last executing test programs:

10m26.460420599s ago: executing program 4 (id=5):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x3c, r0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x1}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xd0}]}, 0x3c}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x38, 0x1403, 0xc23, 0x70bd2e, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syz_tun\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x14f7325d9d03b00}, 0x4000)

10m26.286628496s ago: executing program 4 (id=11):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000006c0)=[@increfs], 0x0, 0x0, 0x0})
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f00000002c0))
r3 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
sendmmsg$inet6(r3, &(0x7f0000002580)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xffffffff, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000380)="98", 0x1}], 0x1}}], 0x1, 0x4000040)
r4 = dup3(r1, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x280, 0x0, 0x9}]})
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r8, 0x6612)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r9, &(0x7f0000006380)={0x2020}, 0x2020)

10m23.650761333s ago: executing program 4 (id=13):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

10m23.177527812s ago: executing program 4 (id=15):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000240)=[0x100040, 0x5])

10m19.124524027s ago: executing program 4 (id=19):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303034303030302c747365725f69643d5ab58ce8c361575df1d41de830c1364b4a", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x80000100008b}, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_BMAP(r0, &(0x7f0000000200)={0x18, 0xffffffffffffffda, r2, {0x5623}}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr, 0x4}, 0x1c)
pipe(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r8, &(0x7f0000000100)={0x1, 0x20, 0x800000000006, 0x20, 0x1}, 0x48)
splice(r7, 0x0, r9, &(0x7f0000000300)=0x2006, 0x1, 0x2)

10m15.58390322s ago: executing program 4 (id=21):
fsopen(&(0x7f0000000280)='xfs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x1)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x5)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f0000000180)='%(,c\xbe\r\xcc:', 0x0)
r5 = userfaultfd(0x1)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000a000200aaaaaaaaaabb000008000900fa000000"], 0x30}}, 0x0)

10m0.538784137s ago: executing program 32 (id=21):
fsopen(&(0x7f0000000280)='xfs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x1)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x5)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f0000000180)='%(,c\xbe\r\xcc:', 0x0)
r5 = userfaultfd(0x1)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000a000200aaaaaaaaaabb000008000900fa000000"], 0x30}}, 0x0)

9m57.568514884s ago: executing program 0 (id=58):
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1, 0x0, 0x0, 0x0, 0x400, 0x7cb}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}, [@FRA_SRC={0x8, 0x2, @private=0xa010101}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f00000002c0)=@v2={0x2000000, [{0x6, 0x7}, {0x4, 0x4}]}, 0x14, 0x1)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

9m54.900803024s ago: executing program 0 (id=60):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380))
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r0, 0x40000000)

9m54.561041173s ago: executing program 0 (id=62):
syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224"], 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000380)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

9m49.583881482s ago: executing program 0 (id=66):
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x80, 0x159)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
semctl$SEM_STAT(0x0, 0x1, 0x12, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x42000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, <r4=>r2})
ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000080)=0x7)

9m46.06271204s ago: executing program 0 (id=75):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r0 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0x3}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x47f5, 0x0, 0x0, 0x0, 0x0)

9m45.463328806s ago: executing program 0 (id=76):
fsopen(&(0x7f0000000280)='xfs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x1)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x5)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0)

9m29.404607883s ago: executing program 33 (id=76):
fsopen(&(0x7f0000000280)='xfs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x1)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x5)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0)

5m54.313175888s ago: executing program 1 (id=454):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x40, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x33, 0x701, 0x0, 0x25dfdbfe, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x24044094)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r4, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000000c0), r4, 0x0, 0x2, 0x4}}, 0x20)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = socket$qrtr(0x2a, 0x2, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000540)={0x0, 0x4663, 0x400, 0x10000006, 0x2cc}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x2, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x40}, @exit], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x80)

5m53.809084835s ago: executing program 1 (id=456):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r4, 0x2000000, 0x30, r5, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
io_setup(0x239f, &(0x7f0000000380)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000b40)=[&(0x7f0000000080)={0x200000000000000, 0x0, 0x0, 0x0, 0x8, r3, 0x0, 0x0, 0x1}])
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)

5m51.291269552s ago: executing program 1 (id=462):
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x10080, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
creat(0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

