
[  249.978496][ T1875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.991807][ T1875] usb 2-1: Product: syz
[  249.996273][ T1875] usb 2-1: Manufacturer: syz
[  250.001058][ T1875] usb 2-1: SerialNumber: syz
[  250.029165][ T6206] FAULT_INJECTION: forcing a failure.
[  250.029165][ T6206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.046924][ T6206] CPU: 0 UID: 0 PID: 6206 Comm: syz.4.69 Not tainted syzkaller #0 PREEMPT(none) 
[  250.047051][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  250.047120][ T6206] Call Trace:
[  250.047163][ T6206]  <TASK>
[  250.047207][ T6206]  __dump_stack+0x26/0x30
[  250.047350][ T6206]  dump_stack_lvl+0x1df/0x270
[  250.047497][ T6206]  dump_stack+0x1e/0x25
[  250.047629][ T6206]  should_fail_ex+0x7dc/0x8a0
[  250.047786][ T6206]  should_fail+0x2a/0x40
[  250.047911][ T6206]  should_fail_usercopy+0x2e/0x40
[  250.048051][ T6206]  _copy_from_user+0x33/0x100
[  250.048195][ T6206]  strndup_user+0x206/0x3e0
[  250.048329][ T6206]  __se_sys_mount+0x134/0x7e0
[  250.048448][ T6206]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  250.048632][ T6206]  ? kmsan_get_metadata+0xfb/0x160
[  250.048763][ T6206]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.048911][ T6206]  __x64_sys_mount+0xe4/0x150
[  250.049045][ T6206]  x64_sys_call+0x3604/0x3e30
[  250.049201][ T6206]  do_syscall_64+0xd9/0xfa0
[  250.049344][ T6206]  ? irqentry_exit+0x16/0x60
[  250.049479][ T6206]  ? clear_bhb_loop+0x40/0x90
[  250.049607][ T6206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.049738][ T6206] RIP: 0033:0x7feba698f749
[  250.049832][ T6206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.049934][ T6206] RSP: 002b:00007feba78db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  250.050049][ T6206] RAX: ffffffffffffffda RBX: 00007feba6be6090 RCX: 00007feba698f749
[  250.050132][ T6206] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000200000000140
[  250.050215][ T6206] RBP: 00007feba78db090 R08: 0000000000000000 R09: 0000000000000000
[  250.050290][ T6206] R10: 0000000002208004 R11: 0000000000000246 R12: 0000000000000001
[  250.050364][ T6206] R13: 00007feba6be6128 R14: 00007feba6be6090 R15: 00007fffd237ed68
[  250.050472][ T6206]  </TASK>
[  250.070845][ T6201] netlink: 12 bytes leftover after parsing attributes in process `syz.2.70'.
[  250.203309][ T1875] usb 2-1: config 0 descriptor??
[  251.299359][ T6210] loop0: detected capacity change from 0 to 4096
[  251.446115][ T6210] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  251.626709][ T6194] loop1: detected capacity change from 0 to 40427
[  251.667831][ T6194] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  251.678087][ T6194] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  251.685809][ T6221] loop2: detected capacity change from 0 to 256
[  251.701556][ T6194] F2FS-fs (loop1): invalid crc value
[  251.829860][ T6221] exfat: Deprecated parameter 'namecase'
[  251.836067][ T6221] exfat: Deprecated parameter 'namecase'
[  252.003402][ T6194] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  252.025566][ T6210] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  252.038111][ T6194] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  252.046092][ T6194] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  252.075883][ T1875] usb 2-1: USB disconnect, device number 2
[  252.155782][ T6221] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  252.436952][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  252.609956][ T6227] Illegal XDP return value 4070055648 on prog  (id 16) dev N/A, expect packet loss!
[  252.665892][   T24] usb 1-1: Using ep0 maxpacket: 16
[  252.676179][ T6229] loop4: detected capacity change from 0 to 512
[  252.689979][   T24] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  252.702904][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.789324][   T24] usb 1-1: config 0 descriptor??
[  252.840410][ T6229] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.882244][   T24] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  253.099538][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.71'.
