last executing test programs:

9m22.881403919s ago: executing program 1 (id=1049):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000340)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x10d, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000800000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/180]}, 0x12c)

9m22.697697676s ago: executing program 1 (id=1050):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$rds(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0x4000000000002, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x11, 0xa, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r5=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r6, <r7=>0xffffffffffffffff})
ppoll(&(0x7f0000000000)=[{r7}, {r5}], 0x2, 0x0, 0x0, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r8, 0x8004e500, &(0x7f0000000040))
close_range(r3, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0x2, &(0x7f0000000000)={0x40000004000000, 0x800000008000000}, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffc000/0x4000)=nil)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="93630100200501001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES8=r1], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

9m20.846510989s ago: executing program 1 (id=1057):
r0 = socket$inet6(0xa, 0x3, 0x7)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a1810039000000000bf0fffffe00000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x2, 0x8d96})
shmctl$SHM_LOCK(0x0, 0xb)
sendto$inet(r2, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
getsockopt$sock_buf(r0, 0x1, 0x3e, &(0x7f0000000280)=""/4096, &(0x7f0000000000)=0x1000)

9m20.385338572s ago: executing program 1 (id=1062):
r0 = socket$inet6(0xa, 0x80001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/16, @ANYBLOB="0000000000000000b7"], 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4, 0x7, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
syz_usb_connect(0x0, 0x24, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xa4, 0xd2, 0xff, 0x40, 0x5f3, 0x240, 0x1b24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4e, 0xaf, 0x32}}]}}]}}, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000040)={0x1, {{0xa, 0x1, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty, 0x1000000}}}, 0x108)

9m19.694666583s ago: executing program 1 (id=1067):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000640)=""/102400, 0x19000)
socket(0x10, 0x2, 0x0)
r2 = getpgrp(0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
setns(r4, 0x20000)
setfsuid(0x0)
request_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, 0x0, 0xfffffffffffffffc)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)=ANY=[])
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r5, &(0x7f00000017c0)=ANY=[], 0xff2e)
ioctl$TCSETA(r5, 0x5406, 0x0)
r6 = syz_open_pts(r5, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x17)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

9m19.459200651s ago: executing program 1 (id=1068):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x24)
close(r2)
socket(0x40000000015, 0x5, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x3800048, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)

9m4.210074863s ago: executing program 32 (id=1068):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x24)
close(r2)
socket(0x40000000015, 0x5, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x3800048, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)

2m31.104457312s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

2m4.613348268s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

1m39.887175833s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

1m16.52849788s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

47.789677776s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

15.349726795s ago: executing program 4 (id=1973):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000000)=""/8, 0x8}, {0x0}], 0x2, 0x5c, 0x2)

11.486201136s ago: executing program 3 (id=2589):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$pid(0x1, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
keyctl$clear(0x7, 0xfffffffffffffffc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080), 0x24)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0x0)
keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000002c0)=""/53, 0x35, 0x0)
openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2718, 0x0, &(0x7f00000006c0))
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x20000023896)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)

10.907800598s ago: executing program 3 (id=2590):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000008500), 0x22002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0})
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

9.24744913s ago: executing program 3 (id=2594):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f00000000c0)={0x2a, 0xffffffff, 0x3fff}, 0xc)
write(r1, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = dup(r2)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000340)=0x1, 0x4)
pipe(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x90}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002f0c81087f180002ad6b0102030109022400010000000009040000023c7f98000905030000000000000905c7"], 0x0)
r4 = getpid()
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r5, &(0x7f00000001c0)=[{&(0x7f0000000400)="00214717a707000000000306007149a9ee89707528f449e0d4060a5e31163ceb9d0471200000000f000000182ce0ab6d0000", 0x32}], 0x1, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = userfaultfd(0x1)
ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r8 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(r8, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETGEN(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40081}, 0x800)

8.376377192s ago: executing program 0 (id=2599):
socket(0x10, 0x3, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r0, 0x1)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

6.756321638s ago: executing program 5 (id=2602):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x58, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f00000003c0)={&(0x7f00000004c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)

6.434660714s ago: executing program 5 (id=2603):
r0 = inotify_init()
r1 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
inotify_add_watch(r0, &(0x7f0000000240)='./file0\x00', 0x8c7)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x584}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
close(r1)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x4001009, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0900000000420000e4"], 0x50)
r8 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$binfmt_elf32(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r8)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r7, 0xc0c89425, &(0x7f0000000280)={"90b0461ede3be747a5abc1474dded3b9", 0x0, <r9=>0x0, {0x800, 0xd384}, {0x2, 0x2}, 0x5, [0x7ff, 0x2, 0x5, 0x2, 0x7fff, 0x100000000, 0x3ff, 0x7fff, 0x464, 0x0, 0x1, 0x8, 0xffff, 0x6, 0x4, 0xfff]})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000380)={"795a674e67d7e115ffe78eb7603de2d2", 0x0, r9, {0x2, 0x10}, {0x81, 0x5}, 0x1ff, [0x9, 0x3, 0x2, 0x6324, 0x2f94, 0x1, 0xf0, 0x1, 0x2, 0x8, 0x1, 0x6, 0x4, 0x3, 0x4, 0x3]})
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x8f, 0x6, 0x1, 0x3, 0x9, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x76, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x5, 0x400, 0x1, 0x6, 0x1, 0xff, 0x1005, 0x3ff, 0x5f31, 0x4, 0xffffffff, 0x6, 0x4, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x8, 0xa, 0x4, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x1ff, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x1, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x203, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2d, 0x3, 0xfffffffc, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x10014c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000003, 0x5, 0x8, 0xffffffff, 0x3, 0x3, 0xffff, 0x3, 0x4, 0x100, 0x9602, 0xe, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x12b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x2, 0x5, 0xb1c, 0x3, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r10 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r10, &(0x7f0000000040)="e2", 0x918)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00"/20, @ANYRES32=0x1, @ANYBLOB="00ad6a1177f4c0e2e5dd0c000000000000", @ANYRES32=0x0, @ANYRES32], 0x48)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f022200018283010902240001010000000904000002030102000921000500012200000905"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)

5.842816525s ago: executing program 0 (id=2605):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000004200)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x610000, 0x0)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x90, 0x0, 0x3, {0x1, 0x1, 0x20, 0x3, 0x1, 0x3, {0x0, 0x9, 0x7f, 0x2, 0x6, 0x48, 0x0, 0x10001, 0x9, 0x2000, 0x0, r2, r3, 0x20000009, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

5.142854489s ago: executing program 0 (id=2606):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
pwritev(r0, &(0x7f0000001440)=[{&(0x7f00000002c0)='t', 0x1}, {0x0}], 0x2, 0x4, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=@newqdisc={0x150, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_red={{0x8}, {0x124, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0xfd, 0x0, 0x8}}, @TCA_RED_MAX_P={0xff3c, 0x3, 0x2000}, @TCA_RED_STAB={0x104, 0x2, "f5e03570c305fb7f4041045f7305ef24d98d69ac88e2ee75c08dd4a5922048630c4159f42d87704a134553711a5e725a5509e658e8dd5615187e169acc9ad275ec6df62b00f45f976c1f28661310f573aaeb904d861627b466f681b47e2dcc541670db12a572832d4c835640a16bfa5caca65d76ab396974767030acee8b417617c303daed28830ec6ddcc3bd9008a64d857fd846cd8c54cca8397ad33fe02da5d54aea0dfb995c348e1a5357af17b9aebaa426dea80594d6af575c35cfa9ece3354fe8386cf566297e71b52b5c22bb7e81f5d893492c136f34d27d806527c25c55af4b175e5ad9ecb1e0d6cbccf7886707db6810d73761492a3820a37464cea"}]}}]}, 0x150}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000000900010073797a31000000002c000000030a0101000000000000000004000000040004800900010073797a310000000008000b400000000000000000000000000a"], 0x74}}, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000001000)={0x374, r4, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x33c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_BITS={0x170, 0x3, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '&):\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '+:(,}(/\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'red\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'team0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'red\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xf}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, 'J\xe9\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x26, 0x2, '/proc/sys/net/ipv4/tcp_timestamps\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'red\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc0c}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x61c}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '$:#$@},\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f0}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_VALUE={0x3c, 0x4, "356ca9f48650551672fe46774d0e72e2d0e7ab0bb701f4917c0591a334df6b636438ede3d70dfb1bac014c7ed78dc044527ea863d59b068d"}, @ETHTOOL_A_BITSET_VALUE={0xc7, 0x4, "5b68d5f2e512c419c754fea1e075868ee199774298e1c37c6fe9ea11ac149d6af674d9b3b32144275fa4ef5721cb123323115bd3703a628bc2f8cf7975129722203b48b651b88a28f25be4741ff988e824a4df0b1678609a0f6a4dc4fe7d1f5ce71380043c37f77c07ce26a65e442f17e9cbe3a64f1c4c130ede131b67f29e6c03d719e6c244375449f1e47b3f59bbfa5ce8363b82df39a0c19a29bf4ac628dc97876062b5ab0509dac5477cab533a11325764fcd1601dcbf207a86b11f84de4cd39d6"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_VALUE={0xa7, 0x4, "ff0507df2d22060539c1c451de3fb7ef47339fc55698a1e8a5df3f4c40c005d64dc949f5493de5539ebbd8226138ea68c9e8ecf571dda0a4e0b50a86ae73bf7a0f87d424595d82246a567715ef3a391282d0573867d3ed0c086ea953e048cf1e6d5f14d8f704f392b7b2b9f24350c1ba5c27cbfb18d6c7286934d2324b093c2be92e244bce22d31eceb7581c2ba9064cc86945019312580279776898fadab1dffb1c4e"}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9c56}, @ETHTOOL_A_BITSET_BITS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x374}, 0x1, 0x0, 0x0, 0x20044800}, 0x1)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0xc0089364, &(0x7f0000000180))
write$binfmt_elf64(r5, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4640fd0800080000000000000002000600800000001002000000000000400000000000000082b29c462e2c03000000000000fcffffff000038000300800f0400040003000000030000000000000000000000000000000000000009000000000000000000000001000000cf3b000000000000080000000000000051e574640800000005000000000000000b00000000000000800000000000000002000000000000002a0000000000000001000000000000000200000004000000010000000000000001000000000000000000008000000000ffffffff0000000001000000000000000180000000000000d55f9752fbfeb2bed6e2f12fd20a84d92c9713139527b8afa02ceed6b41f48c7c15de76a4c0d189e7d57cb7f832ef0af9872a06a27877004c2d056f390dc6741fcb48a07b3d5f3e08405812bb02236ccf71fd9cf647d255804a275effd2b262d70e312513f132ee1d9c78086406bebe1e5a79d900da837b13991ae40846f7a864481adc062d83fbf777a077888a444e3431a601f293292f33f4adac558675caf7d222f1f624ff386504b38722ddb3d72c08ab9a3cd0e8701bfa87aed43705e5107fc2bbe1ef6438420e8f4c64c1a1e123497524cc23bdb47fd4e40041d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea1700"/3013], 0xbc5)

4.76993558s ago: executing program 0 (id=2608):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
socket$packet(0x11, 0x3, 0x300)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x2, 0x1)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000180)=0xe3b)

3.641187619s ago: executing program 2 (id=2610):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
syz_emit_ethernet(0xfc0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd600000000f8a3a00fe8000000000000000000000000000bbff0200000000000000000000000000018000907800000006114b915f4a5275708a7ab51c37246d82519a1f0e5b9f8c629a915c4268a99b14fa96e47de4fb2ca9dfd5b23bb6d0bb2afd005b356906e9b4b1ede533c40ea982b37fe7b1fbea585fe78c68f0063902c9b868af690b23f8db0917f1c3d77a6b6b4eba68cc01c895a6a5b5b6f3006c3baa1fd7ca856f3d537f660e0ca8e84683369183d903bac26eaf3971f7750c7909baa62e02b2cb5fa6d058dd541ea535f363e08785e488f2a0cf775b49d7f7d9624777c79293b5c7387db04997772f28ec360e7a22955441b3c1e0e05a239643cbd654c5809536cf803f92a9855608aa1bfe24123f2b178b88c9ea632078553ccbd96398446cbbb6ab068e19c521010555dabb8b646caf1ba08deb2647544fe076e68b161708ef2ba72b4f113e76b7e7d9fd574a01f1196541e96aa58d104aea38900f84b0e2cb9ef910b0fbea13349a7237bcf012c5dd1e6427ca7d226fbb060bdd41bf90998c517e1328d003b496fa1161a347d4cd9bd65c3030266e1838f9ece9a9736a003a136134f1e681935ee73f56b66828280491e5a352574b001ec09b0dc73d0d313e44cebf877f708373d04d0b0a54be236e46d2a3f6c562b31de07c54a061e36241540b334645dff78b3cdcf4c9486c33518849a5157e3987207cd0b9761bebef7ee1f9c7010ac94269de3515db8bf5169ef608fc2f71067a6377c7713c69ef5269db06ae405df7505b06c447ea23763b0c97d110eb36adbdf0fd7db584f97ed4b05cde94fb55502b380df2b5c694d629cdacae68054809af619925bca7e7a2ef68bf1305bcd0c94f8c931c1824249afa757ef2af3ed540615261ea697a3b557d9f68ebe32955a4922291e41c29d31edbec01c1098dddec3bd9037c62fbc2562f6d2739f6c18c69d6c2d40de6808df14efc66bd4009a42238641a123c56129e922eee469691388b100ec7424e8daeef081b97a4b54bf07077bd75990574babdca476722dbbbe889392d884cca0f092ee52bd7fab0e8fd39e064c7e7fccb94cedb70a407b0b3212721cda3b2613d501ea6b1ed903238f880d6bc7299db43de3ec07545c660da8390acb056daa7f9c14e77440aab7e0a8a35ef2abe4e3c0f7db72c024515815983addde5dc338c2fa68ed316631dbe755679e66e03e4477b472a0df94eeb41118b9e12597d9849cee613ba7af089fd69dd491f8c586c7fb0699156b1208581c904f74166a73ba5f5dea705993ff5d60971aaf37298776f3240dc0e06932d111acb54a422b300d3adfdb37095ae10a49c4f9cb3c1fb651d6a316fbcedf6776e3bf4b757d2d651ce2d68d77bb192151014b4a746171aa5840d1e487c599aaacc864fa50671cfd73d4d488859a1a39852022900c1321972f63d790968f98c0ceb976a9197c7a31d9d65f4bcd36d55485a07ff2145e168b17a9f4a815deb80ac18b1a97cf4a6097ea42f0202ac0747e8bd263c37ae8c2dab7b09dd2390cc503df2c3e982c12c07b217857bb009b44cea2a00930acd59b695aaa71b960cb40f2b1ec93f98e2c5a419c0d2705dc803024a1bb31806028920efd4b3bd397d95819fca5b602ea525519f57a327a49eee823171b776c1e73fe45dc09f73b3576178d4f02c5a9ce201654d3e04096aa9bab5fc3359247bb63d476fa8bb4fed1b30a8b3cd75659f2847dd138942052be43ae0a5b5437c5509b8bd3fcc0982e676e39c763f66b846cad8fc36ce572cf9347d1ba338aa738a7e0aee32d3ffa378f580db9a5ade6b00c3954000f2832ec806cfb6cd1590baa2f5b2d9e074b00386ebc1b3ecd9929210300d24b73e298f529df58f36f80921203a6a400ef25eedcd49142922a4a5af756436d9f7ba8437c24e68c70026effcc9e78813037dac535720adbcfd9e4b27b4d8700c18d2fac6c247fa44426317491554545e805c9f1130d20dca63249e43c4b65864c8e99602357e8740ffa95490505863738dafd55b53a7e303048bf46454a7c372708d662d46c9bb7e364a46a5400be6e5acc8862e1664f8a6f60ebef836d434d6913e8fcf09680cb9a51dabbe842b81ff43c3f3d35cdd05bf616eb93abdbcb1f46334abb18880b6d97380b010acb962506b690f333a00c8ab2cbe04fe17ad310bc2dfd0b3140da3917f36a97b1fc2befb5d6b23f2ebb5fc46240909471175cb04a80ddc877f387ed7c4018d39d9274ab2a8c45c710bac37a05bbc47ae289109417d5c3be6466eedac7b25cda671a77ea8cf35348e9fbcdb74b398918194918aa6b169716826c576f516049e6d6d95402286b71c7c24adc8a65df30d943ebb5dd202b05fa1be371af6888961d6f151e303e0d1c6ba9202cec532c293d6517c60158b122a856408f3ce2d041eff31ad5d581d18a8fc3afad8e69d0089df8806b0ffa67f38e4f61a6643c1a926c4fac0f523ab44fbc84c9fe9ab83017dd963aa7c200c00eb97714a60363018e57b22fda00fb402a85e08eaf88bc99fda4df3ae1eaf8e6f737addf4b5c4de85e27fb555f5a1b47d2fbecf44b5575ff59c49a466a0d2849f714fd72595a1fc68855f51c9330bd0b28fc3fe63d4f4162ab9d303b123818100f056a688c7dbd8052fd22d32803b147dffb3dbc74987075a90ce6907e77e9b5364fc946f72a88a43523476476a6a1a616cf854e77963cea897ae9e7ab9f760af476f19193cff9f66152dcea8fc6cc5619d2cebd2603d9a2d38d63a282bdbbe65088909fac9cfeb22bf5dbdda906393376681a611c4f06d792bd2d7a2ba752b18de6b44353f1a4ab54a9f34dc64305c459069b604e5c96760edeb7b5324be0c42463147d3e0e855d791ce32c71e0acfe15b3f3e554d64c2257d3922e570119c1b30ef27c3682fd610451a58da93cb78159e8aded69aacd29c7e1954e92b86df434c3926dbfd5b740ab32174251bfd957873cd2ddce5f610b6a3431b03be96407b631843b53c4774c63b668d66018feb90342b566e34f399dd04477f5f3e421be53014c07f58c9bdb0d5b090280245eabf454fb190b697b1948a63aa424b1378f7e9ec30d2be3d645ce270d6e92d62bcbd20521b51ba98bce6143ebfd8ea7ac80048e49ad87edc6268d4aa7eb9d1fa10f2f3a845e46f7c677da353ee488141cc05a08c471d07dbf50be6986818c5402d489403190ddb9d0e574a885b92af67e0bbe64ea0d0fb6d52c936df3c5e57058fd3fcd933159813abe8aee34a92dca91dfa67bf4732247a68e024afe77f3e8d2a45186ae9ffaa062f5ff0cd2109d93a4ab0f994a444195c56f96078d9490dd7cbdb0c98d90f87815df2e317cbf04627fe810fe5178d13160ff631c540bb127298e8d96c023b4106e74e132e14ab1690ff5e0a121f0c3212797c5cb99c7400f2c04ba3005876d6b8be59f97a1731fa87e55b0f1d754632b2ff37f3dc2ddd4d1bc507bae74f05c7d4671e30e622f96bae63ad13c6dbe22c939decb842713f14fff7c8b323abe45f8536f2373eb166386d4e74ef8818b88df9bfb9b11a9b59b39ca339fdf473c081d6838cba8413220f25ef74b7ae1c550c7a032484183157fe75c87ee7d220010d959b8b9f7108673a156a985c06d4fce484366a456cbedaf66fe0837c0dd10c2292f394b3fc52a1f56aa509b05d9f291af4bc79fe24aa8539357fdb1ab0998a0d81bc43e4dbcbfe081a19120d536bb9f8dc58efc016dee9fb160859c04e3b65f1d53b8d2f54aab0cdaf8ec8d701306b6a17172c696c09a7778ea59de8e8e8bab805aef895b0a2c8fbe0350c85cadb56d24ac2727a6ea0322e90ff59283cf95a3d4369a37a0edfeb738d972820fe9d8b4c3c9aa384bd4c2389563e97d86a350fd6c670a13338a1af8230e428dc74a304ad1d360ca3c866b3ab222c93c4a019ce4f3f8d4a1c5c5ce66c2b938c252ec732fde53265fd906d4185cce310c7d2ffd7eec861186344f11cd1c775106382aa9fdd70fe6f351d2ad9624a085e41a2eb43784c01d9be33b53f1cc274810fc32bd8e7179dda2d1c1417e223b2390cc96a7bc6294b06025ab65aed1af16629ba8194f8604af223203a220397ed16eb406904cda3c507d20ba8bb9218106f1908815fe05ab5603c17d4e93ef7f4a633c101da729a7707fa8a75e2e2c13f9e328d2c02160ffe0f706ffaafa0c6bb42a55ed963d7303da689465fe65a2c110e3e40ca0d714d399b68bacaf25e0b7671942239de92338baed2986962b389b449aaf77667215042cc5bd0aca2a1427b882835eb79bc6c773086baf9603a917d3cb139e74c814f7681264a39aa0231334e7475338f066504624b1f8ad8f0e879f7d7a2b52b6a8bb41a5ad484051bc99029340e660a25136335ade6836246b0bff7e7595a783d3805b3f4598d68dbbffc72758383acaf6ba4585f413e243dd2986ae7291f77f6ca4ed01f33b1b5cfb699d8384abc8f2a93ece9632b8874386e304a1cbf3d4e88030d0b7490e69e2a739b8d7deb14a3f1d4ef695c8fb9c953e301a503d3eb1bce2e13762ba510af18619d594ecb173a83d252e2eb3c6d02cab9d8c8961118d23f301ffdbc682f5afd6286d15d79a6bbe2adda69ef136b98a1ecd44d72c48da4f6a960f41adb40e0f158269d3192b22f6dd048d87dfd99a782d74e0052048bbec47fdef29e26ed27f139eaa679aa94258feaf2f08f0635ac389a5a534c110080cba10888209843132f2f8051610db18bf2da2de852fb83063500f16d9dd81314285c1f06fe149a2f84734484980028aab8cb82220f513ff9946f4b21a13db68192e1d1a2e8cc83c4f020e35f3ce7000d3f58e2b115104f827c45c7fc5ae3ea99ff280321078d05eabf40cd71ec0803b69a8addcc3f29d002619ff5ab50a8c4fcbb8fae1d8571a69bed051d0d6f6e4eb2451a3415d0e2fffeca09c7c714cf5f109bcdc57602265f719ab7cfc409ff15e5750537f2086523c2720ed2a0d9ded98616980d1780c3fca9909693070f749fff3e6db05b7f90bd22a230f7592a5e94c83e6be0b94778ad396e3d1af45f2c6762ee02266838fe0d4754024829e743b70572c9865aab5af994b8af0bee7686f093b45650da2089fbf69ce4782b49d874d3dc34a688b8ff9d2548b1881aa28952d0819f8da6c0f774d4c102b0f5bd7f4ca9f92e4ca96c49fb422ac8bdbf97d5ccbce696441dc172a573ac6917bb02f2136a99f4723c8599166b4c0d6efc0bc1ed10ad625eb1088bf04c9b7f38b4cb468040ee9f3ed125cc92abc15d126b2fd455736860e70d5ec495e46d856f05368ee5457c93eb53498197cfb463e1ff11d05e8aa387b728a28b9b97dfcb01ec84464e9ee88210ac83ee034e360e9b508bee82cb5a05016aa63a8d4f8c913b97dafa906e2d52e3dc00903fd6833f8a46244298189b914dcbf5b57a77f24706b00577fea6930effe2d168580aa9dbd4a6a38dff9ab24d32756e16f29a808cfc7eb3032be63c154b6bb5606aec4fc381aabdfb07e1a4240c248651a620fd97b2db1e2d47174f60922ccdad1f660eaca829a052a4dc94ec1fdcafa1f534dc841b0ad19755985eee1e65b50586d5a22dbb79c8b47e0544c7ddc438099f4c6b3d7a0bd41ed5166dcc685cc5a2bb74c0e003d0b4f3f0390b71c24d2265c5261b0d7fb3a8e5"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
socket(0x2000000000000021, 0x2, 0x10000000000002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
unshare(0x400)
r5 = eventfd2(0xffffff10, 0x1)
r6 = epoll_create(0xe)
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r5, &(0x7f0000000000)={0x10000008})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x41, &(0x7f0000000980)='$', 0x4b9ab3bf308af5f7, 0x0, 0xfffffffe, 0xffffffff, 0x5, 0x71a8, 0x0})
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4140aecd, 0x0)