5m51.177129006s ago: executing program 1 (id=463):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x3e8, 0xf, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

5m50.998872057s ago: executing program 1 (id=464):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x40, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x33, 0x701, 0x0, 0x25dfdbfe, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x24044094)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r4, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000000c0), r4, 0x0, 0x2, 0x4}}, 0x20)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = socket$qrtr(0x2a, 0x2, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000540)={0x0, 0x4663, 0x400, 0x10000006, 0x2cc}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x2, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x40}, @exit], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x80)

5m50.686923138s ago: executing program 1 (id=466):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

5m34.728714784s ago: executing program 34 (id=466):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

2m20.392543303s ago: executing program 7 (id=786):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

2m20.192928764s ago: executing program 7 (id=787):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = io_uring_setup(0x5044, &(0x7f0000000180)={0x0, 0x1082, 0x0, 0x2})
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x50)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x18, &(0x7f0000000000), 0x1)

2m19.667981098s ago: executing program 7 (id=788):
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') (fail_nth: 2)

2m19.448520093s ago: executing program 7 (id=790):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0)

2m18.972137983s ago: executing program 7 (id=793):
r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x14)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @link_local}, 0xfffffffffffffffd)
sendto$packet(r0, &(0x7f0000000240)="76723f3d0fbcc3708cb798bc6780ac4cf16f4fa89c5d7f77896e1eecbaf1a96b6d22b5e26f1c9f1e966e053a1c19439445833fea4af5280fdb67ee90d5edaeada5a0c14410b3ac88be2b12a9cecffb7e3d02d45391393ab3b6f5213a75eb7bcbe5dc383da12485518cdab8e5ba8058165bfdc2c71559a3c76987f3e9b0fb503031091bbd1d4948d74827bf31cedbbcef520c9bba928c598a87c7bbbb6fbffe173d37f0f575fba2744004bf524e31f62386f4389c9a375b5115195337584c91537685dc88a5a2153747986aa8b3a07b28e09d2c38a686901ba459ec5f8c627cbc", 0xe0, 0x20008010, &(0x7f0000000180)={0x11, 0x19, r3, 0x1, 0x4, 0x6, @broadcast}, 0x14)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000100)={0x0, 0xfffffffd, 0xfffffff9, 0x3, 0x16, "0062ba7d940000dd020000001dd7cbffffff00"})
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f0000000e00)=0x20, 0x4)
prctl$PR_GET_THP_DISABLE(0x2a)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r7, 0x0, 0x14, &(0x7f0000000040)=0x48182ce9, 0x4)
setsockopt$inet_int(r7, 0x0, 0x12, &(0x7f0000000100)=0x42000000, 0x4)
recvmmsg(r7, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
fsetxattr$security_capability(r6, &(0x7f0000000280), &(0x7f00000002c0)=@v2={0x2000000, [{0x9, 0xffff}, {0x6, 0x8}]}, 0x14, 0x2)
r8 = syz_open_pts(r4, 0x0)
r9 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000340), 0x80480, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r9, 0x80000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x3938700}, 0x1, 0x8})
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRES16=r1], 0x0)
syz_usb_control_io$hid(r10, &(0x7f0000000140)={0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCGSOFTCAR(r8, 0x5419, &(0x7f0000000200))

2m15.334723849s ago: executing program 7 (id=808):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

1m59.990127521s ago: executing program 35 (id=808):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

1m45.107284224s ago: executing program 3 (id=890):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20000000000002b)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000005c0), 0x64)
recvmmsg(r1, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000180)=0x3, 0x4)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffa)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000300)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000200)={0x0, <r5=>0x0}, 0x80)
splice(r4, &(0x7f0000000040), r5, 0x0, 0x807, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000023c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f00000000c0)={r6, 0x6, 0x401})
rseq(&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