[  253.339279][   T24] usb 1-1: Detected FT232A
[  253.373895][   T24] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  253.456792][   T24] usb 1-1: USB disconnect, device number 2
[  253.505767][   T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  253.522032][   T24] ftdi_sio 1-1:0.0: device disconnected
[  253.656604][ T5797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.869509][ T6242] loop2: detected capacity change from 0 to 128
[  254.056231][   T30] audit: type=1804 audit(1763867838.473:3): pid=6239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.79" name="/newroot/18/file2/file0" dev="loop2" ino=1048610 res=1 errno=0
[  254.276884][ T6236] syz.2.79: attempt to access beyond end of device
[  254.276884][ T6236] loop2: rw=2049, sector=138, nr_sectors = 2 limit=128
[  255.300524][ T6253] loop0: detected capacity change from 0 to 4096
[  255.759828][ T6260] loop3: detected capacity change from 0 to 1024
[  256.087040][ T6266] loop9: detected capacity change from 0 to 7
[  256.136218][ T6266] Dev loop9: unable to read RDB block 7
[  256.142147][ T6266]  loop9: AHDI p1 p2
[  256.146474][ T6266] loop9: partition table partially beyond EOD, truncated
[  256.154977][ T6266] loop9: p1 size 4227858431 extends beyond EOD, truncated
[  256.477085][ T6270] hfsplus: xattr search failed
[  257.031225][ T6267] loop1: detected capacity change from 0 to 32768
[  257.121966][ T6267] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  257.281534][ T6267] XFS (loop1): Ending clean mount
[  257.333752][ T6288] loop2: detected capacity change from 0 to 128
[  257.354707][ T6286] loop0: detected capacity change from 0 to 256
[  257.478880][ T6286] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  257.505838][ T5795] hfsplus: node 4:3 still has 1 user(s)!
[  257.764807][   T59] Bluetooth: hci5: Frame reassembly failed (-84)
[  257.788490][ T5804] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  257.789209][ T6280] loop4: detected capacity change from 0 to 4096
[  257.845951][ T6280] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  258.058043][ T6286] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  258.165959][ T6280] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[  258.517293][ T5880] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  258.626173][   T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  258.725503][ T5880] usb 5-1: Using ep0 maxpacket: 16
[  258.769667][ T5880] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  258.779287][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.815453][   T24] usb 3-1: Using ep0 maxpacket: 32
[  258.844998][ T5880] usb 5-1: config 0 descriptor??
[  258.904196][ T5880] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  258.938250][   T24] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  258.951200][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.961136][   T24] usb 3-1: Product: syz
[  258.965650][   T24] usb 3-1: Manufacturer: syz
[  258.970539][   T24] usb 3-1: SerialNumber: syz
[  259.090158][   T24] usb 3-1: config 0 descriptor??
[  259.138980][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.92'.
[  259.171285][   T24] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  259.300052][ T6302] FAULT_INJECTION: forcing a failure.
[  259.300052][ T6302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.313703][ T6302] CPU: 0 UID: 0 PID: 6302 Comm: syz.3.99 Not tainted syzkaller #0 PREEMPT(none) 
[  259.313832][ T6302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  259.313902][ T6302] Call Trace:
[  259.313946][ T6302]  <TASK>
[  259.313991][ T6302]  __dump_stack+0x26/0x30
[  259.314138][ T6302]  dump_stack_lvl+0x1df/0x270
[  259.314286][ T6302]  dump_stack+0x1e/0x25
[  259.314418][ T6302]  should_fail_ex+0x7dc/0x8a0
[  259.314584][ T6302]  should_fail+0x2a/0x40
[  259.314711][ T6302]  should_fail_usercopy+0x2e/0x40
[  259.314857][ T6302]  _copy_from_user+0x33/0x100
[  259.315006][ T6302]  ___sys_sendmsg+0x11b/0x3b0
[  259.315184][ T6302]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.315331][ T6302]  ? __rcu_read_unlock+0x6d/0xd0
[  259.315451][ T6302]  ? __fget_files+0x3b4/0x4a0
[  259.315582][ T6302]  ? __fget_files+0x3b9/0x4a0
[  259.315713][ T6302]  ? kmsan_get_metadata+0xfb/0x160
[  259.315847][ T6302]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.315996][ T6302]  __x64_sys_sendmsg+0x211/0x3e0
[  259.316164][ T6302]  ? kmsan_get_metadata+0xfb/0x160
[  259.316298][ T6302]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.316434][ T6302]  ? kmsan_get_metadata+0xfb/0x160
[  259.316568][ T6302]  ? kmsan_get_metadata+0xfb/0x160
[  259.316719][ T6302]  x64_sys_call+0x1dfd/0x3e30
[  259.316872][ T6302]  do_syscall_64+0xd9/0xfa0
[  259.317028][ T6302]  ? irqentry_exit+0x16/0x60
[  259.317174][ T6302]  ? clear_bhb_loop+0x40/0x90
[  259.317309][ T6302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.317439][ T6302] RIP: 0033:0x7f937c18f749
[  259.317533][ T6302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.317643][ T6302] RSP: 002b:00007f937cf8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  259.317762][ T6302] RAX: ffffffffffffffda RBX: 00007f937c3e5fa0 RCX: 00007f937c18f749