3.512162168s ago: executing program 0 (id=2611):
r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0, &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000240)=""/4084, 0xff4}], 0xd)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x8fa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x200000, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x4, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x80, &(0x7f0000000380)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x20, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r6, 0x0, 0x0}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240100003b0007010000000000000000047c0000040000000c00018006000600800a000000010280f90014"], 0x124}}, 0xc000)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0)

3.26315623s ago: executing program 5 (id=2612):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
read$FUSE(r0, 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

2.964773427s ago: executing program 0 (id=2613):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000)
prlimit64(0x0, 0x2, &(0x7f0000000040)={0xe2a, 0xfffffffffffffffd}, 0x0)
brk(0x20ffc000)

2.852564024s ago: executing program 3 (id=2614):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000008500), 0x22002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0})
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

2.648609324s ago: executing program 3 (id=2615):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000004c0))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r4, 0xee00)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r2, 0x1}, 0x14}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={0x0, r5, 0x0, 0x40000}, 0x18)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})

2.534881031s ago: executing program 2 (id=2616):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x213a, 0x4)
sendmmsg$inet(r0, &(0x7f0000001980)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x240080e4)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080)=0xb, 0x4)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f00000017c0)={'syztnl2\x00', <r1=>0x0, 0x7800, 0x7, 0x400, 0x0, {{0x6, 0x4, 0x1, 0x9, 0x18, 0x64, 0x0, 0x80, 0x2f, 0x0, @empty, @multicast2, {[@timestamp={0x44, 0x4, 0xe9, 0x0, 0x1}]}}}}})
sendmmsg$inet(r0, &(0x7f0000001840)=[{{&(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000001740)=[{&(0x7f0000000580)="633c4c00e5b6e810b396281c969e456d310c058731236223244ccda4845cdb6cdb482f622484bd3d027a928b43e4eacc3bd3cfee9a7a19f4eb7229d239517dbf279370d6182c81155b138d03266a2592dd53b64d6afcc7bde0119f9ae3b1e09fc15324879ee066f784f925395be06ea19a75d9ad758c59b32da3c1ee044768873c294a06fe5bcccd08038077f17d7271765908bbf660bc862c3198be082f8e4da3e209ea9e1a01c3e534f366f3eeb2dc226c62819023ae3519f0073211699881d2e2450e625b1fe8c4414ef09efbfdd3018353791d9755e9d048c161351fcd31e48bfa4f0027972aa9f4db1ab292b346ce249dc8ccbaa5ea195d3774563aba8bcad9e3d0380a441e51d7b3355f013f28a6eb26c7b5702f5cdcba0c5bb77ce96093891c28fc916ac14c1cfe6085c75b8ee6198efaa0ff794a6df225c3e9a65fb49c30d79732a41a5685de4d709597168c2f9d504479ce268fe4ebde51fe0870a0a390f47371e6386106b705ecf7e7900ef43003145e366ce79fc0bf10a0e3356d5b8e36a86745d175ba25bc86958c7bb20aabd482d11853376f553b796e0e62a2298973a6478a6495174886e9b7e599003402ca0680ad31bb512583131dc2d4adffa9f76543ccdbccd46e36a65712efcbb733b01e69ba3c90c4f52122a972d549a8bda49007bfdc42287178931df9c9d0e60fe84a2f2f8baf77ef156007343ffbb708a752f138e92e74f1d39a0895a68cd659d19d6b8f59e9e17ca51a81fb925a2d609cae23f01a69148835225a42277a142817eda0e61b9a1469dd2e53e6882c8bb2d8cf52404fd143f4af621f32a9cc9b89cf8d2be1187b0a14fc276288cd79c87c9d35fa62ded9260c0774ef4475a2ada8182696d30a5dadd35b8a48d2536b57239227981b736f62324c03f58ab070402b7cd023803abce8e4f8f6d8134ba2457b81edaf532eaf4afc5862e394a13ff6dfd7dda30f4744a7b7e36a9a97845b54588a68e6e6a4b5b5765fdff48b646e22d8566cf29d7f0870955c3bedbf9a2bf5023aae7936884494446d139f1be44ba3b0789bf1c3460873c03081c3ac466cb3eff9876430f371e46b55084fba106267198938759f6d031e7c23e503a016786e1b6733f98b771e2a306c43157fcf94de80d9b94578d9eab2d5ea6a4227730c060f7717153810c58fef848fc1062c5751287aa589f72a692f7a69059dd9be73a67f5907976f006953be495b29a2b07365ef4353a62abebb943267bef1d9a4082bc9d114b701945779ab34e151a4603985e51e33271266e16187f536a9543e4ca017c3af743dd7bf9b35548d8def9f7b4096bffbbbd5e3129a294d566a543544d0ea5248c4db704dfcada3da512ba6798c576de99f53ce43767487ffc229f8c0fd5881bdb2c3123a2d2c1cf2c76972a4d7ca850cc7cd6df799cfbedb2101be0dd51756c02555595e51faaae7665dad7b6f7df67a3496ec4497677f73cb2368100b5e7fcd04506c417254237bf7f26cceac1e3ad1ed361c3b144b5215b6eac877518311e07821bb015c2a6908640cf8591bee59a647a1e888b5a4508cc40101e45ff87b6cde73259f5a0315719b436694cc771dc597f159e1e6f8d8ca57bcfdddd3019d6743c094d343c955c1011954b83042b772fad39ba8c056da87c7dad1ebec5db5707377e3a9d611ea14685221dad670a4ee918db9e1d3975db7155b6868f7ddccba5d9aaf091ea19d3d9ae0f6e2ede810e91bcf391e205837ecaca597fe9d1e7f060413c23075c3787c8a729a38eb7a28a43dec80fb1e2623f406130cb72058b73460f57cb7f3f232a170c341b4edacf5fad06d9a00163465447eebb901d4fae6dd60d84ca1bbf64673fe30928ae861cb716a8459dcd7cf8f113a911e62d1e7cdb307757bb080815ef2319a366c28ca1e02a4bf292fc28cab2cb4ab79ab491475bed73a12ccf30aad9f46d56369fee930f10b4c77431c7ee81912b1bcd5b034ab17500f0f8312523ced4a2650db5eadbbe2e01cab46a92d3498e974255ac7a859ccaa0b982a9845e69c8df331221467033f689ee013243f1687ee26c6c75a2f783c5e91f60da01cf3865ac6cece573b3172e41c55433c85608f173ee822abbefcc8eab026b2ca543989900cde1ce3bb51a6186bf423b86bf921d0c8bf3b50ae299de215ac1b3073b3b0e3a58f4c4edf547309430716e041489cf6a507119f3ff4b9d641ba96aeba0fb66f2565455941e385302f1cc21642f5089df7f08fe36a1e7e357dbe8708f3c2577aac36f52c56f49480746d157f3e5d80f4efa80b837f8b4458fd1d7a2a6c73128a6226e928408eaa54c37fa933727e78c2afe56ec87db63542778dea9740f9df0b7e8069f4ea05984d6c4a23cf6568f3d8129ea25f6f8e33039c1e0771123699a4e1ce4148214fa06d92934dcfe9d1ab9d8fd8911a8fd3e1b38d3e3b1639b0b2cb54ba933f77f40f2db773dc0678e74a4357a4a2d0f4a2743279f0990d924762a96bf719656230f69b8659e709a4db006362f8cb7a992cc51dfc14ca35a37f6274f2a395abf59cba2a9bf77fb38e2bc90c4c0d872a1a99b20eb94d25b87e7ee37ded87f5f9af2910880f5fdbefe5a6bb5b06230264d847e898f26092858ebe7f7b3830db090c0e5c6ab678ddad2ce8c86b8664564ee48b5489fd2b6007b2e0cd4335a495b778795cb1f2fe33af90b1f2fd4363fbe30f1def82a0653b9f79e67da8543acecf93ef21b99b5465ba275134712ae05150c19e0c0ec81ccba52d579a8d0e7fc66c7e7232f32dcce0931d3fea441e8c1756bedf26db805f87587c88188000f8d67a4b81df2d2bd15bb9fe52c263872a6bc7ea8f441e3d3a852f426531719333034f8bd68391dec099c7412a30d6cfc5bfc2bf2fda0234b0f12cf04069f495840d337dd99464fd0f380a4c2b6e883abafdc42331fb4b21a9979ca7158590da1b65c35b8c7ecf64fc8aab190e9522650f33b3f57814c0afc2292f286f37c83a2307beb57f60538d1618fd7fb08f483b73818a32aaf17117d2a95160dccc6efad3b336a357959891130ca14f4fd6734b4643d5ac324f9d6c89acedbe4620176288bc3cc7944e1f9f637b7d9482847498e41e38ee11259e78225d587c7ecce1a81f0da844561e817bdd9c0a02ae4c8a35190245f8c2ca3010a8f64d072fc94c6b07b558e56834ea5a2993f9d6f44bc7666fc1543180c357bb15699bb3de5e41e4f01e55cd82dcb1696109eb98353d440f359272ddbfda1fafe531abfddbcf12a4100de111609d6d958180dafd9cdef8cc269f9d065e8c21a3382571bbfef6c343cef975b9335fb2bffeaf0f84f258dd347ceb5966cfbff7bffd091cf37bb800197f7495e3ec149a1996ccce0b29d299c1069da0ea7b9c5c68584bbc7de12482ebd01f7627edd48d689685377d29e9187c82fdcdcf55664ee5b6cc8b2033ccc3fb4040f3ffbdbb5efc477892947aa2273a65ed9584af2d417f31e90a3c14febca574ed2a474a7cdb1755cf894145e95346ff6ef13498e01baddbe44eebd0f1812fcbd17bbf5474bc2e445786fefa2d0db066eac475d4ebd54f96c80ce0539da001343f5444533a5eab20cf90ede85088223641e0f3d991a4cd3406374333c34bc4d5a210e40fb207eb90794febe81fed9ebc67ccc0373b1dcd1cd9fc63151cdef1a3a1ea1ee58cb8f3fef224c47e627eedae95e304fe529ced452ef174b663eb1037cc7630e9609db859c54b47245287c6d94134c4beee484b0bc2bc0f741d681dce391a797ee09a6ba06297e7eb6a5f3ce99543a82239f636ff332d4d02b9c333e145585a4d25ca4a7061e699b65532d32ef3356b137d6a212676a101cb43dd4a4223a314e403bb58982f69bacc5c392f26ff20d538bc93adc1a72f660db3e426f9351149c931712fb97d349dc1443dc872a07eae0ef1e046da3216cd1f1190966da2b159c4f38a39cb135d8f64c836841f6c2d6669f2b28008794c0ebacaf9a830de8636125b0c826a3f09e58fbdf965c61b9ad3ae3fc3b0e2de807eb5358af554144c35f52296466016b0f1afdc834eb2f8d36be13c47cd5c9aa60322bf466f0b046266e0afbbfdf730c627b2fa7321a3aaa9360a091083ea04c3261636f698d4ba5294612c84c9cbe6bf59ed6dea8ebc6b407906a083d391121e96deaead2d355e4f7607d5f8f4e50eb71fa5dfee401f3aac271945e4c8548c556251b76fb148c3d72280ad9701edf582cad46504e3e7e20e1eb0406b13a354ad4bde4f480a4e9c260da9c5242a33f924594f26306723c60567af171627fc459e686a853f7e08659f3b696dee27be6cc69170464cf583022761870573bc22d550728e216dab724ab378e34509085091ba91f80d10f81621121f172e08e867b82ad9d710edc43642daef476b6e080869dc7aacc2e5f0df188a2120cb722c0f6df7038e4fdeb78d073c26a63fe8689dec888e53aae27cb1ecf73cf7857df0042e73faebfebf48c3b38eb9e912f4a1fc39f0ab4604d5b2ffa07b8acf7ff9a0a3c74ad575cc5e8e30a7892606be9482c5b6d69cf85c9c5cc319634dc8a3c23d22d7836e8391f0260c966b9588b7fd3d8e9fd379b4d97d48f37c889611c8f8a3c3aa05f6e83c83d21d025c8dfe4bac0c763b3b98b53d8b31a091444946a0fb245e60462713135a12ac7b21538c7a618689e3de54bd9c596d713ed1b2b9d48e159d5f6e92d44e918e1926160b64425d0beb8c8f1dcec75094aa921feb3477f2caaf80f7c845dc34092e286bdb50885ec2669b56ec1e15d95f64b4f0e9e128b1493a1e37fb8c3c58529391724e14ab053e406dfd5bccc5d4fe23bb6ea51958c0f0e2e9fb42584c53125b372209970408e72f0d1402b8e46385645e873df9acc2d7807db8a5e0d0f929c74cd571ad66c65ab753b8f9b2f81b108603136a634e8cf01d6cb9f85b3ecca860257f44fd84a1ba6de9fe3669f6b293d0b6cc759f993ae74251c6eaafab7251034610eac29592c38a8303f264d2ca403e5d7c632e821e3e1e94d21a47636bc18fef084c1e3f94e0331680eb060153794c59a33a997142b613df45300b2d4da1314960516051d57c0a1f2a42f8d93179712845c74cd056015f98d76e6c17d29f30d0a0c9b059a226c3d3d946ef754357d0338f1bf367b05a070404c0715d93e1c504f05a56cf4f70b601afa742d932dc54bbf3f9538867281391df8b7c3a704749d73351eb226111819d7bf35069456a346e5639389fed6fa059e7ec13a5a89ac83f4dcfa967b4ca405cf76468c6c1d941516df63d1f93d5c7ae57474991b0a817c22ab9aa4bb62adca5fa0ca33ebb7d94586277ca7a74a5e9e1e3ea35283f75475f70b587933b362133fc0cef845d72f27fd0e069bc36358bd45879bfc260fbe7c7838222c205e4f4f430ca77e4c02edaf33cd1f0e17cb7b7b684047cf7286010b8ef2cf197afd156e758f90a8876411ebadf721a59f498260f16127e7bac4f7bceb54412f8dccd3d9b318cacf84872317519e76aac7d00870afaed594987f0d3f1871b9554ee3a3de658c15dcbcb051f97b7a92ee5e5edd0249484f5d3684c026bc6583cb09353b4a3aeae53cdce1ad969c368c9dded11917965c0cf847273929f4aa6c29662530bf6460502ed040d4fb9282ef75bb0efe9775884a1c118556bb49f82a1425dd343c40a230c1d8fd363856843126b3b9814d7e85359f75016b4b761f97bd261a4b3fde39cce98aea4d4ce9d6a624a6bbbb3d9d8dddde8ae25bec8f07e472f16ed8943ce0b72dad3e7fefa", 0x1000}, {&(0x7f0000000300)="afb22250aded8c08438c20545a373955919beaa1b6ededfa2e8af817dd2d8ec62b7ff1221cd208a57dda79872fa5a207ac1d7f1c29027ae449bbeaacf832e3c63037fa620fb579f017b9d8613ac23826ff8cb01608f501efadc3d449772c208dd80b0119831764eeab6cfd4f80e917fa0361ef0dfa668c5d274dda744832122893b1f3eb8b121bc5256dffeb7a3273c16b04b1e56bc0543613db43a721bb3d0d72f069570fb7b76395ceca113f137efe47cb66f1991f9b5ed49d6d105eadf20a086a71642250875d7c64d9ab97d75366", 0xd0}, {&(0x7f0000000400)="358fca38bc9e6184840bf19999684201fe9aeaf741763376e3219e46d11714ab18ab3e40a39fc2ef762bbe2d9dda05de9be08a179c2283ebaa29b4dd3287d98fc84bba91cac3c12078b6d101b4ca3784cb85a022153aa4d1588792b5220162a0241f29c18d03efccf858100e5e3de2a85374a3c23d4544a3b2307a54a6cb142bef93d92d5db04694cb9e0bb219a3b644679a0c72f8170ed38c39a31eb73ca961e9717d21ec64ec8bb72ef20370ef9c87ff240ce5080977c9a9298c450b", 0xbd}, {&(0x7f0000001580)="8e1d18be140e989f7504629d203f6b8bbbe0581a9ebe03af342e3d5192fbad2e4fb0d114832e9bee61c8e94164e3359c8b851d146fc620a0d9d6b6eaa39d5c1e1513d1a3552c973e426effa03154840e379b509abd2f12f324cfb1b330fcbc4df844a0ece44683832f0b5095a18207fe23702fdf01bcf42da415ad5f6ffbae48a3a60497342cf6e671126cc6496d1fed67b09f13881bda76d8dab04dd3156eea82af216ebbc3de78a0f5f1f5ff8dbd157afdfc07aa3b28ad94e8d6573e752a6bec2280159d102d439ee5174b0458ee65d9dd20e270e9d09aee02d86043b48e58fa558707a1831025b1bac76a4a372e", 0xef}, {&(0x7f0000001880)="7a229fc7de73ba5cd1fab08d6eb8b1029ff12ec4f323c1db0d537542ffc2fe449608d5cde7f9d9373c889cacf18193b1e148c761934d27614fcb2a9dfdc6b26614bfc0ef2b00040000e345c5d34296f1127a3cbca195e80be9de7d559047a9272f97c9c22b82b975e2c10b36056979f7f087ad9973b915e00cbf262065135db0fc0382b31095c3438a4fdd6de9f897420b8eb39f2a058b5208b768d96d136bf32d61139905a17d4866d339c62b557d32e95bb2e9a05f81c9744ab68b", 0xbc}, {&(0x7f00000004c0)="856ca762e5ef3ac19a3e3bc30c1438d5c1b83ea0a66c2b9ed9531674324454c64b77391c3720fbd76c52c349d2dde8b6b0946feaa6310a4950c0048c2a7b385add9b779d41455468ad436fea6bacd753eba77c07258e94d6ccca6b2f379236c22d54c4dc377367a654", 0x69}], 0x6, &(0x7f0000000280)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}}], 0x1, 0x840)
recvmmsg(r0, &(0x7f0000002100)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40002110, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3e, &(0x7f00000000c0)=0x6, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x1f, &(0x7f00000000c0)=0x80100001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}], 0x4)