1m43.429568613s ago: executing program 3 (id=893):
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940))
pipe(&(0x7f0000000080))
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket(0x10, 0x80002, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYRES8=r0, @ANYBLOB="c08fd72a20879ccd732df7a79bf4cc93ecec4971a51eb9363547f217046b3793e5ef9176458b1d0b4b27546296846e150d4f33cb9fdf922136cc847544209d80c7df1f037fb74aad694d478148ffbe0a209f802ffdab696ce993de7f6a487c99e988f9b7775b0059277a6996cfaa2e4221f3f23ab498797cdb63725b670ada6164e66ffbf19cb75312a6034ad5903e903e1a6548d17856ff8ed4c29d9fbd279d95937606aea9580550bef65c12da8c8d6be3a3b86f515b779c6a8268fdee0ba867a37cd50fc9663186bae77496d3c1cfe20ffeec823145", @ANYBLOB="00000000100000001c001a6f080002802d00ff0008000200", @ANYRESDEC=r3, @ANYRES8=r1], 0x44}}, 0x2404000c)

1m43.253044782s ago: executing program 3 (id=895):
r0 = syz_open_dev$sg(&(0x7f0000000280), 0xfa0, 0x240)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x11000)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x6)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x007'])

1m41.992113524s ago: executing program 3 (id=897):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00))
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0)

1m40.03348647s ago: executing program 3 (id=899):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002080)=ANY=[@ANYBLOB="280000006a0005062cbd7000fcdbdf250200a6ff0000000008000a0001000000080005"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x880)

1m39.691603958s ago: executing program 3 (id=903):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc80, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000018c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xe}, {0xffff, 0xffff}, {0xffff, 0xc}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800c051}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x10008042)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1400000010000100000000e4393acdfe4a59186f447600000000000700000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000001400000011000100009fcce6761cf8e1addc44d575f41b2a939c2d374196bc87a9af9995dbe7"], 0x54}}, 0x0)
clock_getres(0x8, &(0x7f0000000000))
pipe2(&(0x7f0000001cc0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2204803, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
close(r7)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0xa, &(0x7f0000000080)={0x77359400})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000001c0)='iso9660\x00', 0x21c000, 0x0)

1m24.38646705s ago: executing program 36 (id=903):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc80, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000018c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xe}, {0xffff, 0xffff}, {0xffff, 0xc}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800c051}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x10008042)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1400000010000100000000e4393acdfe4a59186f447600000000000700000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000001400000011000100009fcce6761cf8e1addc44d575f41b2a939c2d374196bc87a9af9995dbe7"], 0x54}}, 0x0)
clock_getres(0x8, &(0x7f0000000000))
pipe2(&(0x7f0000001cc0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2204803, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
close(r7)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0xa, &(0x7f0000000080)={0x77359400})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000001c0)='iso9660\x00', 0x21c000, 0x0)

5.494884836s ago: executing program 2 (id=1075):
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xd)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340)={0x0, 0xa}, 0xd58495bc, 0x0, 0xffffffffffffffff, 0x2dc2c9024f5022d2}, 0x29)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x40, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7ad, 0x0, 0x0, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fff, 0x7, 0x0, 0x8]})

4.020585452s ago: executing program 2 (id=1078):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000007c0)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587303da4fc4f834b427c7b8373b43e044622f7a516843283ed89fe143758dee1287340877a8f6baac140e489692d7ec50c2237ba6a33b5fe5f212e8f12afc30bf98019de083d460321b75a4c724e72145620ebae8c0bb308850832d484c996919374b7903f75ac6ff77f3c3aac2442e3e3cc59340c72233c250858a9a8d0f2cd88b746b10dbd2c40e421f626cd2c19cca350ad9d8d3f15dbc3f5595249c430000454d75ec7e74f682e3afc0ad51885a472d40103804c7c234ae6d24a3d037f4635dbbac1e7282137d7821e31c654d296304a3c9f62a2046d1458b949e3b26580683f3c23e5f5", 0x130}], 0x1}], 0x1, 0x20040800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.868355366s ago: executing program 2 (id=1079):
fcntl$lock(0xffffffffffffffff, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003000000106b1d010140030109025f0003011010510904000000010100000a24010200090201020904010000010200000904010101e1010000090501092000ff02090725"], 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000400)=@ethtool_regs={0x7}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x20, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$kcm(0x29, 0x5, 0x0)
read$eventfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)

2.991693171s ago: executing program 2 (id=1083):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@local, 0x8}, @host, 0x1, 0x1c1, 0x6ce, 0x2, 0x1, 0x2, 0xff})