[  259.317852][ T6302] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  259.317928][ T6302] RBP: 00007f937cf8d090 R08: 0000000000000000 R09: 0000000000000000
[  259.318005][ T6302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.318079][ T6302] R13: 00007f937c3e6038 R14: 00007f937c3e5fa0 R15: 00007ffdfc082658
[  259.318199][ T6302]  </TASK>
[  259.664113][ T5880] usb 5-1: Detected FT232A
[  259.715743][ T5880] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  259.720950][ T6305] loop1: detected capacity change from 0 to 128
[  259.806373][ T5803] Bluetooth: hci5: command 0x1003 tx timeout
[  259.813064][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  259.881839][ T5880] usb 5-1: USB disconnect, device number 3
[  259.895962][ T5802] Bluetooth: hci4: command 0x0401 tx timeout
[  259.929063][   T30] audit: type=1804 audit(1763867844.323:4): pid=6305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.96" name="/newroot/13/file2/file0" dev="loop1" ino=1048614 res=1 errno=0
[  260.008880][ T5880] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  260.021717][ T5880] ftdi_sio 5-1:0.0: device disconnected
[  260.144522][ T6304] syz.1.96: attempt to access beyond end of device
[  260.144522][ T6304] loop1: rw=2049, sector=138, nr_sectors = 2 limit=128
[  260.316324][ T1875] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  260.435886][ T5856] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  260.466154][ T1875] usb 1-1: device descriptor read/64, error -71
[  260.631720][ T5856] usb 4-1: device descriptor read/64, error -71
[  260.742101][ T1875] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  260.915642][ T5856] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  260.924948][ T1875] usb 1-1: device descriptor read/64, error -71
[  261.037007][ T1875] usb usb1-port1: attempt power cycle
[  261.066302][ T5856] usb 4-1: device descriptor read/64, error -71
[  261.185592][ T5856] usb usb4-port1: attempt power cycle
[  261.220904][ T6314] loop1: detected capacity change from 0 to 4096
[  261.245869][ T6314] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  261.273432][ T6314] ntfs3(loop1): ino=3, mi_enum_attr
[  261.285926][ T5851] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  261.380457][ T6314] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  261.411231][   T24] gspca_stk1135: reg_w 0x2ff err -71
[  261.416543][ T1875] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  261.418181][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.430812][   T24] gspca_stk1135: Sensor write failed
[  261.436467][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.442937][   T24] gspca_stk1135: Sensor write failed
[  261.448523][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.455005][   T24] gspca_stk1135: Sensor read failed
[  261.460535][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.465732][ T1875] usb 1-1: device descriptor read/8, error -71
[  261.467102][   T24] gspca_stk1135: Sensor read failed
[  261.475017][ T5851] usb 5-1: Using ep0 maxpacket: 16
[  261.478541][   T24] gspca_stk1135: Detected sensor type unknown (0x0)
[  261.478682][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.478745][   T24] gspca_stk1135: Sensor read failed
[  261.478849][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.478903][   T24] gspca_stk1135: Sensor read failed
[  261.479007][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.479061][   T24] gspca_stk1135: Sensor write failed
[  261.479166][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  261.479220][   T24] gspca_stk1135: Sensor write failed
[  261.479498][   T24] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  261.493652][   T24] usb 3-1: USB disconnect, device number 2
[  261.538286][ T5856] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  261.626438][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.637806][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.648098][ T5851] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  261.661324][ T5851] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  261.670785][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.691289][ T5856] usb 4-1: device descriptor read/8, error -71
[  261.700677][ T5851] usb 5-1: config 0 descriptor??
[  261.747114][ T1875] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  261.792017][ T1875] usb 1-1: device descriptor read/8, error -71
[  261.907399][ T1875] usb usb1-port1: unable to enumerate USB device
[  261.935782][ T5856] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  261.992698][ T5856] usb 4-1: device descriptor read/8, error -71
[  262.111632][ T5856] usb usb4-port1: unable to enumerate USB device
[  262.129328][ T6316] loop4: detected capacity change from 0 to 16
[  262.214493][ T6316] capability: warning: `syz.4.102' uses deprecated v2 capabilities in a way that may be insecure
[  262.378191][ T5851] usbhid 5-1:0.0: can't add hid device: -71
[  262.384726][ T5851] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  262.410011][ T5851] usb 5-1: USB disconnect, device number 4
[  263.007601][   T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  263.025466][ T6330] FAULT_INJECTION: forcing a failure.