2.1029667s ago: executing program 5 (id=2617):
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000280)=@o_path={&(0x7f00000001c0)='./file1\x00', r2, 0x4000, r2}, 0x18)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957608d76f41f5d09556bbf2b1a2d89", 0x0, 0x0, {0x4, 0xc}, {0x6, 0xbffffe}, 0x5, [0x3, 0x3, 0x8000c, 0x1, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x5, 0x7, 0x4, 0x81, 0x10, 0x80000003, 0x2, 0x6]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r3, 0x40045431, &(0x7f0000000040))

2.096661209s ago: executing program 2 (id=2618):
unshare(0x24020400)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f00000003c0)={0xa, 0x0, @broadcast}, 0x10)

995.448439ms ago: executing program 5 (id=2619):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x2, 0x3, 0x0, 0x4}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r1, 0x8004745a, &(0x7f0000005280))

988.431754ms ago: executing program 2 (id=2620):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
inotify_init1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x6faa}, {0x0, 0x0, 0x3e0}, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private2, @in=@remote, 0x800, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, {}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x1, 0xfb}}, 0xe8)
close(r1)

509.192601ms ago: executing program 2 (id=2621):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038540000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002800038024000080040002800400078004000180080003"], 0xe8}, 0x1, 0x0, 0x0, 0x404c005}, 0x0)

480.314251ms ago: executing program 5 (id=2622):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
setsockopt(r0, 0x1, 0x8, &(0x7f0000000280)="7bc974a9112e73b761061091ab8bc00b2981eafb6f6d528ba0fcb8d564b7f196997c128c37b241450c643c16671befc487cebd55f07739c3642f6388feb18735712de899ee81", 0x46)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'lo\x00', &(0x7f0000000040)=@ethtool_drvinfo={0x3, "599db6978285b561cee1c085e11246b5d85e255df20d388f06a68cba80097818", "9f45acbedf46c701ecab4fd2a41765fded8e390fd6c30c185e04a131554b97a1", "87c5061d1f020000008f21f3739163c63b21dced2ad900", "6ca76acfa37bd486091555378c89abbcf30fb73b92061339b9708fb935a7b8f4", "0b8ac192e08e8d392d99a673ec55b23a60195e46b8413ed03800", "0000000200"}})
connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x6, 0x0, 0x6, 0x1e, 0x0, 0x70bd27, 0x25dfdbfe, [@sadb_x_sec_ctx={0x4, 0x18, 0x3, 0x9, 0x18, "f129e4d9448901967e876372346900538429cd1a88b01d38"}, @sadb_x_sec_ctx={0x10, 0x18, 0x5, 0x7, 0x78, "68cc89af324d9faec51253a1a5173de22e87dfabba268396d9aed2204e5688ee1ef86f1f517aa4dd1a63648d9d75de1e8a2d9af6a061b290995c4137372ec05c6843d432b5a85641ee61faf1531edf812ff944fff5d9530eeb10c12e607cefee1889a40e7680a0c8fbaf6e2af7b5064c2c8f162db0549fbf"}, @sadb_x_policy={0x8, 0x12, 0x2, 0xc9d016a5ab8ecd4d, 0x0, 0x6e6bb0, 0x73, {0x6, 0x6c, 0x3, 0x3, 0x0, 0x3, 0x0, @in=@local, @in6=@mcast2}}]}, 0xf0}}, 0x800)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

255.092304ms ago: executing program 3 (id=2623):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4884)
r1 = timerfd_create(0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x8, &(0x7f00000010c0)=0x1400200bce)
modify_ldt$write(0x1, &(0x7f0000000080), 0x10)
modify_ldt$read(0x0, &(0x7f00000000c0)=""/4096, 0x3000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
syz_open_dev$mouse(0x0, 0x6, 0x507900)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000100))
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r6, 0x80045017, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000180), 0x0, 0xa2565)
ppoll(&(0x7f0000000380)=[{r3, 0xc202}, {r7, 0x200}], 0x2, 0x0, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback={0x100000000000000}}, 0x1c)
timerfd_settime(r1, 0x3, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
clock_gettime(0x6, &(0x7f0000000080))
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000140)={0x24, &(0x7f0000000180)={0x20, 0x3, 0x9, {0x9, 0x21, '\x00\x00\x00\x00\x00\x00\x00'}}, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

0s ago: executing program 2 (id=2624):
r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x0)
readv(r0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x8fa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x200000, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x4, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], <r7=>0x0, 0x80, &(0x7f0000000380)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x20, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r8, 0x0, 0x0}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240100003b0007010000000000000000047c0000040000000c00018006000600800a000000010280f90014"], 0x124}}, 0xc000)

kernel console output (not intermixed with test programs):