[  263.025466][ T6330] name failslab, interval 1, probability 0, space 0, times 1
[  263.042449][ T6330] CPU: 0 UID: 0 PID: 6330 Comm: syz.4.108 Not tainted syzkaller #0 PREEMPT(none) 
[  263.042588][ T6330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  263.042660][ T6330] Call Trace:
[  263.042704][ T6330]  <TASK>
[  263.042748][ T6330]  __dump_stack+0x26/0x30
[  263.042894][ T6330]  dump_stack_lvl+0x1df/0x270
[  263.043038][ T6330]  dump_stack+0x1e/0x25
[  263.043163][ T6330]  should_fail_ex+0x7dc/0x8a0
[  263.043306][ T6330]  should_failslab+0x15b/0x200
[  263.043441][ T6330]  kmem_cache_alloc_node_noprof+0xf0/0x16b0
[  263.043584][ T6330]  ? __alloc_skb+0x1e0/0x7d0
[  263.043724][ T6330]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  263.043920][ T6330]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  263.044064][ T6330]  __alloc_skb+0x1e0/0x7d0
[  263.044222][ T6330]  netlink_dump+0x24f/0x17d0
[  263.044398][ T6330]  ? kmsan_get_metadata+0xfb/0x160
[  263.044530][ T6330]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  263.044719][ T6330]  ? kmsan_get_metadata+0xfb/0x160
[  263.044862][ T6330]  __netlink_dump_start+0x716/0xd60
[  263.045043][ T6330]  rtnetlink_rcv_msg+0x1262/0x14b0
[  263.045167][ T6330]  ? __pfx_rtnl_dumpit+0x10/0x10
[  263.045277][ T6330]  ? __pfx_tc_dump_action+0x10/0x10
[  263.045422][ T6330]  ? __pfx_tc_dump_action+0x10/0x10
[  263.045561][ T6330]  netlink_rcv_skb+0x54d/0x680
[  263.045748][ T6330]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  263.045889][ T6330]  rtnetlink_rcv+0x35/0x40
[  263.045999][ T6330]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  263.046113][ T6330]  netlink_unicast+0xf04/0x12b0
[  263.046290][ T6330]  netlink_sendmsg+0x10b3/0x1250
[  263.046482][ T6330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.046648][ T6330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.046808][ T6330]  __sock_sendmsg+0x333/0x3d0
[  263.046956][ T6330]  ____sys_sendmsg+0x7e0/0xd80
[  263.047153][ T6330]  ___sys_sendmsg+0x271/0x3b0
[  263.047338][ T6330]  ? __rcu_read_unlock+0x6d/0xd0
[  263.047462][ T6330]  ? __fget_files+0x3b4/0x4a0
[  263.047593][ T6330]  ? __fget_files+0x3b9/0x4a0
[  263.047723][ T6330]  ? kmsan_get_metadata+0xfb/0x160
[  263.047857][ T6330]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  263.048004][ T6330]  __x64_sys_sendmsg+0x211/0x3e0
[  263.048188][ T6330]  ? kmsan_get_metadata+0xfb/0x160
[  263.048339][ T6330]  x64_sys_call+0x1dfd/0x3e30
[  263.048499][ T6330]  do_syscall_64+0xd9/0xfa0
[  263.048664][ T6330]  ? irqentry_exit+0x16/0x60
[  263.048810][ T6330]  ? clear_bhb_loop+0x40/0x90
[  263.048945][ T6330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.049075][ T6330] RIP: 0033:0x7feba698f749
[  263.049166][ T6330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.049267][ T6330] RSP: 002b:00007feba78fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.049384][ T6330] RAX: ffffffffffffffda RBX: 00007feba6be5fa0 RCX: 00007feba698f749
[  263.049474][ T6330] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  263.049552][ T6330] RBP: 00007feba78fc090 R08: 0000000000000000 R09: 0000000000000000
[  263.049634][ T6330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.049701][ T6330] R13: 00007feba6be6038 R14: 00007feba6be5fa0 R15: 00007fffd237ed68
[  263.049816][ T6330]  </TASK>
[  263.203998][   T24] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  263.387355][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.630730][   T24] usb 3-1: config 0 descriptor??
[  263.651031][   T24] cp210x 3-1:0.0: cp210x converter detected
[  263.856164][   T24] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121
[  263.869052][   T24] cp210x 3-1:0.0: querying part number failed
[  263.927099][   T24] usb 3-1: cp210x converter now attached to ttyUSB0
[  263.940467][ T5880] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  264.095349][ T6328] mmap: syz.2.107 (6328) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  264.137234][ T5880] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[  264.146757][ T5880] usb 1-1: config 8 has no interface number 0
[  264.153043][ T5880] usb 1-1: config 8 interface 177 has no altsetting 0
[  264.160311][ T5880] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  264.172889][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.194674][ T6342] loop1: detected capacity change from 0 to 128
[  264.274885][   T24] usb 3-1: USB disconnect, device number 3
[  264.295843][   T30] audit: type=1804 audit(1763867848.693:5): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.113" name="/newroot/18/file2/file0" dev="loop1" ino=1048616 res=1 errno=0
[  264.314849][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  264.329683][   T24] cp210x 3-1:0.0: device disconnected
[  264.411834][ T6338] syz.1.113: attempt to access beyond end of device
[  264.411834][ T6338] loop1: rw=2049, sector=138, nr_sectors = 2 limit=128
[  264.533816][ T6341] loop3: detected capacity change from 0 to 4096
[  264.659859][ T6341] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  264.847574][ T6347] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.867518][ T6347] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.153317][ T6341] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  265.494291][ T6350] loop1: detected capacity change from 0 to 128
[  265.536374][ T5856] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  265.726001][ T5856] usb 4-1: Using ep0 maxpacket: 16
[  265.746494][ T6355] FAULT_INJECTION: forcing a failure.
[  265.746494][ T6355] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.760148][ T6355] CPU: 0 UID: 0 PID: 6355 Comm: syz.4.117 Not tainted syzkaller #0 PREEMPT(none) 
[  265.760277][ T6355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  265.760349][ T6355] Call Trace:
[  265.760399][ T6355]  <TASK>
[  265.760445][ T6355]  __dump_stack+0x26/0x30
[  265.760596][ T6355]  dump_stack_lvl+0x1df/0x270
[  265.760745][ T6355]  dump_stack+0x1e/0x25
[  265.760875][ T6355]  should_fail_ex+0x7dc/0x8a0
[  265.761034][ T6355]  should_fail+0x2a/0x40
[  265.761158][ T6355]  should_fail_usercopy+0x2e/0x40
[  265.761297][ T6355]  _copy_from_user+0x33/0x100
[  265.761444][ T6355]  ___sys_sendmsg+0x11b/0x3b0
[  265.761618][ T6355]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  265.761767][ T6355]  ? __rcu_read_unlock+0x6d/0xd0
[  265.761889][ T6355]  ? __fget_files+0x3b4/0x4a0
[  265.762015][ T6355]  ? __fget_files+0x3b9/0x4a0
[  265.762140][ T6355]  ? kmsan_get_metadata+0xfb/0x160
[  265.762269][ T6355]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  265.762422][ T6355]  __x64_sys_sendmsg+0x211/0x3e0
[  265.762584][ T6355]  ? kmsan_get_metadata+0xfb/0x160
[  265.762716][ T6355]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  265.762854][ T6355]  ? kmsan_get_metadata+0xfb/0x160
[  265.762981][ T6355]  ? kmsan_get_metadata+0xfb/0x160
[  265.763129][ T6355]  x64_sys_call+0x1dfd/0x3e30
[  265.763285][ T6355]  do_syscall_64+0xd9/0xfa0
[  265.763448][ T6355]  ? clear_bhb_loop+0x40/0x90
[  265.763584][ T6355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.763710][ T6355] RIP: 0033:0x7feba698f749
[  265.763805][ T6355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.763911][ T6355] RSP: 002b:00007feba78fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  265.764027][ T6355] RAX: ffffffffffffffda RBX: 00007feba6be5fa0 RCX: 00007feba698f749
[  265.764114][ T6355] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000005
[  265.764191][ T6355] RBP: 00007feba78fc090 R08: 0000000000000000 R09: 0000000000000000
[  265.764265][ T6355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.764339][ T6355] R13: 00007feba6be6038 R14: 00007feba6be5fa0 R15: 00007fffd237ed68
[  265.764462][ T6355]  </TASK>
[  266.054703][ T5856] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  266.064127][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.080862][ T5856] usb 4-1: config 0 descriptor??
[  266.134489][ T5856] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  266.347421][ T5880] usb 1-1: string descriptor 0 read error: -71
[  266.361186][ T5880] ir_toy 1-1:8.177: required endpoints not found
[  266.386572][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.112'.