named from eth3
[  746.413542][T12898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.449877][ T5826] Bluetooth: hci5: unexpected event 0x06 length: 4 > 3
[  746.467373][ T5904] yealink 4-1:36.0: invalid payload size 0, expected 16
[  746.478668][T12898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  746.484330][ T5904] input: Yealink usb-p1k as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:36.0/input/input30
[  746.549479][T12724] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.570648][T12724] 8021q: adding VLAN 0 to HW filter on device team0
[  746.579397][T12898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.613665][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.620913][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.668318][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.675601][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.738287][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.745328][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.752307][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.759262][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.766214][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.774786][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.781851][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.798102][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  746.804890][    C1] yealink 4-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  747.540269][ T5826] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  747.540401][ T5904] usb 4-1: USB disconnect, device number 49
[  747.908184][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  748.535979][T12915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2070'.
[  748.542259][T12918] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2071'.
[  748.660912][T12724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  748.664536][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  749.268620][T12724] veth0_vlan: entered promiscuous mode
[  749.309823][T12724] veth1_vlan: entered promiscuous mode
[  749.361282][T12724] veth0_macvtap: entered promiscuous mode
[  749.416321][T12724] veth1_macvtap: entered promiscuous mode
[  749.435044][T12933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  749.446144][T12933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  749.511534][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  749.533475][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.554336][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  749.578915][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.605632][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  749.627206][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.650874][T12724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  749.674135][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  749.696282][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.706257][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  749.738856][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.748994][T12724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  749.777044][T12724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.805431][T12724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  749.841467][T12724] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  749.871356][T12724] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  749.891447][T12724] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  749.909632][T12724] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.957861][T12940] FAULT_INJECTION: forcing a failure.
[  749.957861][T12940] name failslab, interval 1, probability 0, space 0, times 0
[  749.984504][T12940] CPU: 1 UID: 0 PID: 12940 Comm: syz.0.2076 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  749.995351][T12940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  750.005450][T12940] Call Trace:
[  750.008741][T12940]  <TASK>
[  750.011684][T12940]  dump_stack_lvl+0x241/0x360
[  750.016407][T12940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  750.021637][T12940]  ? __pfx__printk+0x10/0x10
[  750.026252][T12940]  ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0
[  750.032777][T12940]  ? __pfx___might_resched+0x10/0x10
[  750.038114][T12940]  should_fail_ex+0x3b0/0x4e0
[  750.042836][T12940]  should_failslab+0xac/0x100
[  750.047546][T12940]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[  750.053895][T12940]  ? kobject_set_name_vargs+0x61/0x120
[  750.059388][T12940]  kstrdup+0x39/0xb0
[  750.063310][T12940]  kobject_set_name_vargs+0x61/0x120
[  750.068625][T12940]  dev_set_name+0xd5/0x120
[  750.073072][T12940]  ? __pfx_dev_set_name+0x10/0x10
[  750.078123][T12940]  ? device_initialize+0x266/0x460
[  750.083254][T12940]  netdev_register_kobject+0xb7/0x2e0
[  750.088653][T12940]  register_netdevice+0x12c5/0x1b00
[  750.093878][T12940]  ? __pfx_register_netdevice+0x10/0x10
[  750.099470][T12940]  ? net_generic+0x1f/0x240
[  750.104030][T12940]  ip6_tnl_newlink+0x2eb/0x5f0
[  750.108832][T12940]  ? __pfx_ip6_tnl_newlink+0x10/0x10
[  750.114168][T12940]  ? rtnl_create_link+0x91c/0xc20
[  750.119223][T12940]  ? __pfx_ip6_tnl_newlink+0x10/0x10
[  750.124528][T12940]  rtnl_newlink_create+0x2ee/0xa40
[  750.129671][T12940]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  750.135356][T12940]  ? ns_capable+0x8a/0xf0
[  750.139712][T12940]  rtnl_newlink+0x1c7e/0x2210
[  750.144416][T12940]  ? __pfx_rtnl_newlink+0x10/0x10
[  750.149454][T12940]  ? __netlink_deliver_tap+0x56b/0x7f0
[  750.154926][T12940]  ? __pfx_validate_chain+0x10/0x10
[  750.160140][T12940]  ? __sock_sendmsg+0x221/0x270
[  750.165012][T12940]  ? ____sys_sendmsg+0x52a/0x7e0
[  750.169963][T12940]  ? __sys_sendmsg+0x269/0x350
[  750.174738][T12940]  ? do_syscall_64+0xf3/0x230
[  750.179438][T12940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.185548][T12940]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  750.191552][T12940]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  750.197899][T12940]  ? mark_lock+0x9a/0x360
[  750.202248][T12940]  ? __lock_acquire+0x1397/0x2100
[  750.207314][T12940]  ? __pfx_lock_release+0x10/0x10
[  750.212351][T12940]  ? cap_capable+0x1b4/0x250
[  750.216982][T12940]  ? __pfx_rtnl_newlink+0x10/0x10
[  750.222026][T12940]  rtnetlink_rcv_msg+0x791/0xcf0
[  750.226980][T12940]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  750.232112][T12940]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  750.237618][T12940]  ? ref_tracker_free+0x643/0x7e0
[  750.242670][T12940]  netlink_rcv_skb+0x1e3/0x430
[  750.247447][T12940]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  750.252924][T12940]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  750.258241][T12940]  ? netlink_deliver_tap+0x2e/0x1b0
[  750.263454][T12940]  netlink_unicast+0x7f6/0x990
[  750.268246][T12940]  ? __pfx_netlink_unicast+0x10/0x10
[  750.273567][T12940]  ? __virt_addr_valid+0x45f/0x530
[  750.278709][T12940]  ? __phys_addr_symbol+0x2f/0x70
[  750.283762][T12940]  ? __check_object_size+0x47a/0x730
[  750.289091][T12940]  netlink_sendmsg+0x8e4/0xcb0
[  750.293910][T12940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.299248][T12940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.304553][T12940]  __sock_sendmsg+0x221/0x270
[  750.309268][T12940]  ____sys_sendmsg+0x52a/0x7e0
[  750.314064][T12940]  ? __pfx_____sys_sendmsg+0x10/0x10
[  750.319375][T12940]  ? __fget_files+0x2a/0x410
[  750.323979][T12940]  ? __fget_files+0x2a/0x410
[  750.328588][T12940]  __sys_sendmsg+0x269/0x350
[  750.333206][T12940]  ? __pfx_lock_release+0x10/0x10
[  750.338260][T12940]  ? __pfx___sys_sendmsg+0x10/0x10
[  750.343413][T12940]  ? __pfx_vfs_write+0x10/0x10
[  750.348218][T12940]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  750.354567][T12940]  ? do_syscall_64+0x100/0x230
[  750.359378][T12940]  ? do_syscall_64+0xb6/0x230
[  750.364081][T12940]  do_syscall_64+0xf3/0x230
[  750.368607][T12940]  ? clear_bhb_loop+0x35/0x90
[  750.373296][T12940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.379214][T12940] RIP: 0033:0x7fc42cb85d29
[  750.383650][T12940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.403271][T12940] RSP: 002b:00007fc42da89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  750.411705][T12940] RAX: ffffffffffffffda RBX: 00007fc42cd75fa0 RCX: 00007fc42cb85d29
[  750.419690][T12940] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  750.427673][T12940] RBP: 00007fc42da89090 R08: 0000000000000000 R09: 0000000000000000
[  750.435658][T12940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  750.443638][T12940] R13: 0000000000000000 R14: 00007fc42cd75fa0 R15: 00007ffd0ca32438
[  750.451635][T12940]  </TASK>
[  750.499185][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  750.654552][T12945] [U] 
[  750.730803][ T1324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  750.738827][ T1324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  750.748881][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  750.756953][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  750.883117][ T5826] Bluetooth: hci5: command 0x0406 tx timeout
[  753.518433][T12962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.552509][T12962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.982899][    T8] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  754.155838][    T8] usb 6-1: Using ep0 maxpacket: 16
[  754.172603][    T8] usb 6-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  754.196701][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.204751][    T8] usb 6-1: Product: syz
[  754.209237][    T8] usb 6-1: Manufacturer: syz
[  754.213902][    T8] usb 6-1: SerialNumber: syz
[  754.221373][    T8] usb 6-1: config 0 descriptor??
[  754.229183][    T8] appledisplay 6-1:0.0: Could not find int-in endpoint
[  754.237495][    T8] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  754.311207][T12975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2088'.
[  754.334074][T12976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  754.343866][T12976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  754.439068][T12979] input: syz1 as /devices/virtual/input/input31
[  754.460589][   T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.619315][    T8] usb 6-1: USB disconnect, device number 31
[  754.633335][   T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.787501][   T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.033558][   T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.855308][T12992] syz.0.2090 (12992): drop_caches: 2
[  756.948476][   T11] bridge_slave_1: left allmulticast mode
[  756.954217][   T11] bridge_slave_1: left promiscuous mode
[  756.971057][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  757.139015][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  757.154271][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  757.165543][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  757.217141][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  757.227205][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  757.235764][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  757.900402][T13010] syz.5.2093 (13010): drop_caches: 2
[  758.433153][   T11] bridge_slave_0: left allmulticast mode
[  758.438885][   T11] bridge_slave_0: left promiscuous mode
[  758.615148][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.606414][ T5833] Bluetooth: hci4: command tx timeout
[  759.841637][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  759.855006][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  759.876487][   T11] bond0 (unregistering): Released all slaves
[  760.256911][T13025] (unnamed net_device) (uninitialized): option ad_select: invalid value (105)
[  761.798131][T13000] chnl_net:caif_netlink_parms(): no params data found
[  761.829801][ T5833] Bluetooth: hci4: command tx timeout
[  762.112603][   T11] hsr_slave_0: left promiscuous mode
[  762.131394][   T11] hsr_slave_1: left promiscuous mode
[  762.146732][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  762.161371][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  762.323051][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  762.331216][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  762.458216][   T11] veth1_macvtap: left promiscuous mode
[  762.464204][   T11] veth0_macvtap: left promiscuous mode
[  762.486911][   T11] veth1_vlan: left promiscuous mode
[  762.507149][   T11] veth0_vlan: left promiscuous mode
[  764.071233][T13059] syz.3.2107 (13059): drop_caches: 2
[  764.410034][ T5833] Bluetooth: hci4: command tx timeout
[  765.147005][T13065] syz.3.2108 (13065): attempted to duplicate a private mapping with mremap.  This is not supported.
[  765.961927][ T5826] Bluetooth: hci5: unexpected event 0x06 length: 4 > 3
[  766.114430][   T11] team0 (unregistering): Port device team_slave_1 removed
[  766.273509][   T11] team0 (unregistering): Port device team_slave_0 removed
[  766.619399][ T5826] Bluetooth: hci4: command tx timeout
[  767.553383][T13000] bridge0: port 1(bridge_slave_0) entered blocking state
[  767.561906][T13000] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.716695][T13080] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2112'.
[  767.726269][T13080] netlink: 'syz.5.2112': attribute type 1 has an invalid length.
[  768.468867][T13000] bridge_slave_0: entered allmulticast mode
[  768.483290][T13000] bridge_slave_0: entered promiscuous mode
[  768.555746][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  768.572076][T13000] bridge0: port 2(bridge_slave_1) entered blocking state
[  768.598668][T13000] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.605891][T13000] bridge_slave_1: entered allmulticast mode
[  768.633773][   T29] kauditd_printk_skb: 32 callbacks suppressed
[  768.633793][   T29] audit: type=1400 audit(1734711843.891:312): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13082 comm="syz.5.2114"
[  768.658251][T13000] bridge_slave_1: entered promiscuous mode
[  768.785163][T13000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  768.832344][T13000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  769.017603][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  769.024204][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  769.037838][T13000] team0: Port device team_slave_0 added
[  769.055725][T13000] team0: Port device team_slave_1 added
[  769.087224][T13089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.110316][T13089] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.159971][T13000] batman_adv: batadv0: Adding interface: batadv_slave_0
[  769.173301][T13000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.200110][T13000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  769.255140][T13000] batman_adv: batadv0: Adding interface: batadv_slave_1
[  769.286766][T13000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.328316][T13000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  769.563635][T13000] hsr_slave_0: entered promiscuous mode
[  769.612625][T13000] hsr_slave_1: entered promiscuous mode
[  769.643172][T13000] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  769.676825][T13000] Cannot create hsr debugfs directory
[  770.552153][T13110] netlink: 'syz.3.2121': attribute type 2 has an invalid length.
[  770.864374][T13107] vivid-000: kernel_thread() failed
[  770.879400][ T5826] Bluetooth: hci5: command 0x0406 tx timeout
[  771.735571][T13119] netlink: 'syz.2.2127': attribute type 1 has an invalid length.
[  772.961319][T13136] syz.2.2129 (13136): drop_caches: 2
[  773.677189][T13000] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  773.689459][T13000] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  773.710614][T13000] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  773.721660][T13000] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  774.815891][T13000] 8021q: adding VLAN 0 to HW filter on device bond0
[  776.348330][T13000] 8021q: adding VLAN 0 to HW filter on device team0
[  776.557828][T13168] netlink: 'syz.0.2136': attribute type 2 has an invalid length.
[  776.840760][ T2997] bridge0: port 1(bridge_slave_0) entered blocking state
[  776.848093][ T2997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  776.955508][ T2997] bridge0: port 2(bridge_slave_1) entered blocking state
[  776.962742][ T2997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  777.107570][T13174] netlink: 'syz.5.2139': attribute type 4 has an invalid length.
[  777.145002][T13000] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  777.166692][T13000] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  777.201688][T13177] netlink: 'syz.5.2139': attribute type 4 has an invalid length.
[  777.604838][T13186] (syz.2.2140,13186,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  777.613707][T13186] (syz.2.2140,13186,1):ocfs2_fill_super:1178 ERROR: status = -22
[  778.387198][T13000] 8021q: adding VLAN 0 to HW filter on device batadv0
[  778.397875][T13190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.446306][T13190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.712951][T13000] veth0_vlan: entered promiscuous mode
[  778.725596][T13000] veth1_vlan: entered promiscuous mode
[  778.792019][T13000] veth0_macvtap: entered promiscuous mode
[  778.816611][T13000] veth1_macvtap: entered promiscuous mode
[  778.870027][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  778.880943][   T46] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  778.921334][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  778.936497][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  778.950662][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  778.963074][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  779.116502][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  779.137716][T13000] batman_adv: batadv0: Interface activated: batadv_slave_0
[  779.459202][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  779.683084][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  779.714786][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  779.764570][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  779.817038][T13000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  779.838320][T13000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  779.855241][T13000] batman_adv: batadv0: Interface activated: batadv_slave_1
[  779.875444][   T46] usb 4-1: device descriptor read/64, error -71
[  779.888859][T13000] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  779.907465][T13000] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  779.922162][   T29] audit: type=1400 audit(1734711854.442:313): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13215 comm="syz.5.2151"
[  779.939463][T13000] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  779.948200][T13000] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  780.112653][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  780.174896][   T46] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  780.230216][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  780.311788][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  780.320555][   T46] usb 4-1: device descriptor read/64, error -71
[  780.369500][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  780.558324][T13221] netlink: 'syz.5.2152': attribute type 2 has an invalid length.
[  781.200272][   T46] usb usb4-port1: attempt power cycle
[  781.452103][T13226] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2154'.
[  781.472271][T13226] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2154'.
[  781.575187][   T46] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  781.611759][   T46] usb 4-1: device descriptor read/8, error -71
[  781.730831][T13229] (syz.2.2153,13229,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  781.739751][T13229] (syz.2.2153,13229,1):ocfs2_fill_super:1178 ERROR: status = -22
[  783.565304][T13242] syz.3.2157 (13242): drop_caches: 2
[  784.181017][T10424] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  784.366728][T10424] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  785.386835][T10424] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  785.589895][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  785.659366][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  785.699033][T13252] syz.5.2159 (13252): drop_caches: 2
[  785.720062][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  785.729996][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  785.744677][ T5833] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  785.752813][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  785.953742][T10424] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  786.303836][T10424] bridge_slave_1: left allmulticast mode
[  786.324202][T10424] bridge_slave_1: left promiscuous mode
[  786.340484][T10424] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.356057][T13269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.366515][T13269] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.390810][T10424] bridge_slave_0: left allmulticast mode
[  786.402810][T10424] bridge_slave_0: left promiscuous mode
[  786.415162][T10424] bridge0: port 1(bridge_slave_0) entered disabled state
[  787.132045][T13284] (syz.2.2167,13284,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  787.141056][T13284] (syz.2.2167,13284,1):ocfs2_fill_super:1178 ERROR: status = -22
[  788.015930][ T5833] Bluetooth: hci4: command tx timeout
[  788.265440][T10424] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  788.276959][T10424] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  788.290892][T10424] bond0 (unregistering): Released all slaves
[  788.681068][T13303] fuse: Unknown parameter 'user_i00000000000000000000'
[  788.934415][T13257] chnl_net:caif_netlink_parms(): no params data found
[  790.020956][T13315] fuse: Unknown parameter 'rootm+de'
[  790.042271][T13315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2176'.
[  790.227375][ T5833] Bluetooth: hci4: command tx timeout
[  790.806538][T13323] netlink: 'syz.0.2177': attribute type 27 has an invalid length.
[  790.873177][T13324] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2178'.
[  790.968779][   T29] audit: type=1400 audit(1734711864.779:314): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13326 comm="syz.3.2179" daddr=::ffff:172.20.20.170 dest=20003
[  791.062973][T10424] hsr_slave_0: left promiscuous mode
[  791.100240][T10424] hsr_slave_1: left promiscuous mode
[  791.107122][T10424] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  791.122759][T10424] batman_adv: batadv0: Removing interface: batadv_slave_0
[  791.151006][T10424] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  791.171032][T10424] batman_adv: batadv0: Removing interface: batadv_slave_1
[  791.239588][T10424] veth1_macvtap: left promiscuous mode
[  791.252173][T10424] veth0_macvtap: left promiscuous mode
[  791.270052][T10424] veth1_vlan: left promiscuous mode
[  791.283570][T10424] veth0_vlan: left promiscuous mode
[  792.448286][ T5833] Bluetooth: hci4: command tx timeout
[  792.641285][T10424] team0 (unregistering): Port device team_slave_1 removed
[  792.714405][T10424] team0 (unregistering): Port device team_slave_0 removed
[  793.392698][T13257] bridge0: port 1(bridge_slave_0) entered blocking state
[  793.406495][T13257] bridge0: port 1(bridge_slave_0) entered disabled state
[  793.435875][T13257] bridge_slave_0: entered allmulticast mode
[  793.443347][T13257] bridge_slave_0: entered promiscuous mode
[  793.548875][T13257] bridge0: port 2(bridge_slave_1) entered blocking state
[  793.556049][T13257] bridge0: port 2(bridge_slave_1) entered disabled state
[  793.582325][T13257] bridge_slave_1: entered allmulticast mode
[  793.592361][T13257] bridge_slave_1: entered promiscuous mode
[  793.657903][T13350] fuse: Unknown parameter 'user_i00000000000000000000'
[  793.746236][T13257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  793.785291][T13257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  793.888085][T13257] team0: Port device team_slave_0 added
[  794.097769][    T8] kernel write not supported for file /adsp1 (pid: 8 comm: kworker/0:0)
[  794.098644][T13257] team0: Port device team_slave_1 added
[  794.671306][ T5833] Bluetooth: hci4: command tx timeout
[  794.983264][T13257] batman_adv: batadv0: Adding interface: batadv_slave_0
[  794.991336][T13257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  795.053988][T13370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2191'.
[  795.819957][T13257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  795.883256][T13257] batman_adv: batadv0: Adding interface: batadv_slave_1
[  795.911290][T13257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  795.943706][   T46] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  796.206674][T13257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  796.317607][   T46] usb 6-1: Using ep0 maxpacket: 16