[  266.478989][ T5880] usb 1-1: USB disconnect, device number 7
[  266.558068][ T5856] usb 4-1: Detected FT232A
[  266.566645][ T5856] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  266.619745][ T5856] usb 4-1: USB disconnect, device number 7
[  266.668416][ T5856] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  266.721254][ T5856] ftdi_sio 4-1:0.0: device disconnected
[  266.905619][   T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  267.085419][   T24] usb 5-1: device descriptor read/64, error -71
[  267.233832][ T6367] autofs: Unknown parameter '«ú*̃ÎmËãIcÏ¥í'
[  267.346271][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  267.516153][   T24] usb 5-1: device descriptor read/64, error -71
[  267.627351][   T24] usb usb5-port1: attempt power cycle
[  267.864923][ T6378] loop3: detected capacity change from 0 to 128
[  268.015753][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  268.019772][   T30] audit: type=1804 audit(1763867852.443:6): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.125" name="/newroot/25/file2/file0" dev="loop3" ino=1048619 res=1 errno=0
[  268.087092][   T24] usb 5-1: device descriptor read/8, error -71
[  268.157119][ T6377] syz.3.125: attempt to access beyond end of device
[  268.157119][ T6377] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128
[  268.205017][ T1867] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.341075][ T6383] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  268.381903][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  268.400774][ T1867] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.447717][   T24] usb 5-1: device descriptor read/8, error -71
[  268.454989][ T6383] netlink: 'syz.2.131': attribute type 8 has an invalid length.
[  268.464284][ T6383] netlink: 64 bytes leftover after parsing attributes in process `syz.2.131'.
[  268.478525][ T6383] block nbd0: not configured, cannot reconfigure
[  268.561176][   T24] usb usb5-port1: unable to enumerate USB device
[  268.584421][ T1867] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.769680][ T1867] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.062005][ T1867] bridge_slave_1: left allmulticast mode
[  269.068133][ T1867] bridge_slave_1: left promiscuous mode
[  269.074643][ T1867] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.093995][ T1867] bridge_slave_0: left allmulticast mode
[  269.100012][ T1867] bridge_slave_0: left promiscuous mode
[  269.107771][ T1867] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.518100][ T1867] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.534569][ T1867] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  269.559043][ T1867] bond0 (unregistering): Released all slaves
[  270.279779][ T1867] hsr_slave_0: left promiscuous mode
[  270.315366][ T1867] hsr_slave_1: left promiscuous mode
[  270.323100][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  270.331573][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_0
[  270.395759][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  270.403477][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.437268][ T6401] syz.1.137 uses obsolete (PF_INET,SOCK_PACKET)
[  270.537783][ T1867] veth1_macvtap: left promiscuous mode
[  270.543976][ T1867] veth0_macvtap: left promiscuous mode
[  270.552410][ T1867] veth1_vlan: left promiscuous mode
[  270.558031][ T1867] veth0_vlan: left promiscuous mode
[  270.835584][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  270.845774][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  270.867674][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  270.881372][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  270.892536][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  271.213972][ T1867] team0 (unregistering): Port device team_slave_1 removed
[  271.286827][ T1867] team0 (unregistering): Port device team_slave_0 removed
[  271.603242][ T6405] lo: entered allmulticast mode
[  272.925742][ T5802] Bluetooth: hci0: command tx timeout
[  273.254229][ T6441] syzkaller0: entered promiscuous mode
[  273.260269][ T6441] syzkaller0: entered allmulticast mode
[  273.358078][ T6435] netlink: 16 bytes leftover after parsing attributes in process `syz.4.143'.
[  273.871671][ T6406] chnl_net:caif_netlink_parms(): no params data found
[  274.435681][ T6460] netlink: 12 bytes leftover after parsing attributes in process `syz.4.150'.
[  275.011484][ T5802] Bluetooth: hci0: command tx timeout
[  275.222528][ T6406] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.233572][ T6406] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.241426][ T6406] bridge_slave_0: entered allmulticast mode
[  275.250788][ T6406] bridge_slave_0: entered promiscuous mode
[  275.367314][ T6406] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.375028][ T6406] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.382810][ T6406] bridge_slave_1: entered allmulticast mode
[  275.392268][ T6406] bridge_slave_1: entered promiscuous mode
[  275.877286][ T6406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  276.036372][ T6406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  276.306735][ T6492] 8021q: adding VLAN 0 to HW filter on device bond1
[  276.463725][ T6406] team0: Port device team_slave_0 added
[  276.481969][ T6406] team0: Port device team_slave_1 added
[  276.736946][ T6406] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.744070][ T6406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  276.773027][ T6406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.087994][ T5802] Bluetooth: hci0: command tx timeout
[  277.123256][ T6406] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.130523][ T6406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.157856][ T6406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.757926][ T6406] hsr_slave_0: entered promiscuous mode
[  277.767717][ T6406] hsr_slave_1: entered promiscuous mode
[  277.782006][ T6406] debugfs: 'hsr0' already exists in 'hsr'
[  277.790823][ T6406] Cannot create hsr debugfs directory
[  278.592620][ T6531] netlink: 'syz.1.170': attribute type 2 has an invalid length.
[  278.600698][ T6531] netlink: 152 bytes leftover after parsing attributes in process `syz.1.170'.
[  278.967920][ T6536] 8021q: adding VLAN 0 to HW filter on device bond1
[  279.189244][ T5802] Bluetooth: hci0: command tx timeout
[  279.744491][ T6406] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  279.857330][ T6406] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  279.960845][ T6406] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  280.087822][ T6406] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  280.327616][ T6561] 8021q: VLANs not supported on ip6tnl0
[  280.507951][ T6565] syzkaller0: entered promiscuous mode
[  280.513768][ T6565] syzkaller0: entered allmulticast mode
[  281.436829][ T6582] netlink: 168 bytes leftover after parsing attributes in process `syz.2.182'.
[  281.459214][ T6568] netlink: 'syz.3.179': attribute type 13 has an invalid length.
[  282.185863][ T6406] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.670296][ T6568] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check.
[  282.861778][ T6406] 8021q: adding VLAN 0 to HW filter on device team0
[  282.951578][   T14] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.959166][   T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.059881][   T14] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.067504][   T14] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.309728][ T6406] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  283.687455][ T6617] =====================================================
[  283.694643][ T6617] BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a5a/0x2000
[  283.703178][ T6617]  bpf_prog_run_generic_xdp+0x1a5a/0x2000
[  283.709213][ T6617]  do_xdp_generic+0xd52/0x1690
[  283.714169][ T6617]  tun_get_user+0x45c0/0x6d70
[  283.719217][ T6617]  tun_chr_write_iter+0x3e9/0x5c0
[  283.724448][ T6617]  vfs_write+0xbe2/0x15d0
[  283.729058][ T6617]  __x64_sys_write+0x1fb/0x4d0
[  283.733965][ T6617]  x64_sys_call+0x3014/0x3e30
[  283.738960][ T6617]  do_syscall_64+0xd9/0xfa0
[  283.743643][ T6617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.749815][ T6617] 
[  283.752210][ T6617] Uninit was stored to memory at:
[  283.757612][ T6617]  pskb_expand_head+0x310/0x1610
[  283.762741][ T6617]  do_xdp_generic+0xa79/0x1690
[  283.767869][ T6617]  tun_get_user+0x45c0/0x6d70
[  283.772761][ T6617]  tun_chr_write_iter+0x3e9/0x5c0
[  283.778158][ T6617]  vfs_write+0xbe2/0x15d0
[  283.782765][ T6617]  __x64_sys_write+0x1fb/0x4d0
[  283.787788][ T6617]  x64_sys_call+0x3014/0x3e30
[  283.792720][ T6617]  do_syscall_64+0xd9/0xfa0
[  283.797584][ T6617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.803837][ T6617] 
[  283.806340][ T6617] Uninit was created at:
[  283.810811][ T6617]  __kmalloc_node_track_caller_noprof+0xb4b/0x1ba0
[  283.817620][ T6617]  kmalloc_reserve+0x22f/0x4b0
[  283.822567][ T6617]  __alloc_skb+0x347/0x7d0
[  283.827347][ T6617]  alloc_skb_with_frags+0xc5/0xa60
[  283.832651][ T6617]  sock_alloc_send_pskb+0xacc/0xc60
[  283.838171][ T6617]  tun_get_user+0x1142/0x6d70
[  283.843059][ T6617]  tun_chr_write_iter+0x3e9/0x5c0
[  283.848380][ T6617]  vfs_write+0xbe2/0x15d0
[  283.852843][ T6617]  __x64_sys_write+0x1fb/0x4d0
[  283.857860][ T6617]  x64_sys_call+0x3014/0x3e30
[  283.862727][ T6617]  do_syscall_64+0xd9/0xfa0
[  283.867520][ T6617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.873582][ T6617] 
[  283.876122][ T6617] CPU: 0 UID: 0 PID: 6617 Comm: syz.3.189 Not tainted syzkaller #0 PREEMPT(none) 
[  283.885593][ T6617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  283.895895][ T6617] =====================================================
[  283.902932][ T6617] Disabling lock debugging due to kernel taint
[  283.909324][ T6617] Kernel panic - not syncing: kmsan.panic set ...