[  796.324613][   T46] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  796.377383][   T46] usb 6-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40
[  796.387325][   T46] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.406529][   T46] usb 6-1: Product: syz
[  796.413896][   T46] usb 6-1: Manufacturer: syz
[  796.418662][   T46] usb 6-1: SerialNumber: syz
[  796.437925][   T46] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input32
[  796.448047][T13381] netlink: 'syz.2.2194': attribute type 10 has an invalid length.
[  796.600401][T13385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  796.609225][T13385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  797.182855][T13381] syz_tun: entered promiscuous mode
[  797.596832][T13381] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  797.606405][T13365] mac80211_hwsim hwsim13 wlan0: entered promiscuous mode
[  797.691854][T13257] hsr_slave_0: entered promiscuous mode
[  797.702929][T13257] hsr_slave_1: entered promiscuous mode
[  797.713797][T13257] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  797.721640][T13257] Cannot create hsr debugfs directory
[  797.727096][   T29] audit: type=1400 audit(1734711871.092:315): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13382 comm="syz.3.2195"
[  797.799618][T13394] fuse: Unknown parameter 'user_i00000000000000000000'
[  798.828132][T13366] mac80211_hwsim hwsim13 wlan0: left promiscuous mode
[  798.905619][ T5180] bcm5974 6-1:1.0: could not read from device
[  798.944871][   T46] usb 6-1: USB disconnect, device number 32
[  799.829105][T13257] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  799.867109][T13257] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  799.878584][T13257] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  799.912867][T13257] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  800.012134][T13417] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2206'.
[  800.104321][T13257] 8021q: adding VLAN 0 to HW filter on device bond0
[  800.121558][T13257] 8021q: adding VLAN 0 to HW filter on device team0
[  800.157190][T13257] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  800.167875][T13257] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  800.194349][T10424] bridge0: port 1(bridge_slave_0) entered blocking state
[  800.201587][T10424] bridge0: port 1(bridge_slave_0) entered forwarding state
[  800.212751][T10424] bridge0: port 2(bridge_slave_1) entered blocking state
[  800.220049][T10424] bridge0: port 2(bridge_slave_1) entered forwarding state
[  800.518593][   T29] audit: type=1400 audit(1734711873.712:316): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13421 comm="syz.2.2208" dest=2
[  800.544428][T13427] fuse: Unknown parameter 'user_id00000000000000000000'
[  800.825899][T13435] netlink: 'syz.0.2207': attribute type 2 has an invalid length.
[  801.485735][T13257] 8021q: adding VLAN 0 to HW filter on device batadv0
[  802.809228][T13455] netlink: 'syz.2.2213': attribute type 2 has an invalid length.
[  803.168472][T13257] veth0_vlan: entered promiscuous mode
[  803.209632][T13257] veth1_vlan: entered promiscuous mode
[  803.282506][T13257] veth0_macvtap: entered promiscuous mode
[  803.307645][T13257] veth1_macvtap: entered promiscuous mode
[  803.349713][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  803.373613][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.396726][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  803.417234][T13478] fuse: Unknown parameter 'user_id00000000000000000000'
[  803.418460][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.443198][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  803.486943][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.498659][T13480] overlayfs: failed to resolve './file1': -2
[  803.506521][T13257] batman_adv: batadv0: Interface activated: batadv_slave_0
[  803.549174][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  803.591935][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.614916][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  803.640869][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.678372][T13257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  803.700564][T13257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  803.738185][T13257] batman_adv: batadv0: Interface activated: batadv_slave_1
[  803.754874][T13257] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  803.785756][T13257] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  803.812978][T13257] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  803.823004][T13257] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  804.042288][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  804.254743][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  804.533696][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.637855][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  807.153059][T13496] syz.0.2225 (13496): drop_caches: 2
[  808.841723][T13501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2227'.
[  809.349054][T13505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  809.358114][T13505] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  809.371435][T13505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  809.380559][T13505] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  809.972478][T13520] fuse: Unknown parameter 'user_id00000000000000000000'
[  810.444216][T13528] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  810.452491][T13528] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  810.461601][T13528] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  810.469413][T13528] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  811.740406][T13529] (syz.3.2236,13529,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  811.749232][T13529] (syz.3.2236,13529,1):ocfs2_fill_super:1178 ERROR: status = -22
[  812.508459][T13545] netlink: 'syz.5.2237': attribute type 2 has an invalid length.
[  812.519662][   T29] audit: type=1326 audit(1734711884.946:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  812.571546][   T29] audit: type=1326 audit(1734711884.946:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  812.702418][   T29] audit: type=1326 audit(1734711884.946:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  812.807147][   T29] audit: type=1326 audit(1734711884.946:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  812.909421][   T29] audit: type=1326 audit(1734711884.946:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  813.001155][   T29] audit: type=1326 audit(1734711884.946:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  813.023251][   T29] audit: type=1326 audit(1734711884.946:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  813.045105][   T29] audit: type=1326 audit(1734711884.946:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13539 comm="syz.0.2239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42cb85d29 code=0x7ffc0000
[  813.409376][T13550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2240'.
[  815.290743][ T3535] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  816.338684][ T3535] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.514796][T13593] (syz.3.2249,13593,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  817.523702][T13593] (syz.3.2249,13593,0):ocfs2_fill_super:1178 ERROR: status = -22
[  818.201823][T13601] syz.5.2251: attempt to access beyond end of device
[  818.201823][T13601] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  818.361721][ T5826] Bluetooth: hci5: command 0x0406 tx timeout
[  818.534254][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  818.554788][T13605] FAULT_INJECTION: forcing a failure.
[  818.554788][T13605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.572551][T13605] CPU: 1 UID: 0 PID: 13605 Comm: syz.3.2253 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  818.583378][T13605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  818.593474][T13605] Call Trace:
[  818.596780][T13605]  <TASK>
[  818.599754][T13605]  dump_stack_lvl+0x241/0x360
[  818.604480][T13605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  818.609717][T13605]  ? __pfx__printk+0x10/0x10
[  818.614333][T13605]  ? __pfx_lock_release+0x10/0x10
[  818.619382][T13605]  should_fail_ex+0x3b0/0x4e0
[  818.624081][T13605]  _copy_from_user+0x2f/0xc0
[  818.628704][T13605]  __sys_bpf+0x1a4/0x810
[  818.632972][T13605]  ? __pfx___sys_bpf+0x10/0x10
[  818.637769][T13605]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  818.643765][T13605]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  818.650122][T13605]  ? do_syscall_64+0x100/0x230
[  818.654918][T13605]  __x64_sys_bpf+0x7c/0x90
[  818.659353][T13605]  do_syscall_64+0xf3/0x230
[  818.663881][T13605]  ? clear_bhb_loop+0x35/0x90
[  818.668574][T13605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.674492][T13605] RIP: 0033:0x7f92bb185d29
[  818.678923][T13605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  818.698548][T13605] RSP: 002b:00007f92bbeec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  818.707011][T13605] RAX: ffffffffffffffda RBX: 00007f92bb375fa0 RCX: 00007f92bb185d29
[  818.715002][T13605] RDX: 0000000000000008 RSI: 0000000020000100 RDI: 000000000000000b
[  818.722989][T13605] RBP: 00007f92bbeec090 R08: 0000000000000000 R09: 0000000000000000
[  818.730975][T13605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.738956][T13605] R13: 0000000000000000 R14: 00007f92bb375fa0 R15: 00007ffc98ccb2e8
[  818.746953][T13605]  </TASK>
[  818.809855][T13610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'.
[  819.126909][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  819.368855][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  819.477530][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  819.500236][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  819.510738][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  819.625060][ T3535] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  819.806562][ T3535] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  819.872706][T13617] netlink: 'syz.2.2255': attribute type 2 has an invalid length.
[  819.951182][T13621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2256'.
[  820.095225][ T3535] bridge_slave_1: left allmulticast mode
[  820.526673][ T3535] bridge_slave_1: left promiscuous mode
[  820.603142][ T3535] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.972821][T13632] syz.3.2254 (13632): drop_caches: 2
[  821.635279][ T3535] bridge_slave_0: left allmulticast mode
[  821.672315][ T3535] bridge_slave_0: left promiscuous mode
[  821.697688][ T5833] Bluetooth: hci4: command tx timeout
[  821.704697][ T3535] bridge0: port 1(bridge_slave_0) entered disabled state
[  822.690310][ T3535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  822.701593][ T3535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  822.712044][ T3535] bond0 (unregistering): Released all slaves
[  823.003109][T13653] sit0: entered promiscuous mode
[  823.012777][T13653] netlink: 'syz.5.2262': attribute type 1 has an invalid length.
[  823.022889][T13653] netlink: 1 bytes leftover after parsing attributes in process `syz.5.2262'.
[  823.706887][ T3535] hsr_slave_0: left promiscuous mode
[  823.725608][ T3535] hsr_slave_1: left promiscuous mode
[  823.740580][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  823.785791][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_0
[  823.862683][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  823.903773][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_1
[  823.920908][ T5833] Bluetooth: hci4: command tx timeout
[  823.977741][ T3535] veth1_macvtap: left promiscuous mode
[  823.983330][ T3535] veth0_macvtap: left promiscuous mode
[  823.989159][ T3535] veth1_vlan: left promiscuous mode
[  823.994509][ T3535] veth0_vlan: left promiscuous mode
[  825.356239][ T3535] team0 (unregistering): Port device team_slave_1 removed
[  825.428586][ T3535] team0 (unregistering): Port device team_slave_0 removed
[  826.159776][ T5833] Bluetooth: hci4: command tx timeout
[  826.393357][T13603] chnl_net:caif_netlink_parms(): no params data found
[  826.954884][T13603] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.989312][T13603] bridge0: port 1(bridge_slave_0) entered disabled state
[  827.008439][T13603] bridge_slave_0: entered allmulticast mode
[  827.016474][T13603] bridge_slave_0: entered promiscuous mode
[  827.065460][T13603] bridge0: port 2(bridge_slave_1) entered blocking state
[  827.084229][T13603] bridge0: port 2(bridge_slave_1) entered disabled state
[  827.126710][T13603] bridge_slave_1: entered allmulticast mode
[  827.271033][T13603] bridge_slave_1: entered promiscuous mode
[  827.533777][T13603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  828.132784][T13603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  828.233198][T13717] hub 9-0:1.0: USB hub found
[  828.241376][T13717] hub 9-0:1.0: 1 port detected
[  828.377179][ T5833] Bluetooth: hci4: command tx timeout
[  829.031924][T13709] XFS (nullb0): Invalid superblock magic number
[  829.101347][T13603] team0: Port device team_slave_0 added
[  829.268063][T13603] team0: Port device team_slave_1 added
[  829.369184][T13603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  829.378968][T13729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.394414][T13603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  829.421356][T13729] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.442721][T13603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  829.467621][T13603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  829.481394][T13603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  829.527034][T13603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  829.637392][T13603] hsr_slave_0: entered promiscuous mode
[  829.659183][T13603] hsr_slave_1: entered promiscuous mode
[  829.682702][T13603] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  829.703577][T13603] Cannot create hsr debugfs directory
[  830.263256][T13740] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  830.384695][T13746] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2288'.
[  832.423974][T13770] syz.5.2292 (13770): drop_caches: 2
[  834.702398][T13782] syz.0.2293 (13782): drop_caches: 2
[  834.767221][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  834.774069][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  834.952527][   T52] kworker/u8:3 (52) used greatest stack depth: 17680 bytes left
[  835.299069][T13603] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  835.375154][T13603] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  835.387487][T13603] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  835.421385][T13603] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  835.639344][T13603] 8021q: adding VLAN 0 to HW filter on device bond0
[  835.694449][T13603] 8021q: adding VLAN 0 to HW filter on device team0
[  835.727855][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  835.735106][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  835.770874][ T2997] bridge0: port 2(bridge_slave_1) entered blocking state
[  835.775489][T13802] netlink: 'syz.2.2301': attribute type 2 has an invalid length.
[  835.778062][ T2997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  836.345362][T13603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  837.723528][T13821] 8021q: adding VLAN 0 to HW filter on device bond2
[  837.732509][T13821] bond0: (slave bond2): Enslaving as an active interface with an up link
[  838.187737][T13603] veth0_vlan: entered promiscuous mode
[  838.233183][T13603] veth1_vlan: entered promiscuous mode
[  838.349061][T13603] veth0_macvtap: entered promiscuous mode
[  838.379256][T13603] veth1_macvtap: entered promiscuous mode
[  838.447687][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.485332][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.519846][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.551663][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.586400][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.622898][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.710480][T13603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  838.743685][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.782635][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.792963][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.810077][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.820380][T13603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.831369][T13603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.897447][T13603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  838.936826][T13603] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  838.960919][T13603] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  838.989528][T13603] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  839.024848][T13603] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  839.239600][T10424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.464331][T13846] overlayfs: missing 'lowerdir'
[  839.515987][T10424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.898902][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.925856][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.609400][ T2997] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.667525][ T9745] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  841.840896][ T9745] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[  841.854507][ T9745] usb 6-1: config 0 has no interface number 0
[  841.870002][ T9745] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  841.885934][ T9745] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.900968][ T9745] usb 6-1: Product: syz
[  841.929315][ T9745] usb 6-1: Manufacturer: syz
[  841.948234][ T9745] usb 6-1: SerialNumber: syz
[  841.956396][ T9745] usb 6-1: config 0 descriptor??
[  842.006867][ T2997] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.161290][ T2997] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.203695][ T9745] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[  842.223279][ T9745] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[  842.231705][ T9745] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[  842.239828][ T9745] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[  842.266736][ T9745] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  842.322839][ T2997] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.646067][    T8] usb 6-1: USB disconnect, device number 33
[  842.655621][    T8] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  842.679042][    T8] keyspan 6-1:0.133: device disconnected
[  842.828591][ T2997] bridge_slave_1: left allmulticast mode
[  842.845553][ T2997] bridge_slave_1: left promiscuous mode
[  842.860784][ T2997] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.897486][ T2997] bridge_slave_0: left allmulticast mode
[  842.914586][ T2997] bridge_slave_0: left promiscuous mode
[  842.937569][ T2997] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.031044][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  843.044691][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  843.055946][   T54] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3
[  843.070080][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  843.103444][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  843.126830][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  843.143958][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  844.691333][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2320'.
[  845.216376][ T5833] Bluetooth: hci3: command 0x0406 tx timeout
[  845.352389][ T2997] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  845.364016][ T2997] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  845.376896][ T2997] bond0 (unregistering): Released all slaves
[  845.391776][ T5826] Bluetooth: hci4: command tx timeout
[  846.421609][T13911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2326'.
[  846.430772][T13911] netlink: 'syz.0.2326': attribute type 1 has an invalid length.
[  847.441373][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  847.542797][ T2997] hsr_slave_0: left promiscuous mode
[  847.567661][ T2997] hsr_slave_1: left promiscuous mode
[  847.615963][ T5833] Bluetooth: hci4: command tx timeout
[  847.630210][ T2997] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  847.655476][ T2997] batman_adv: batadv0: Removing interface: batadv_slave_0
[  847.726147][ T2997] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  847.735754][ T2997] batman_adv: batadv0: Removing interface: batadv_slave_1
[  848.068873][ T2997] veth1_macvtap: left promiscuous mode
[  848.097501][ T2997] veth0_macvtap: left promiscuous mode
[  848.118910][ T2997] veth1_vlan: left promiscuous mode
[  848.138145][ T2997] veth0_vlan: left promiscuous mode
[  848.421598][T13929] FAULT_INJECTION: forcing a failure.
[  848.421598][T13929] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  848.434922][T13929] CPU: 0 UID: 0 PID: 13929 Comm: syz.5.2330 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  848.445728][T13929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  848.455815][T13929] Call Trace:
[  848.459122][T13929]  <TASK>
[  848.462081][T13929]  dump_stack_lvl+0x241/0x360
[  848.466806][T13929]  ? __pfx_dump_stack_lvl+0x10/0x10
[  848.472043][T13929]  ? __pfx__printk+0x10/0x10
[  848.476675][T13929]  ? __pfx_lock_release+0x10/0x10
[  848.481743][T13929]  should_fail_ex+0x3b0/0x4e0
[  848.486459][T13929]  _copy_from_user+0x2f/0xc0
[  848.491107][T13929]  copy_msghdr_from_user+0xae/0x680
[  848.496370][T13929]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  848.502217][T13929]  ? __fget_files+0x2a/0x410
[  848.506847][T13929]  ? __fget_files+0x2a/0x410
[  848.511478][T13929]  __sys_sendmsg+0x209/0x350
[  848.516120][T13929]  ? __pfx___sys_sendmsg+0x10/0x10
[  848.521316][T13929]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  848.527683][T13929]  ? do_syscall_64+0x100/0x230
[  848.532499][T13929]  ? do_syscall_64+0xb6/0x230
[  848.537224][T13929]  do_syscall_64+0xf3/0x230
[  848.541769][T13929]  ? clear_bhb_loop+0x35/0x90
[  848.546482][T13929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.552423][T13929] RIP: 0033:0x7ffa3c785d29
[  848.556869][T13929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  848.576519][T13929] RSP: 002b:00007ffa3d611038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  848.584972][T13929] RAX: ffffffffffffffda RBX: 00007ffa3c976160 RCX: 00007ffa3c785d29
[  848.592976][T13929] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000007
[  848.600976][T13929] RBP: 00007ffa3d611090 R08: 0000000000000000 R09: 0000000000000000
[  848.608977][T13929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.616996][T13929] R13: 0000000000000000 R14: 00007ffa3c976160 R15: 00007ffe9aacd3b8
[  848.625058][T13929]  </TASK>
[  849.834759][ T5833] Bluetooth: hci4: command tx timeout
[  852.059752][ T5833] Bluetooth: hci4: command tx timeout
[  853.479799][ T5833] Bluetooth: hci5: unexpected event for opcode 0x0c22
[  853.886852][ T2997] team0 (unregistering): Port device team_slave_1 removed
[  853.966236][ T2997] team0 (unregistering): Port device team_slave_0 removed
[  854.676618][T13875] chnl_net:caif_netlink_parms(): no params data found
[  855.128292][T13875] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.213543][T13875] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.221327][T13875] bridge_slave_0: entered allmulticast mode
[  856.073533][T13970] syz.2.2338 (13970): drop_caches: 2
[  856.262218][T13875] bridge_slave_0: entered promiscuous mode
[  856.271183][T13875] bridge0: port 2(bridge_slave_1) entered blocking state
[  856.278326][T13875] bridge0: port 2(bridge_slave_1) entered disabled state
[  856.417327][T13875] bridge_slave_1: entered allmulticast mode
[  856.425275][T13875] bridge_slave_1: entered promiscuous mode
[  856.739965][T13875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  856.963230][T13875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  858.071086][T13875] team0: Port device team_slave_0 added
[  858.146081][T13875] team0: Port device team_slave_1 added
[  858.268476][T13875] batman_adv: batadv0: Adding interface: batadv_slave_0
[  858.286376][T13875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  858.356311][T13875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  858.390357][T13875] batman_adv: batadv0: Adding interface: batadv_slave_1
[  858.397494][T13875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  858.503166][T13875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  858.592304][T13875] hsr_slave_0: entered promiscuous mode
[  858.600681][T13875] hsr_slave_1: entered promiscuous mode
[  858.619342][T13875] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  858.643738][T13875] Cannot create hsr debugfs directory
[  859.332185][T13998] xt_time: invalid argument - start or stop time greater than 23:59:59
[  859.354771][T13998] netlink: 'syz.2.2347': attribute type 3 has an invalid length.
[  859.363331][T13998] netlink: 163968 bytes leftover after parsing attributes in process `syz.2.2347'.
[  859.382608][ T5904] IPVS: starting estimator thread 0...
[  859.497103][T13999] IPVS: using max 20 ests per chain, 48000 per kthread
[  859.668568][T13875] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  859.685887][T13875] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  859.704105][T13875] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  859.719700][T13875] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  859.928681][T13875] 8021q: adding VLAN 0 to HW filter on device bond0
[  859.985003][T13875] 8021q: adding VLAN 0 to HW filter on device team0
[  860.024086][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  860.031389][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  860.083299][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.090574][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  860.193659][T13875] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  860.219870][T13875] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  860.303342][ T5833] Bluetooth: hci3: unexpected event for opcode 0x0c22
[  861.475853][T13875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  861.744055][ T9745] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  861.916426][T14034] overlayfs: failed to resolve './file1': -2
[  861.942471][ T9745] usb 4-1: Using ep0 maxpacket: 16
[  861.964621][ T9745] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  861.977481][ T9745] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.009410][ T9745] usb 4-1: Product: syz
[  862.009440][ T9745] usb 4-1: Manufacturer: syz
[  862.009461][ T9745] usb 4-1: SerialNumber: syz
[  862.028348][ T9745] r8152-cfgselector 4-1: Unknown version 0x0000
[  862.028384][ T9745] r8152-cfgselector 4-1: config 0 descriptor??
[  862.159122][T13875] veth0_vlan: entered promiscuous mode
[  862.168497][T13875] veth1_vlan: entered promiscuous mode
[  862.237581][T13875] veth0_macvtap: entered promiscuous mode
[  862.373771][T13875] veth1_macvtap: entered promiscuous mode
[  862.465196][T14047] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2359'.
[  863.359670][T14049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  863.368458][T14049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  863.491010][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  863.519023][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.529032][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  863.551663][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.563123][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  863.573826][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.587796][T13875] batman_adv: batadv0: Interface activated: batadv_slave_0
[  863.603002][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  863.614251][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.627886][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  863.667891][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.711083][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  863.729367][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  863.834506][T13875] batman_adv: batadv0: Interface activated: batadv_slave_1
[  864.296113][T13875] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  864.305346][T13875] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  864.351413][T13875] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  864.391231][T13875] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  864.607641][T14068] batman_adv: batadv0: Adding interface: gretap1
[  864.615647][T14068] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.641569][T14068] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  864.799078][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  864.811929][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  864.855985][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  864.877710][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  865.063576][ T5833] Bluetooth: hci3: unexpected event for opcode 0x0c22
[  865.472869][   T46] r8152-cfgselector 4-1: USB disconnect, device number 54
[  865.578581][T14078] fuse: Unknown parameter 'fd0x0000000000000003'
[  866.363110][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.553365][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.664978][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.758159][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.904039][   T12] bridge_slave_1: left allmulticast mode
[  866.913533][   T12] bridge_slave_1: left promiscuous mode
[  866.921094][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  866.930959][   T12] bridge_slave_0: left allmulticast mode
[  866.942428][   T12] bridge_slave_0: left promiscuous mode
[  866.948215][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  867.895172][T14101] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2373'.
[  869.475171][ T5870] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  869.501846][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  869.546014][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  869.559950][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  869.568270][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  869.602668][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  869.612851][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  869.645684][ T5870] usb 6-1: device descriptor read/64, error -71
[  870.777761][ T5870] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  870.827434][T14116] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2376'.
[  871.062048][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  871.158852][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  871.245547][   T12] bond0 (unregistering): Released all slaves
[  871.869536][ T5826] Bluetooth: hci4: command tx timeout
[  872.892449][T14130] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2379'.
[  873.128634][T14103] chnl_net:caif_netlink_parms(): no params data found
[  873.369116][   T12] hsr_slave_0: left promiscuous mode
[  873.378754][   T12] hsr_slave_1: left promiscuous mode
[  873.385196][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  873.402843][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  873.414189][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  873.427540][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  873.476289][   T12] veth1_macvtap: left promiscuous mode
[  873.482623][   T12] veth0_macvtap: left promiscuous mode
[  873.488713][   T12] veth1_vlan: left promiscuous mode
[  873.494154][   T12] veth0_vlan: left promiscuous mode
[  874.177001][ T5826] Bluetooth: hci4: command tx timeout
[  874.320288][T14151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  874.330742][T14151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  876.154407][T14157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2385'.
[  876.415963][ T5826] Bluetooth: hci4: command tx timeout
[  876.560399][   T12] team0 (unregistering): Port device team_slave_1 removed
[  876.710705][   T12] team0 (unregistering): Port device team_slave_0 removed
[  877.057320][T14167] syz.5.2388: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  877.073665][T14167] CPU: 1 UID: 0 PID: 14167 Comm: syz.5.2388 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  877.084500][T14167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  877.094605][T14167] Call Trace:
[  877.097935][T14167]  <TASK>
[  877.100880][T14167]  dump_stack_lvl+0x241/0x360
[  877.105589][T14167]  ? __pfx_dump_stack_lvl+0x10/0x10
[  877.110813][T14167]  ? __pfx__printk+0x10/0x10
[  877.115428][T14167]  ? __rcu_read_unlock+0xa1/0x110
[  877.120476][T14167]  warn_alloc+0x278/0x410
[  877.124865][T14167]  ? __vmalloc_node_range_noprof+0x106/0x1380
[  877.130986][T14167]  ? __pfx_warn_alloc+0x10/0x10
[  877.135875][T14167]  ? kasan_save_track+0x3f/0x80
[  877.140774][T14167]  ? __kasan_kmalloc+0x98/0xb0
[  877.145578][T14167]  ? xsk_setsockopt+0x598/0x950
[  877.150451][T14167]  ? do_sock_setsockopt+0x3af/0x720
[  877.155678][T14167]  ? __x64_sys_setsockopt+0x1ee/0x280
[  877.161075][T14167]  ? do_syscall_64+0xf3/0x230
[  877.165813][T14167]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.171932][T14167]  __vmalloc_node_range_noprof+0x126/0x1380
[  877.177914][T14167]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  877.184273][T14167]  ? __kasan_kmalloc+0x98/0xb0
[  877.189072][T14167]  vmalloc_user_noprof+0x74/0x80
[  877.194143][T14167]  ? xskq_create+0xb6/0x170
[  877.198668][T14167]  xskq_create+0xb6/0x170
[  877.203029][T14167]  xsk_init_queue+0xa1/0x100
[  877.207678][T14167]  xsk_setsockopt+0x598/0x950
[  877.212381][T14167]  ? __pfx_xsk_setsockopt+0x10/0x10
[  877.217607][T14167]  ? __pfx_lock_acquire+0x10/0x10
[  877.222653][T14167]  ? __fget_files+0x2a/0x410
[  877.227267][T14167]  ? __pfx_xsk_setsockopt+0x10/0x10
[  877.232491][T14167]  do_sock_setsockopt+0x3af/0x720
[  877.237548][T14167]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  877.243122][T14167]  ? __fget_files+0x395/0x410
[  877.247822][T14167]  ? __fget_files+0x2a/0x410
[  877.252441][T14167]  __x64_sys_setsockopt+0x1ee/0x280
[  877.257693][T14167]  do_syscall_64+0xf3/0x230
[  877.262322][T14167]  ? clear_bhb_loop+0x35/0x90
[  877.267126][T14167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.273058][T14167] RIP: 0033:0x7ffa3c785d29
[  877.277494][T14167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.297238][T14167] RSP: 002b:00007ffa3d653038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  877.305687][T14167] RAX: ffffffffffffffda RBX: 00007ffa3c975fa0 RCX: 00007ffa3c785d29
[  877.313685][T14167] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007
[  877.321683][T14167] RBP: 00007ffa3c801aa8 R08: 0000000000000020 R09: 0000000000000000
[  877.329707][T14167] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  877.337796][T14167] R13: 0000000000000000 R14: 00007ffa3c975fa0 R15: 00007ffe9aacd3b8
[  877.345814][T14167]  </TASK>
[  877.348929][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.355634][T14167] Mem-Info:
[  877.358881][T14167] active_anon:350 inactive_anon:11087 isolated_anon:0
[  877.358881][T14167]  active_file:22970 inactive_file:36561 isolated_file:0
[  877.358881][T14167]  unevictable:768 dirty:196 writeback:0
[  877.358881][T14167]  slab_reclaimable:6265 slab_unreclaimable:104408
[  877.358881][T14167]  mapped:42957 shmem:7198 pagetables:922
[  877.358881][T14167]  sec_pagetables:0 bounce:0
[  877.358881][T14167]  kernel_misc_reclaimable:0
[  877.358881][T14167]  free:1290977 free_pcp:8488 free_cma:0
[  877.404297][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.413026][T14167] Node 0 active_anon:1400kB inactive_anon:44348kB active_file:91788kB inactive_file:146244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:171828kB dirty:784kB writeback:0kB shmem:27256kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11116kB pagetables:3688kB sec_pagetables:0kB all_unreclaimable? no
[  877.445708][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.451910][T14167] Node 1 active_anon:0kB inactive_anon:0kB active_file:92kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  877.482044][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.488177][T14167] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  877.515629][T14167] lowmem_reserve[]: 0 2465 2466 0 0
[  877.521000][T14167] Node 0 DMA32 free:1268628kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1396kB inactive_anon:44412kB active_file:91000kB inactive_file:146192kB unevictable:1536kB writepending:780kB present:3129332kB managed:2552776kB mlocked:0kB bounce:0kB free_pcp:5440kB local_pcp:4568kB free_cma:0kB
[  877.551772][T14167] lowmem_reserve[]: 0 0 0 0 0
[  877.556656][T14167] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:788kB inactive_file:52kB unevictable:0kB writepending:4kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  877.583596][T14167] lowmem_reserve[]: 0 0 0 0 0
[  877.588475][T14167] Node 1 Normal free:3879536kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:92kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:28720kB local_pcp:26672kB free_cma:0kB
[  877.618264][T14167] lowmem_reserve[]: 0 0 0 0 0
[  877.623165][T14167] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  877.644839][T14167] Node 0 DMA32: 2*4kB (UE) 48*8kB (UE) 30*16kB (UME) 230*32kB (UME) 198*64kB (UME) 94*128kB (UME) 61*256kB (UME) 30*512kB (UME) 18*1024kB (UME) 11*2048kB (UME) 284*4096kB (UM) = 1268136kB
[  877.663731][T14167] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  877.675435][T14167] Node 1 Normal: 192*4kB (UME) 46*8kB (UME) 30*16kB (UME) 177*32kB (UME) 88*64kB (UME) 32*128kB (UME) 16*256kB (UM) 10*512kB (UME) 5*1024kB (UE) 5*2048kB (UE) 937*4096kB (M) = 3879536kB
[  877.694188][T14167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  877.703966][T14167] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  877.716070][T14167] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  877.716146][T14167] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  877.716168][T14167] 66729 total pagecache pages
[  877.716181][T14167] 0 pages in swap cache
[  877.716190][T14167] Free swap  = 124756kB
[  877.716201][T14167] Total swap = 124996kB
[  877.716214][T14167] 2097051 pages RAM
[  877.716225][T14167] 0 pages HighMem/MovableOnly
[  877.716235][T14167] 427005 pages reserved
[  877.716245][T14167] 0 pages cma reserved
[  878.410788][T14103] bridge0: port 1(bridge_slave_0) entered blocking state
[  878.439858][T14103] bridge0: port 1(bridge_slave_0) entered disabled state
[  878.496254][T14182] zonefs (nullb0) ERROR: Not a zoned block device
[  878.585697][ T5826] Bluetooth: hci4: command tx timeout
[  878.721211][T14103] bridge_slave_0: entered allmulticast mode
[  878.742065][T14103] bridge_slave_0: entered promiscuous mode
[  878.968198][T14103] bridge0: port 2(bridge_slave_1) entered blocking state
[  879.398142][T14103] bridge0: port 2(bridge_slave_1) entered disabled state
[  879.405703][T14103] bridge_slave_1: entered allmulticast mode
[  879.413008][T14103] bridge_slave_1: entered promiscuous mode
[  879.665677][T14103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  879.748833][T14103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  880.726023][T14103] team0: Port device team_slave_0 added
[  880.735507][T14103] team0: Port device team_slave_1 added
[  880.924608][T14103] batman_adv: batadv0: Adding interface: batadv_slave_0
[  880.931625][T14103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  881.008550][T14103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  881.021362][T14103] batman_adv: batadv0: Adding interface: batadv_slave_1
[  881.028448][T14103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  881.061899][T14103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  881.191472][T14103] hsr_slave_0: entered promiscuous mode
[  881.198413][T14103] hsr_slave_1: entered promiscuous mode
[  881.212043][T14103] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  881.231065][T14103] Cannot create hsr debugfs directory
[  881.869798][ T9745] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  881.985531][T14103] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  882.094089][T14103] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  882.130987][ T9745] usb 6-1: Using ep0 maxpacket: 8
[  882.144522][T14103] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  882.164061][ T9745] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  882.172494][ T9745] usb 6-1: config 179 has no interface number 0
[  882.184506][ T9745] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  882.196386][T14103] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  882.205817][ T9745] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  882.227372][ T9745] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  882.385486][T14103] 8021q: adding VLAN 0 to HW filter on device bond0
[  882.459470][ T9745] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  882.471659][ T9745] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  882.485220][ T9745] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  882.489706][T14103] 8021q: adding VLAN 0 to HW filter on device team0
[  882.494914][ T9745] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.508974][T14204] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  883.179171][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  883.186389][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  883.247809][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  883.255046][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  883.754576][T14238] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2402'.
[  883.764060][T14238] netlink: 'syz.2.2402': attribute type 1 has an invalid length.
[  883.772686][ T9745] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  884.036376][ T9745] usb 4-1: Using ep0 maxpacket: 16
[  884.257150][ T9745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  884.336480][ T9745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  884.359068][T14103] 8021q: adding VLAN 0 to HW filter on device batadv0
[  884.373027][ T9745] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  884.418369][ T9745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.438527][ T3075] usb 6-1: USB disconnect, device number 36
[  884.438535][    C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  884.438669][    C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  884.461544][    C0] vkms_vblank_simulate: vblank timer overrun
[  884.548712][ T9745] usb 4-1: config 0 descriptor??
[  884.992337][ T9745] savu 0003:1E7D:2D5A.0026: unknown main item tag 0x0
[  885.006402][ T9745] savu 0003:1E7D:2D5A.0026: unknown main item tag 0x0
[  885.029461][ T9745] savu 0003:1E7D:2D5A.0026: unknown main item tag 0x0
[  885.103556][ T9745] savu 0003:1E7D:2D5A.0026: unknown main item tag 0x0
[  885.112999][ T9745] savu 0003:1E7D:2D5A.0026: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  885.149490][T14103] veth0_vlan: entered promiscuous mode
[  886.151986][T14103] veth1_vlan: entered promiscuous mode
[  886.213852][T14261] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2400'.
[  886.262717][T14103] veth0_macvtap: entered promiscuous mode
[  886.340076][T14103] veth1_macvtap: entered promiscuous mode
[  886.375210][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  886.401186][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.419544][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  886.431356][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.441537][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  886.452554][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.470952][T14103] batman_adv: batadv0: Interface activated: batadv_slave_0
[  886.506480][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  886.563235][T14259] could not allocate digest TFM handle tgr128-generic
[  886.584915][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.608202][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  886.630478][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.642517][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  886.653928][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  886.667056][T14103] batman_adv: batadv0: Interface activated: batadv_slave_1
[  886.682157][T14103] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  886.692340][T14103] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  886.701539][T14103] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  886.712440][T14103] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  886.833717][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  886.845683][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  886.889435][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  886.907214][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  886.934603][T14265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2407'.
[  886.981473][T14277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  886.990609][T14277] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  888.403781][ T3075] usb 4-1: USB disconnect, device number 55
[  888.438113][T14293] overlayfs: failed to resolve './file0': -2
[  889.249563][T14297] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  889.739578][T14064] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  890.388224][T14064] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  890.510381][T14064] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  890.599263][T14064] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  890.733986][T14064] bridge_slave_1: left allmulticast mode
[  890.740180][T14064] bridge_slave_1: left promiscuous mode
[  890.745994][T14064] bridge0: port 2(bridge_slave_1) entered disabled state
[  890.767402][T14064] bridge_slave_0: left allmulticast mode
[  890.774375][T14064] bridge_slave_0: left promiscuous mode
[  890.785103][T14064] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.095307][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2425'.
[  891.130335][T14324] usb usb1: usbfs: process 14324 (syz.2.2426) did not claim interface 1 before use
[  891.221445][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  891.264939][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  891.305556][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  891.358470][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  891.366407][ T5833] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  891.375950][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  892.682997][   T29] audit: type=1400 audit(1734711959.918:325): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14335 comm="syz.0.2429" daddr=::ffff:100.1.1.2
[  893.339056][T14342] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2430'.
[  893.581799][ T5826] Bluetooth: hci4: command tx timeout
[  894.262819][T14351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2434'.
[  894.271875][T14351] netlink: 'syz.3.2434': attribute type 1 has an invalid length.
[  894.706614][   T29] audit: type=1400 audit(1734711961.817:326): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14350 comm="syz.0.2432" daddr=::ffff:100.1.1.2
[  894.999722][   T29] audit: type=1400 audit(1734711962.079:327): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14358 comm="syz.3.2435" daddr=::ffff:10.1.1.1 dest=20004
[  895.880241][ T5826] Bluetooth: hci4: command tx timeout
[  896.489036][T14064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  896.504000][T14064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  896.514649][T14064] bond0 (unregistering): Released all slaves
[  896.673135][T14325] hsr_slave_1 (unregistering): left promiscuous mode
[  896.690116][T14355] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  896.703783][T14355] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  896.965734][T14372] FAULT_INJECTION: forcing a failure.
[  896.965734][T14372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  897.037217][T14372] CPU: 0 UID: 0 PID: 14372 Comm: syz.2.2437 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  897.048071][T14372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  897.058173][T14372] Call Trace:
[  897.061490][T14372]  <TASK>
[  897.064469][T14372]  dump_stack_lvl+0x241/0x360
[  897.069200][T14372]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.074443][T14372]  ? __pfx__printk+0x10/0x10
[  897.079082][T14372]  ? __pfx_lock_release+0x10/0x10
[  897.085025][T14372]  should_fail_ex+0x3b0/0x4e0
[  897.089759][T14372]  _copy_from_user+0x2f/0xc0
[  897.094410][T14372]  copy_msghdr_from_user+0xae/0x680
[  897.099659][T14372]  ? __lock_acquire+0x1397/0x2100
[  897.104730][T14372]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  897.110586][T14372]  ? __fget_files+0x2a/0x410
[  897.115216][T14372]  ? __fget_files+0x2a/0x410
[  897.119861][T14372]  do_recvmmsg+0x3bd/0xab0
[  897.124336][T14372]  ? __pfx_do_recvmmsg+0x10/0x10
[  897.129343][T14372]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  897.135296][T14372]  ? ksys_write+0x22a/0x2b0
[  897.139843][T14372]  ? __pfx_lock_release+0x10/0x10
[  897.144912][T14372]  ? vfs_write+0x730/0xd30
[  897.149389][T14372]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  897.155429][T14372]  ? __fget_files+0x2a/0x410
[  897.160081][T14372]  __x64_sys_recvmmsg+0x199/0x250
[  897.165160][T14372]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  897.170758][T14372]  ? do_syscall_64+0x100/0x230
[  897.175574][T14372]  ? do_syscall_64+0xb6/0x230
[  897.180298][T14372]  do_syscall_64+0xf3/0x230
[  897.184848][T14372]  ? clear_bhb_loop+0x35/0x90
[  897.189563][T14372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.195493][T14372] RIP: 0033:0x7f54faf85d29