[  283.915869][ T6617] CPU: 0 UID: 0 PID: 6617 Comm: syz.3.189 Tainted: G    B               syzkaller #0 PREEMPT(none) 
[  283.926820][ T6617] Tainted: [B]=BAD_PAGE
[  283.931058][ T6617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  283.941230][ T6617] Call Trace:
[  283.944586][ T6617]  <TASK>
[  283.947590][ T6617]  __dump_stack+0x26/0x30
[  283.952158][ T6617]  dump_stack_lvl+0x53/0x270
[  283.956894][ T6617]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  283.962958][ T6617]  dump_stack+0x1e/0x25
[  283.967267][ T6617]  vpanic+0x435/0xd30
[  283.971415][ T6617]  panic+0x15d/0x160
[  283.975505][ T6617]  kmsan_report+0x31c/0x320
[  283.980245][ T6617]  ? __msan_warning+0x1b/0x30
[  283.985126][ T6617]  ? bpf_prog_run_generic_xdp+0x1a5a/0x2000
[  283.991201][ T6617]  ? do_xdp_generic+0xd52/0x1690
[  283.996304][ T6617]  ? tun_get_user+0x45c0/0x6d70
[  284.001314][ T6617]  ? tun_chr_write_iter+0x3e9/0x5c0
[  284.006666][ T6617]  ? vfs_write+0xbe2/0x15d0
[  284.011285][ T6617]  ? __x64_sys_write+0x1fb/0x4d0
[  284.016341][ T6617]  ? x64_sys_call+0x3014/0x3e30
[  284.021343][ T6617]  ? do_syscall_64+0xd9/0xfa0
[  284.026263][ T6617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.032475][ T6617]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  284.038458][ T6617]  ? ___bpf_prog_run+0xea65/0xeba0
[  284.043758][ T6617]  ? __bpf_prog_run32+0xc2/0xf0
[  284.048744][ T6617]  ? kmsan_get_metadata+0xfb/0x160
[  284.054012][ T6617]  __msan_warning+0x1b/0x30
[  284.058724][ T6617]  bpf_prog_run_generic_xdp+0x1a5a/0x2000
[  284.064699][ T6617]  do_xdp_generic+0xd52/0x1690
[  284.069641][ T6617]  ? tun_get_user+0x4081/0x6d70
[  284.074647][ T6617]  ? filter_irq_stacks+0x49/0x190
[  284.079859][ T6617]  ? kmsan_get_metadata+0xfb/0x160
[  284.085137][ T6617]  ? tun_get_user+0x453f/0x6d70
[  284.090154][ T6617]  tun_get_user+0x45c0/0x6d70
[  284.094990][ T6617]  ? stack_depot_save_flags+0x35/0x7b0
[  284.100591][ T6617]  ? kmsan_get_metadata+0xfb/0x160
[  284.105854][ T6617]  ? kmsan_get_metadata+0xfb/0x160
[  284.111105][ T6617]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  284.117629][ T6617]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  284.123943][ T6617]  tun_chr_write_iter+0x3e9/0x5c0
[  284.129151][ T6617]  vfs_write+0xbe2/0x15d0
[  284.133715][ T6617]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  284.139460][ T6617]  __x64_sys_write+0x1fb/0x4d0
[  284.144375][ T6617]  x64_sys_call+0x3014/0x3e30
[  284.149214][ T6617]  do_syscall_64+0xd9/0xfa0
[  284.153883][ T6617]  ? irqentry_exit+0x16/0x60
[  284.158635][ T6617]  ? clear_bhb_loop+0x40/0x90
[  284.163457][ T6617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.169488][ T6617] RIP: 0033:0x7f937c18e1ff
[  284.174001][ T6617] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  284.193739][ T6617] RSP: 002b:00007f937cf8d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  284.202300][ T6617] RAX: ffffffffffffffda RBX: 00007f937c3e5fa0 RCX: 00007f937c18e1ff
[  284.210386][ T6617] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 00000000000000c8
[  284.218548][ T6617] RBP: 00007f937c213f91 R08: 0000000000000000 R09: 0000000000000000
[  284.226654][ T6617] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  284.234722][ T6617] R13: 00007f937c3e6038 R14: 00007f937c3e5fa0 R15: 00007ffdfc082658
[  284.242931][ T6617]  </TASK>
[  284.246418][ T6617] Kernel Offset: disabled
[  284.250804][ T6617] Rebooting in 86400 seconds..