[  897.199921][T14372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.219554][T14372] RSP: 002b:00007f54fbdd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  897.227976][T14372] RAX: ffffffffffffffda RBX: 00007f54fb175fa0 RCX: 00007f54faf85d29
[  897.235948][T14372] RDX: 0000000000000001 RSI: 0000000020001b40 RDI: 0000000000000004
[  897.243922][T14372] RBP: 00007f54fbdd8090 R08: 0000000000000000 R09: 0000000000000000
[  897.251907][T14372] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  897.259878][T14372] R13: 0000000000000000 R14: 00007f54fb175fa0 R15: 00007ffcffcf1338
[  897.267866][T14372]  </TASK>
[  898.124783][ T5826] Bluetooth: hci4: command tx timeout
[  898.322297][T14382] FAULT_INJECTION: forcing a failure.
[  898.322297][T14382] name failslab, interval 1, probability 0, space 0, times 0
[  898.340435][T14382] CPU: 1 UID: 0 PID: 14382 Comm: syz.2.2441 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  898.351290][T14382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  898.361400][T14382] Call Trace:
[  898.364714][T14382]  <TASK>
[  898.367686][T14382]  dump_stack_lvl+0x241/0x360
[  898.372425][T14382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  898.377675][T14382]  ? __pfx__printk+0x10/0x10
[  898.382367][T14382]  ? fs_reclaim_acquire+0x93/0x130
[  898.387530][T14382]  ? __pfx___might_resched+0x10/0x10
[  898.392877][T14382]  should_fail_ex+0x3b0/0x4e0
[  898.397602][T14382]  should_failslab+0xac/0x100
[  898.402351][T14382]  __kmalloc_noprof+0xdd/0x4c0
[  898.407158][T14382]  ? kstrtouint_from_user+0x128/0x190
[  898.412585][T14382]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  898.418343][T14382]  tomoyo_realpath_from_path+0xcf/0x5e0
[  898.423926][T14382]  tomoyo_path_number_perm+0x236/0x860
[  898.429401][T14382]  ? __lock_acquire+0x1397/0x2100
[  898.434542][T14382]  ? tomoyo_path_number_perm+0x206/0x860
[  898.440210][T14382]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  898.446242][T14382]  ? __fget_files+0x2a/0x410
[  898.450853][T14382]  ? __fget_files+0x2a/0x410
[  898.455472][T14382]  security_file_ioctl+0xc6/0x2a0
[  898.460523][T14382]  __se_sys_ioctl+0x46/0x170
[  898.465137][T14382]  do_syscall_64+0xf3/0x230
[  898.469673][T14382]  ? clear_bhb_loop+0x35/0x90
[  898.474370][T14382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  898.480286][T14382] RIP: 0033:0x7f54faf85d29
[  898.484726][T14382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  898.504354][T14382] RSP: 002b:00007f54fbdd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  898.512797][T14382] RAX: ffffffffffffffda RBX: 00007f54fb175fa0 RCX: 00007f54faf85d29
[  898.520795][T14382] RDX: 0000000020000040 RSI: 00000000404c534a RDI: 0000000000000007
[  898.528874][T14382] RBP: 00007f54fbdd8090 R08: 0000000000000000 R09: 0000000000000000
[  898.536873][T14382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  898.544861][T14382] R13: 0000000000000000 R14: 00007f54fb175fa0 R15: 00007ffcffcf1338
[  898.552948][T14382]  </TASK>
[  899.500635][T14382] ERROR: Out of memory at tomoyo_realpath_from_path.
[  899.601594][T14064] hsr_slave_0: left promiscuous mode
[  899.628261][T14064] hsr_slave_1: left promiscuous mode
[  899.660170][T14064] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  899.692517][T14064] batman_adv: batadv0: Removing interface: batadv_slave_0
[  899.729336][T14064] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  899.753852][T14064] batman_adv: batadv0: Removing interface: batadv_slave_1
[  899.815822][T14064] veth1_macvtap: left promiscuous mode
[  899.827153][T14064] veth0_macvtap: left promiscuous mode
[  899.833037][T14064] veth1_vlan: left promiscuous mode
[  899.854814][T14064] veth0_vlan: left promiscuous mode
[  900.294758][ T5826] Bluetooth: hci4: command tx timeout
[  900.391972][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  900.403701][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  901.271413][T14064] team0 (unregistering): Port device team_slave_1 removed
[  901.337842][T14064] team0 (unregistering): Port device team_slave_0 removed
[  902.054431][T14395] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2444'.
[  902.387104][T14326] chnl_net:caif_netlink_parms(): no params data found
[  904.418922][T14326] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.429415][T14326] bridge0: port 1(bridge_slave_0) entered disabled state
[  904.457969][T14326] bridge_slave_0: entered allmulticast mode
[  904.499470][T14326] bridge_slave_0: entered promiscuous mode
[  904.539332][T14326] bridge0: port 2(bridge_slave_1) entered blocking state
[  904.550618][T14326] bridge0: port 2(bridge_slave_1) entered disabled state
[  904.570032][T14326] bridge_slave_1: entered allmulticast mode
[  904.712086][T14456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2459'.
[  905.555304][T14326] bridge_slave_1: entered promiscuous mode
[  906.354694][T14326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  906.419192][T14326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  907.379153][T14326] team0: Port device team_slave_0 added
[  907.592379][T14326] team0: Port device team_slave_1 added
[  907.661183][T14326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  907.687759][T14326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  907.721334][T14326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  907.746209][T14326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  907.755547][T14326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  907.787445][T14326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  907.874899][T14326] hsr_slave_0: entered promiscuous mode
[  907.893645][T14326] hsr_slave_1: entered promiscuous mode
[  907.927213][T14326] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  907.957686][T14326] Cannot create hsr debugfs directory
[  909.016050][T14482] netlink: 'syz.5.2465': attribute type 2 has an invalid length.
[  909.126840][T14470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  909.137563][T14470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  910.754249][T14494] netlink: 'syz.0.2467': attribute type 10 has an invalid length.
[  911.138590][T14494] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2467'.
[  911.190956][T14494] 
: entered promiscuous mode
[  911.257695][T14494] 
: entered allmulticast mode
[  911.288068][T14494] veth0_vlan: entered allmulticast mode
[  911.364202][T14500] loop4: detected capacity change from 0 to 16384
[  911.474710][T14494] A link change request failed with some changes committed already. Interface 
5
0
 may have been left with an inconsistent configuration, please check.
[  912.005532][T14489] tmpfs: Bad value for 'mpol'
[  912.116328][T14326] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  912.128903][T14326] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  912.151003][T14326] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  912.377319][T14511] netlink: 'syz.2.2473': attribute type 2 has an invalid length.
[  913.048601][T14326] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  913.183124][T14514] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2474'.
[  913.486835][T14326] 8021q: adding VLAN 0 to HW filter on device bond0
[  913.523641][T14326] 8021q: adding VLAN 0 to HW filter on device team0
[  913.536649][T14520] (syz.2.2475,14520,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  913.545947][T14520] (syz.2.2475,14520,1):ocfs2_fill_super:1178 ERROR: status = -22
[  913.571888][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  913.579241][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  913.580542][T14524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2477'.
[  913.612126][T14524] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  913.792075][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  913.799336][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  914.431525][   T29] audit: type=1326 audit(1734711980.272:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14532 comm="syz.2.2479" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54faf85d29 code=0x0
[  914.633680][T14326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  914.876498][    T9] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[  915.061944][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  915.095846][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  915.099081][T14326] veth0_vlan: entered promiscuous mode
[  915.134143][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  915.139718][T14326] veth1_vlan: entered promiscuous mode
[  915.149212][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.168900][    T9] usb 4-1: Product: syz
[  915.173137][    T9] usb 4-1: Manufacturer: syz
[  915.190689][    T9] usb 4-1: SerialNumber: syz
[  915.238972][T14326] veth0_macvtap: entered promiscuous mode
[  915.274945][T14326] veth1_macvtap: entered promiscuous mode
[  915.317462][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.338989][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.378720][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.389929][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.399945][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.410669][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.423119][T14326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  915.434397][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.445254][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.455380][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.465936][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.476149][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.486946][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.498442][T14326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  915.509908][T14326] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  915.518979][T14326] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  915.527755][T14326] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  915.536678][T14326] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  915.757353][T14549] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2482'.
[  915.767379][T14549] 0ªX¹¦À: renamed from caif0
[  915.783253][T14549] 0ªX¹¦À: entered allmulticast mode
[  915.789708][T14549] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  915.833397][ T1324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.850319][ T1324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  915.890451][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.899110][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  917.447843][T14566] tipc: Started in network mode
[  917.453278][T14566] tipc: Node identity 220611b30f26, cluster identity 4711
[  917.462908][T14566] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  917.471885][T14566] syzkaller0: entered promiscuous mode
[  917.477725][T14566] syzkaller0: entered allmulticast mode
[  917.492536][T14566] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2488'.
[  917.541934][T14566] tipc: Resetting bearer <eth:syzkaller0>
[  917.572508][T14564] tipc: Resetting bearer <eth:syzkaller0>
[  917.622932][T14564] tipc: Disabling bearer <eth:syzkaller0>
[  917.690578][    T9] usb 4-1: 0:2 : does not exist
[  917.709999][    T9] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  917.951338][    T9] usb 4-1: USB disconnect, device number 56
[  918.025598][T14576] (syz.0.2490,14576,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  918.034503][T14576] (syz.0.2490,14576,0):ocfs2_fill_super:1178 ERROR: status = -22
[  918.502979][T10424] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.173675][T10424] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.255751][T10424] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.337160][T10424] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.466644][T10424] bridge_slave_1: left allmulticast mode
[  919.472378][T10424] bridge_slave_1: left promiscuous mode
[  919.478319][T10424] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.487353][T10424] bridge_slave_0: left allmulticast mode
[  919.493027][T10424] bridge_slave_0: left promiscuous mode
[  919.499262][T10424] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.877413][T14597] FAULT_INJECTION: forcing a failure.
[  919.877413][T14597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.954491][T14597] CPU: 0 UID: 0 PID: 14597 Comm: syz.2.2498 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[  919.965428][T14597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  919.975531][T14597] Call Trace:
[  919.978847][T14597]  <TASK>
[  919.981824][T14597]  dump_stack_lvl+0x241/0x360
[  919.986563][T14597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  919.991903][T14597]  ? __pfx__printk+0x10/0x10
[  919.996727][T14597]  ? __pfx_lock_release+0x10/0x10
[  920.001819][T14597]  should_fail_ex+0x3b0/0x4e0
[  920.006552][T14597]  _copy_from_user+0x2f/0xc0
[  920.011209][T14597]  do_sys_poll+0x248/0x15d0
[  920.015790][T14597]  ? _parse_integer_limit+0x1b5/0x200
[  920.021218][T14597]  ? __pfx_do_sys_poll+0x10/0x10
[  920.026217][T14597]  ? mark_lock+0x9a/0x360
[  920.030599][T14597]  ? __lock_acquire+0x1397/0x2100
[  920.035732][T14597]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  920.042118][T14597]  ? ktime_get_ts64+0x9f/0x430
[  920.046930][T14597]  ? seqcount_lockdep_reader_access+0x157/0x220
[  920.053255][T14597]  ? __pfx_timespec64_add_safe+0x10/0x10
[  920.058944][T14597]  __se_sys_poll+0x1c5/0x400
[  920.063599][T14597]  ? __pfx___se_sys_poll+0x10/0x10
[  920.068765][T14597]  ? do_syscall_64+0x100/0x230
[  920.073601][T14597]  ? do_syscall_64+0xb6/0x230
[  920.078350][T14597]  do_syscall_64+0xf3/0x230
[  920.082914][T14597]  ? clear_bhb_loop+0x35/0x90
[  920.087672][T14597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  920.093622][T14597] RIP: 0033:0x7f54faf85d29
[  920.098082][T14597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  920.117739][T14597] RSP: 002b:00007f54fbdb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  920.126207][T14597] RAX: ffffffffffffffda RBX: 00007f54fb176080 RCX: 00007f54faf85d29
[  920.134232][T14597] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000000020000000
[  920.142288][T14597] RBP: 00007f54fbdb7090 R08: 0000000000000000 R09: 0000000000000000
[  920.150329][T14597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  920.158340][T14597] R13: 0000000000000000 R14: 00007f54fb176080 R15: 00007ffcffcf1338
[  920.166378][T14597]  </TASK>
[  921.244470][T14610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2501'.
[  921.253681][T14610] netlink: 'syz.2.2501': attribute type 1 has an invalid length.
[  921.267848][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  921.281448][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  921.291284][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  921.303803][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  921.314084][ T5833] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  921.321635][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  921.493768][   T46] usb 4-1: new full-speed USB device number 57 using dummy_hcd
[  921.749440][T10424] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  921.750682][   T46] usb 4-1: device descriptor read/64, error -71
[  921.984408][T10424] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.147772][T10424] bond0 (unregistering): Released all slaves
[  922.914217][   T46] usb 4-1: new full-speed USB device number 58 using dummy_hcd
[  922.941105][T14627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  922.949977][T14627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  923.247051][   T46] usb 4-1: device descriptor read/64, error -71
[  923.258607][T14635] (syz.0.2506,14635,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  923.267329][T14635] (syz.0.2506,14635,1):ocfs2_fill_super:1178 ERROR: status = -22
[  923.387765][   T46] usb usb4-port1: attempt power cycle
[  923.555981][T14612] chnl_net:caif_netlink_parms(): no params data found
[  923.557499][ T5826] Bluetooth: hci4: command tx timeout
[  924.323404][T10424] hsr_slave_0: left promiscuous mode
[  924.357470][T14649] infiniband syz2: set active
[  924.362397][T14649] infiniband syz2: added team_slave_1
[  924.370584][T10424] hsr_slave_1: left promiscuous mode
[  924.387522][T10424] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  924.490904][T10424] batman_adv: batadv0: Removing interface: batadv_slave_0
[  924.526621][T14649] RDS/IB: syz2: added
[  924.530838][T14649] smc: adding ib device syz2 with port count 1
[  924.537111][T14649] smc:    ib device syz2 port 1 has pnetid 
[  925.204566][T10424] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  925.216861][T10424] batman_adv: batadv0: Removing interface: batadv_slave_1
[  925.274861][T10424] veth1_macvtap: left promiscuous mode
[  925.280770][T10424] veth0_macvtap: left promiscuous mode
[  925.286431][T10424] veth1_vlan: left promiscuous mode
[  925.292196][T10424] veth0_vlan: left promiscuous mode
[  926.125115][T14664] syz.2.2513 (14664): drop_caches: 2
[  926.676745][ T5826] Bluetooth: hci4: command tx timeout
[  927.342673][T14673] netlink: 'syz.2.2516': attribute type 5 has an invalid length.
[  929.159330][ T5826] Bluetooth: hci4: command tx timeout
[  929.445003][T10424] team0 (unregistering): Port device team_slave_1 removed
[  929.564278][T10424] team0 (unregistering): Port device team_slave_0 removed
[  931.425502][ T5826] Bluetooth: hci4: command tx timeout
[  933.538748][T14719] (syz.0.2529,14719,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  933.547723][T14719] (syz.0.2529,14719,0):ocfs2_fill_super:1178 ERROR: status = -22
[  934.988198][T14612] bridge0: port 1(bridge_slave_0) entered blocking state
[  935.013227][T14612] bridge0: port 1(bridge_slave_0) entered disabled state
[  935.038479][T14612] bridge_slave_0: entered allmulticast mode
[  935.070991][T14612] bridge_slave_0: entered promiscuous mode
[  935.081506][T14612] bridge0: port 2(bridge_slave_1) entered blocking state
[  935.088735][T14612] bridge0: port 2(bridge_slave_1) entered disabled state
[  935.096122][T14612] bridge_slave_1: entered allmulticast mode
[  935.103390][T14612] bridge_slave_1: entered promiscuous mode
[  935.400151][T14612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  935.447991][T14612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  936.843932][T14750] xt_hashlimit: size too large, truncated to 1048576
[  937.319737][T14612] team0: Port device team_slave_0 added
[  937.326480][T14754] netdevsim netdevsim2 »»»»»»: renamed from netdevsim0 (while UP)
[  937.340883][T14612] team0: Port device team_slave_1 added
[  937.398821][T14612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  937.421997][T14612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  937.485502][T14612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  937.515158][T14612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  937.583574][T14612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  937.704695][ T5826] Bluetooth: hci5: unexpected event 0x06 length: 4 > 3
[  937.801743][T14612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  937.972740][T14612] hsr_slave_0: entered promiscuous mode
[  937.985116][T14612] hsr_slave_1: entered promiscuous mode
[  938.174670][T14612] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  938.189537][T14612] Cannot create hsr debugfs directory
[  938.308631][T14764] (syz.5.2543,14764,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  938.317624][T14764] (syz.5.2543,14764,0):ocfs2_fill_super:1178 ERROR: status = -22
[  939.903045][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  941.267340][T14786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  941.320603][T14612] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  941.361165][T14612] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  941.383294][T14612] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  941.437454][T14612] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  941.689277][T14786] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  941.701608][T14612] 8021q: adding VLAN 0 to HW filter on device bond0
[  941.775136][T14612] 8021q: adding VLAN 0 to HW filter on device team0
[  941.806682][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  941.806760][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  941.837915][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  941.837990][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  941.944398][T14612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  942.828872][T14799] syz.3.2547 (14799): drop_caches: 2
[  943.120758][ T5826] Bluetooth: hci5: command 0x0406 tx timeout
[  943.873617][T14612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  945.745842][T14830] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2558'.
[  945.826094][T14827] ieee802154 phy0 wpan0: encryption failed: -22
[  945.890178][T14835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2561'.
[  945.938162][T14612] veth0_vlan: entered promiscuous mode
[  945.941997][T14835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2561'.
[  945.949798][T14612] veth1_vlan: entered promiscuous mode
[  945.979102][T14612] veth0_macvtap: entered promiscuous mode
[  945.988527][T14612] veth1_macvtap: entered promiscuous mode
[  946.017079][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  946.058295][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.072723][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  946.083365][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.094390][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  946.105038][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.116527][T14612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  946.176420][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  946.187256][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.241493][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  946.252369][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.278836][T14612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  946.297835][T14612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  946.321524][T14612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  946.359897][T14612] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  946.371897][T14612] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  946.382120][T14612] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  946.391890][T14612] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  946.763431][T14850] netlink: 'syz.0.2563': attribute type 2 has an invalid length.
[  947.363451][T10424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  947.371390][T10424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.520977][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  947.549175][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.861659][T14856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  947.870331][T14856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  948.408369][T14872] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2570'.
[  948.425368][T14872] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2570'.
[  948.453358][   T29] audit: type=1326 audit(1734714590.089:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.491988][   T29] audit: type=1326 audit(1734714590.098:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.533562][   T29] audit: type=1326 audit(1734714590.098:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.589245][   T29] audit: type=1326 audit(1734714590.098:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.630192][   T29] audit: type=1326 audit(1734714590.098:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.706575][   T29] audit: type=1326 audit(1734714590.098:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14853 comm="syz.3.2566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bb185d29 code=0x7ffc0000
[  948.728167][    C0] vkms_vblank_simulate: vblank timer overrun
[  948.987057][ T5870] usb 6-1: new full-speed USB device number 37 using dummy_hcd
[  949.149320][ T5870] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  949.165666][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  949.184734][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  949.205198][ T5870] usb 6-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  949.215130][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.229813][ T5870] usb 6-1: Product: syz
[  949.235259][ T5870] usb 6-1: Manufacturer: syz
[  949.240776][ T5870] usb 6-1: SerialNumber: syz
[  949.252782][ T5870] usb 6-1: config 0 descriptor??
[  949.515488][ T5870] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  949.523442][ T5870] powermate 6-1:0.0: probe with driver powermate failed with error -5
[  949.543704][ T5870] usb 6-1: USB disconnect, device number 37
[  950.329829][T14889] x_tables: duplicate underflow at hook 3
[  951.692091][   T61] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  951.956645][   T61] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.037471][   T61] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.115893][   T61] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.209778][   T61] bridge_slave_1: left allmulticast mode
[  952.215584][   T61] bridge_slave_1: left promiscuous mode
[  952.221384][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.230759][   T61] bridge_slave_0: left allmulticast mode
[  952.236703][   T61] bridge_slave_0: left promiscuous mode
[  952.242507][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.655306][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  952.667226][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  952.678045][   T61] bond0 (unregistering): Released all slaves
[  952.946041][T14909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2582'.
[  952.982347][T14909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2582'.
[  953.082203][ T5833] Bluetooth: hci5: unexpected event for opcode 0x0c22
[  953.142044][T12921] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  953.154186][T12921] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  953.170173][T12921] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  953.180073][T12921] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  953.188042][T12921] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  953.196567][T12921] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  953.614082][   T61] hsr_slave_0: left promiscuous mode
[  953.622387][   T61] hsr_slave_1: left promiscuous mode
[  953.631587][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  953.645413][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  953.666399][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  953.669092][T14930] nbd: must specify an index to disconnect
[  953.680887][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  953.742479][   T61] veth1_macvtap: left promiscuous mode
[  953.756614][   T61] veth0_macvtap: left promiscuous mode
[  953.773830][   T61] veth1_vlan: left promiscuous mode
[  953.781251][   T61] veth0_vlan: left promiscuous mode
[  955.149180][   T61] team0 (unregistering): Port device team_slave_1 removed
[  955.246240][   T61] team0 (unregistering): Port device team_slave_0 removed
[  955.453739][T12921] Bluetooth: hci4: command tx timeout
[  956.686519][T14929] netlink: 'syz.0.2587': attribute type 1 has an invalid length.
[  957.069350][T14955] Invalid source name
[  957.253287][T14919] chnl_net:caif_netlink_parms(): no params data found
[  957.259322][T14964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.275665][T14964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.303273][    T9] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  957.475004][    T9] usb 4-1: Using ep0 maxpacket: 8
[  957.482009][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  957.498973][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC7, changing to 0x87
[  957.530820][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0
[  957.681727][T12921] Bluetooth: hci4: command tx timeout
[  957.716895][    T9] usb 4-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  957.726345][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.740894][    T9] usb 4-1: Product: syz
[  957.745152][    T9] usb 4-1: Manufacturer: syz
[  957.749794][    T9] usb 4-1: SerialNumber: syz
[  957.756103][T14970] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2598'.
[  957.768615][    T9] usb 4-1: config 0 descriptor??
[  957.777434][    T9] smsusb:smsusb_probe: board id=2, interface number 0
[  957.800492][    T9] smsusb:smsusb_probe: Device initialized with return code -19
[  957.813241][T14968] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2598'.
[  957.823804][T14919] bridge0: port 1(bridge_slave_0) entered blocking state
[  957.831208][T14919] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.838535][T14919] bridge_slave_0: entered allmulticast mode
[  957.845923][T14919] bridge_slave_0: entered promiscuous mode
[  957.854967][T14919] bridge0: port 2(bridge_slave_1) entered blocking state
[  957.862249][T14919] bridge0: port 2(bridge_slave_1) entered disabled state
[  957.869566][T14919] bridge_slave_1: entered allmulticast mode
[  957.876793][T14919] bridge_slave_1: entered promiscuous mode
[  957.945870][T14919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  957.982782][T14919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  958.086528][T14919] team0: Port device team_slave_0 added
[  958.110337][T14919] team0: Port device team_slave_1 added
[  959.346388][T14919] batman_adv: batadv0: Adding interface: batadv_slave_0
[  959.353485][T14919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  959.395362][T14919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  959.444629][T14919] batman_adv: batadv0: Adding interface: batadv_slave_1
[  959.452007][T14919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  959.478495][T14919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  959.643472][T14919] hsr_slave_0: entered promiscuous mode
[  959.666929][T14919] hsr_slave_1: entered promiscuous mode
[  959.683650][T14919] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  959.698297][T14919] Cannot create hsr debugfs directory
[  959.900136][T12921] Bluetooth: hci4: command tx timeout
[  960.781986][    T8] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  961.011773][    T8] usb 6-1: Using ep0 maxpacket: 32
[  961.021828][    T8] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  961.060218][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  961.083193][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  961.109435][    T8] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  961.147036][    T8] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  961.161405][    T8] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  961.185889][    T8] usb 6-1: Product: syz
[  961.190127][    T8] usb 6-1: Manufacturer: syz
[  961.230259][    T8] usb 6-1: SerialNumber: syz
[  961.444887][    T8] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input35
[  961.480250][    T8] input: failed to attach handler mousedev to device input35, error: -5
[  961.980587][    T8] usb 6-1: USB disconnect, device number 38
[  961.996387][    T8] appletouch 6-1:1.0: input: appletouch disconnected
[  962.134539][T12921] Bluetooth: hci4: command tx timeout
[  962.565600][T14919] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  962.628982][T14919] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  962.683663][T14919] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  962.731125][T14919] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  963.142170][T14327] usb 4-1: USB disconnect, device number 60
[  963.159825][T14919] 8021q: adding VLAN 0 to HW filter on device bond0
[  963.217826][T14919] 8021q: adding VLAN 0 to HW filter on device team0
[  963.251385][T14064] bridge0: port 1(bridge_slave_0) entered blocking state
[  963.258610][T14064] bridge0: port 1(bridge_slave_0) entered forwarding state
[  963.290345][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state
[  963.297593][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  963.868274][T14919] 8021q: adding VLAN 0 to HW filter on device batadv0
[  965.791430][T15063] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2622'.
[  965.810447][T15061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2621'.
[  965.853727][T15061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2621'.
[  966.043369][T14919] veth0_vlan: entered promiscuous mode
[ 1078.259440][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1078.266487][    C0] rcu: 	1-...!: (0 ticks this GP) idle=c36c/1/0x4000000000000000 softirq=62743/62744 fqs=0
[ 1078.278450][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P15057/1:b..l
[ 1078.286501][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=69725, q=166 ncpus=2)
[ 1078.294272][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1078.294313][    C1] NMI backtrace for cpu 1
[ 1078.294330][    C1] CPU: 1 UID: 0 PID: 15065 Comm: syz.3.2623 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[ 1078.294352][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 1078.294366][    C1] RIP: 0010:kasan_check_range+0x86/0x290
[ 1078.294408][    C1] Code: 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 <0f> 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00 00 45 89 dc
[ 1078.294425][    C1] RSP: 0018:ffffc90000a189f0 EFLAGS: 00000046
[ 1078.294442][    C1] RAX: 0000000000000001 RBX: 1ffffffff2030a36 RCX: ffffffff817aaec4
[ 1078.294457][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff901851b0
[ 1078.294470][    C1] RBP: ffffffffffffffff R08: ffffffff901851b7 R09: 1ffffffff2030a36
[ 1078.294485][    C1] R10: dffffc0000000000 R11: fffffbfff2030a36 R12: 1ffff9200014314c
[ 1078.294499][    C1] R13: dffffc0000000000 R14: dffffc0000000001 R15: fffffbfff2030a37
[ 1078.294514][    C1] FS:  00007f92bbeec6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1078.294532][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1078.294545][    C1] CR2: 00007f92b8ff3f70 CR3: 000000004ba58000 CR4: 00000000003526f0
[ 1078.294562][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1078.294574][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1078.294586][    C1] Call Trace:
[ 1078.294595][    C1]  <NMI>
[ 1078.294607][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1078.294633][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1078.294655][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1078.294676][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1078.294705][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1078.294733][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1078.294753][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1078.294774][    C1]  ? kasan_check_range+0x86/0x290
[ 1078.294800][    C1]  ? default_do_nmi+0x63/0x160
[ 1078.294821][    C1]  ? exc_nmi+0x123/0x1f0
[ 1078.294840][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1078.294863][    C1]  ? lock_acquire+0xd4/0x550
[ 1078.294882][    C1]  ? kasan_check_range+0x86/0x290
[ 1078.294910][    C1]  ? kasan_check_range+0x86/0x290
[ 1078.294937][    C1]  ? kasan_check_range+0x86/0x290
[ 1078.294964][    C1]  </NMI>
[ 1078.294970][    C1]  <IRQ>
[ 1078.294978][    C1]  lock_acquire+0xd4/0x550
[ 1078.295001][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1078.295024][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1078.295054][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1078.295080][    C1]  _raw_spin_lock_irqsave+0xd5/0x120
[ 1078.295103][    C1]  ? debug_object_deactivate+0x158/0x390
[ 1078.295132][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1078.295162][    C1]  debug_object_deactivate+0x158/0x390
[ 1078.295193][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1078.295223][    C1]  ? timerqueue_add+0x260/0x290
[ 1078.295248][    C1]  debug_deactivate+0x1b/0x220
[ 1078.295275][    C1]  __hrtimer_run_queues+0x305/0xd30
[ 1078.295309][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1078.295333][    C1]  ? sched_clock+0x4a/0x70
[ 1078.295358][    C1]  ? read_tsc+0x9/0x20
[ 1078.295383][    C1]  ? ktime_get_update_offsets_now+0x393/0x3b0
[ 1078.295412][    C1]  hrtimer_interrupt+0x403/0xa40
[ 1078.295449][    C1]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1078.295473][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1078.295498][    C1]  </IRQ>
[ 1078.295505][    C1]  <TASK>
[ 1078.295512][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1078.295541][    C1] RIP: 0010:finish_task_switch+0x1ea/0x870
[ 1078.295566][    C1] Code: c9 50 e8 59 0c 0c 00 48 83 c4 08 4c 89 f7 e8 ed 39 00 00 0f 1f 44 00 00 4c 89 f7 e8 50 b8 54 0a e8 eb 8a 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
[ 1078.295582][    C1] RSP: 0018:ffffc9000530f568 EFLAGS: 00000286
[ 1078.295598][    C1] RAX: 9b25e5feae9a1f00 RBX: ffff888030631e00 RCX: ffffffff9a377903
[ 1078.295612][    C1] RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: ffffffff8c5edb60
[ 1078.295627][    C1] RBP: ffffc9000530f5b0 R08: ffffffff901851b7 R09: 1ffffffff2030a36
[ 1078.295642][    C1] R10: dffffc0000000000 R11: fffffbfff2030a37 R12: 1ffff110170e7eac
[ 1078.295656][    C1] R13: dffffc0000000000 R14: ffff8880b873e740 R15: ffff8880b873f560
[ 1078.295680][    C1]  ? finish_task_switch+0x1e5/0x870
[ 1078.295706][    C1]  __schedule+0x1803/0x4be0
[ 1078.295742][    C1]  ? __pfx___schedule+0x10/0x10
[ 1078.295767][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1078.295795][    C1]  ? schedule+0x90/0x320
[ 1078.295817][    C1]  schedule+0x14b/0x320
[ 1078.295841][    C1]  schedule_timeout+0xb0/0x290
[ 1078.295862][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1078.295882][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1078.295906][    C1]  ? wait_for_completion+0x2fe/0x620
[ 1078.295931][    C1]  ? wait_for_completion+0x2fe/0x620
[ 1078.295953][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1078.295975][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1078.295999][    C1]  ? wait_for_completion+0x2fe/0x620
[ 1078.296024][    C1]  wait_for_completion+0x355/0x620
[ 1078.296048][    C1]  ? __smp_call_single_queue+0x11a/0x3a0
[ 1078.296079][    C1]  ? __pfx_wait_for_completion+0x10/0x10
[ 1078.296108][    C1]  ? smp_call_function_single_async+0xb4/0x110
[ 1078.296135][    C1]  rdmsr_safe_on_cpu+0x16c/0x310
[ 1078.296163][    C1]  ? __pfx_rdmsr_safe_on_cpu+0x10/0x10
[ 1078.296190][    C1]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[ 1078.296216][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1078.296241][    C1]  ? __might_fault+0xaa/0x120
[ 1078.296263][    C1]  ? __might_fault+0xc6/0x120
[ 1078.296288][    C1]  msr_read+0x15d/0x260
[ 1078.296312][    C1]  ? __pfx_msr_read+0x10/0x10
[ 1078.296336][    C1]  ? rw_verify_area+0x568/0x6f0
[ 1078.296357][    C1]  ? __pfx_msr_read+0x10/0x10
[ 1078.296380][    C1]  vfs_read+0x1fc/0xb70
[ 1078.296410][    C1]  ? __pfx_vfs_read+0x10/0x10
[ 1078.296434][    C1]  ? __fget_files+0x2a/0x410
[ 1078.296453][    C1]  ? __fget_files+0x395/0x410
[ 1078.296469][    C1]  ? __fget_files+0x2a/0x410
[ 1078.296491][    C1]  ksys_read+0x18f/0x2b0
[ 1078.296515][    C1]  ? __pfx_ksys_read+0x10/0x10
[ 1078.296537][    C1]  ? do_syscall_64+0x100/0x230
[ 1078.296565][    C1]  ? do_syscall_64+0xb6/0x230
[ 1078.296593][    C1]  do_syscall_64+0xf3/0x230
[ 1078.296619][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1078.296638][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1078.296665][    C1] RIP: 0033:0x7f92bb185d29
[ 1078.296684][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1078.296699][    C1] RSP: 002b:00007f92bbeec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1078.296718][    C1] RAX: ffffffffffffffda RBX: 00007f92bb375fa0 RCX: 00007f92bb185d29
[ 1078.296731][    C1] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000007
[ 1078.296744][    C1] RBP: 00007f92bb201aa8 R08: 0000000000000000 R09: 0000000000000000
[ 1078.296756][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1078.296768][    C1] R13: 0000000000000000 R14: 00007f92bb375fa0 R15: 00007ffc98ccb2e8
[ 1078.296790][    C1]  </TASK>
[ 1078.297307][    C0] task:syz.5.2622      state:R  running task     stack:22784 pid:15057 tgid:15057 ppid:9651   flags:0x00004002
[ 1078.991774][    C0] Call Trace:
[ 1078.995111][    C0]  <TASK>
[ 1078.998075][    C0]  __schedule+0x17fb/0x4be0
[ 1079.002655][    C0]  ? __pfx___schedule+0x10/0x10
[ 1079.007552][    C0]  ? __page_table_check_ptes_set+0x30f/0x410
[ 1079.013590][    C0]  ? preempt_schedule+0xe1/0xf0
[ 1079.018481][    C0]  preempt_schedule_common+0x84/0xd0
[ 1079.023805][    C0]  preempt_schedule+0xe1/0xf0
[ 1079.028535][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[ 1079.033985][    C0]  preempt_schedule_thunk+0x1a/0x30
[ 1079.039239][    C0]  _raw_spin_unlock+0x3e/0x50
[ 1079.043964][    C0]  vm_insert_page+0x4ec/0x710
[ 1079.048698][    C0]  ? __pfx_vm_insert_page+0x10/0x10
[ 1079.053955][    C0]  kcov_mmap+0xd7/0x140
[ 1079.058148][    C0]  __mmap_region+0x2204/0x2cd0
[ 1079.062976][    C0]  ? __pfx___mmap_region+0x10/0x10
[ 1079.068126][    C0]  ? __schedule+0x1803/0x4be0
[ 1079.072905][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1079.079278][    C0]  ? irqentry_exit+0x63/0x90
[ 1079.083909][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1079.089156][    C0]  ? __get_unmapped_area+0x3bb/0x450
[ 1079.094493][    C0]  ? security_mmap_addr+0xe/0x250
[ 1079.099569][    C0]  ? cap_mmap_addr+0x163/0x2c0
[ 1079.104387][    C0]  mmap_region+0x226/0x2c0
[ 1079.108854][    C0]  do_mmap+0x8f0/0x1000
[ 1079.113058][    C0]  ? __pfx_do_mmap+0x10/0x10
[ 1079.117681][    C0]  ? __pfx_down_write_killable+0x10/0x10
[ 1079.123369][    C0]  vm_mmap_pgoff+0x1dd/0x3d0
[ 1079.128026][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1079.133199][    C0]  ? __fget_files+0x2a/0x410
[ 1079.137836][    C0]  ? __fget_files+0x395/0x410
[ 1079.142550][    C0]  ? __fget_files+0x2a/0x410
[ 1079.147177][    C0]  ksys_mmap_pgoff+0x4eb/0x720
[ 1079.151976][    C0]  ? __x64_sys_mmap+0x7f/0x140
[ 1079.156782][    C0]  do_syscall_64+0xf3/0x230
[ 1079.161331][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1079.166040][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1079.171975][    C0] RIP: 0033:0x7ffa3c785d63
[ 1079.176418][    C0] RSP: 002b:00007ffe9aacd488 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1079.184885][    C0] RAX: ffffffffffffffda RBX: 00007ffa3c9762d8 RCX: 00007ffa3c785d63
[ 1079.192902][    C0] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007ffa3a1f6000
[ 1079.200905][    C0] RBP: 00007ffa3c976240 R08: 00000000000000db R09: 0000000000000000
[ 1079.208909][    C0] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000003
[ 1079.216906][    C0] R13: 00007ffa3c976240 R14: 0000000000000003 R15: 000000000000150b
[ 1079.224952][    C0]  </TASK>
[ 1079.228015][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g69725 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1079.239329][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1079.249324][    C0] rcu: RCU grace-period kthread stack dump:
[ 1079.255251][    C0] task:rcu_preempt     state:R  running task     stack:25976 pid:17    tgid:17    ppid:2      flags:0x00004000
[ 1079.267080][    C0] Call Trace:
[ 1079.270388][    C0]  <TASK>
[ 1079.273350][    C0]  __schedule+0x17fb/0x4be0
[ 1079.277921][    C0]  ? __pfx___schedule+0x10/0x10
[ 1079.282812][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1079.287881][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1079.294332][    C0]  ? schedule+0x90/0x320
[ 1079.298610][    C0]  schedule+0x14b/0x320
[ 1079.302803][    C0]  schedule_timeout+0x15a/0x290
[ 1079.307688][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1079.313098][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1079.318432][    C0]  ? prepare_to_swait_event+0x330/0x350
[ 1079.324016][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[ 1079.328900][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1079.334144][    C0]  ? rcu_gp_init+0x1256/0x1630
[ 1079.338950][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1079.343921][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1079.350112][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1079.355431][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1079.361366][    C0]  ? finish_swait+0xd4/0x1e0
[ 1079.365992][    C0]  rcu_gp_kthread+0xa7/0x3b0
[ 1079.370619][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1079.375847][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1079.381783][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1079.386845][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1079.392080][    C0]  kthread+0x2f0/0x390
[ 1079.396188][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1079.401423][    C0]  ? __pfx_kthread+0x10/0x10
[ 1079.406050][    C0]  ret_from_fork+0x4b/0x80
[ 1079.410494][    C0]  ? __pfx_kthread+0x10/0x10
[ 1079.415120][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1079.419939][    C0]  </TASK>
[ 1079.422986][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1079.429335][    C0] CPU: 0 UID: 0 PID: 14064 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00136-g8faabc041a00 #0
[ 1079.440302][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 1079.450391][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 1079.456946][    C0] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2c60
[ 1079.463746][    C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 56 e9 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 01 e5 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 e5 e4
[ 1079.483394][    C0] RSP: 0018:ffffc900039af6e0 EFLAGS: 00000293
[ 1079.489497][    C0] RAX: ffffffff81938ebb RBX: 1ffff110170e88b9 RCX: ffff8880308a9e00
[ 1079.497499][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1079.505495][    C0] RBP: ffffc900039af8e0 R08: ffffffff81938e8a R09: 1ffffffff284e110
[ 1079.513495][    C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000
[ 1079.521497][    C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001
[ 1079.529499][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1079.538460][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1079.545072][    C0] CR2: 00007ffcffcefe28 CR3: 000000000e736000 CR4: 00000000003526f0
[ 1079.553080][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1079.561080][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1079.569078][    C0] Call Trace:
[ 1079.572382][    C0]  <IRQ>
[ 1079.575259][    C0]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[ 1079.581658][    C0]  ? print_other_cpu_stall+0x1481/0x15c0
[ 1079.587342][    C0]  ? __pfx_print_other_cpu_stall+0x10/0x10
[ 1079.593197][    C0]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[ 1079.599483][    C0]  ? rcu_sched_clock_irq+0xa26/0x10e0
[ 1079.604902][    C0]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 1079.610598][    C0]  ? update_process_times+0x242/0x2f0
[ 1079.616009][    C0]  ? tick_nohz_handler+0x37c/0x500
[ 1079.621167][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 1079.626669][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[ 1079.632102][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1079.637858][    C0]  ? sched_clock+0x4a/0x70
[ 1079.642380][    C0]  ? read_tsc+0x9/0x20
[ 1079.646517][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[ 1079.652630][    C0]  ? hrtimer_interrupt+0x403/0xa40
[ 1079.657804][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 1079.663993][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1079.669837][    C0]  </IRQ>
[ 1079.672800][    C0]  <TASK>
[ 1079.675755][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1079.681956][    C0]  ? smp_call_function_many_cond+0x19da/0x2c60
[ 1079.688147][    C0]  ? smp_call_function_many_cond+0x1a0b/0x2c60
[ 1079.694346][    C0]  ? smp_call_function_many_cond+0x19f3/0x2c60
[ 1079.700553][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1079.705623][    C0]  ? __pfx___text_poke+0x10/0x10
[ 1079.710593][    C0]  ? process_scheduled_works+0x976/0x1840
[ 1079.716363][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1079.722729][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1079.728060][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1079.733995][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1079.739058][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 1079.744214][    C0]  text_poke_bp_batch+0x352/0xb30
[ 1079.749285][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1079.755308][    C0]  ? arch_jump_label_transform_apply+0x17/0x30
[ 1079.761511][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1079.767106][    C0]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 1079.773403][    C0]  ? process_scheduled_works+0x976/0x1840
[ 1079.779169][    C0]  text_poke_finish+0x30/0x50
[ 1079.783887][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 1079.789914][    C0]  static_key_enable_cpuslocked+0x136/0x260
[ 1079.795859][    C0]  static_key_enable+0x1a/0x20
[ 1079.800664][    C0]  toggle_allocation_gate+0xbc/0x260
[ 1079.805994][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1079.811935][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1079.818313][    C0]  process_scheduled_works+0xa66/0x1840
[ 1079.823936][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1079.829971][    C0]  ? assign_work+0x364/0x3d0
[ 1079.834612][    C0]  worker_thread+0x870/0xd30
[ 1079.839256][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1079.845196][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1079.850269][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1079.855417][    C0]  kthread+0x2f0/0x390
[ 1079.859521][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1079.864754][    C0]  ? __pfx_kthread+0x10/0x10
[ 1079.869387][    C0]  ret_from_fork+0x4b/0x80
[ 1079.873830][    C0]  ? __pfx_kthread+0x10/0x10
[ 1079.878456][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1079.883279][    C0]  </TASK>