2.833154596s ago: executing program 2 (id=1085):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0)

2.260045549s ago: executing program 5 (id=1093):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@local, 0x8}, @host, 0x1, 0x1c1, 0x6ce, 0x2, 0x1, 0x2, 0xff})

2.22570296s ago: executing program 5 (id=1095):
r0 = socket$inet6(0xa, 0x80003, 0x6)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
preadv2(r1, &(0x7f00000003c0)=[{&(0x7f00000005c0)=""/218, 0xda}], 0x2e, 0x5, 0x4b6, 0x2a)
ioctl$XFS_IOC_FSINUMBERS(r1, 0xc0205867, &(0x7f00000000c0)={&(0x7f0000000000)=0x7fffffff, 0x1, &(0x7f0000000440)=[{}, {}, {}], &(0x7f0000000040)})
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x11}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x200, 0x0, 0x0, 0x4, 0xa}, {0x0, 0x0, 0x4, 0x0, 0x400000, 0x0, 0xffffffffffffffff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private=0x3, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x70bd2d, 0x25dfdbff, {0xa, 0x0, 0x1, 0x0, 0x4}, [@NHA_OIF={0x8}]}, 0x20}}, 0x4000)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)

2.075848439s ago: executing program 5 (id=1097):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r1 = getpid()
fchmodat(0xffffffffffffff9c, 0x0, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(r2, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r6)
read$FUSE(r5, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000000)=""/54, 0xfdb6}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

1.860246446s ago: executing program 2 (id=1100):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x5, 0x0, 0x5cc7, 0x8}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000300}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'dummy0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000001000010429bd7000feffffff00000000", @ANYRES32=0x0, @ANYBLOB="03800000810000001c00128009000100766c616e000000000c000280060001000100000008000500", @ANYRES32=r3, @ANYBLOB="0a000200aa"], 0x50}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, <r5=>0x0})
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000440)={0xb, 0x1, 0x0, 0x80080})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x2, 0x0, 0x1, [<r7=>0x0, 0x0, 0x0, <r8=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x81, 0x20203843, 0x3, [0x2, 0x0, r7, r8], [0x800, 0x0, 0x5], [0x0, 0x0, 0x4]})
r9 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd00028008"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100040000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

849.267189ms ago: executing program 5 (id=1107):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000007c0)}], 0x2}], 0x1, 0x20040800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

720.246952ms ago: executing program 5 (id=1110):
r0 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_ipv6host(r0, &(0x7f0000001200)=ANY=[@ANYBLOB='0x0000000000000002:0x0000000000002589:0x00000000000009cc:0x0000000000000009:0x000000000000ffff:0x000000007246eb78:0xffffffffff'], 0xc7)

599.372284ms ago: executing program 5 (id=1113):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000100)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1c000000000000000000000034"], 0x40}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0))
socket$inet6(0xa, 0x1, 0x0)
pipe2$9p(&(0x7f00000003c0), 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_audit(0x10, 0x3, 0x9)
syz_emit_ethernet(0x1197, &(0x7f0000000b00)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd692c33df11612ffffc020000000000000000000000000001fc0100000000000000000000000000002f08000400000000fe8000000000000000000000000000aa0000000000000000000000000000000020010000000000000000000000000000fc0200000000000000000000000000002f000c28650000005c02000000000000c910ff0100000000000000000000000000010000000000000c20880b1000000000080005eb446fa6d2ce356c3e3f5c2af0ddf705e08a2379ddba470fc1ac3211f18ae04680dac945182a3c3e77e8f4bd39b6fcaa9c53c017918874f37b1db94134d36d288c8503c34a39656711d2d96564b268057591b6078a96ed53dd067595ada700e23fd5a4d97352735e6890ce789f85ddb17dfa76b7838a4250aeec4529f5c14b5ee365a57d8a770121523399"], 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
syz_emit_ethernet(0xbe, &(0x7f0000000b80)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x37}, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e256b28c04000000fb52"}, {0x0, 0x9, "789607675ca638"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x2, 0x9, "e706d30bd224f8"}, {0x6, 0x7, "cfa11cab1a"}, {0x0, 0x10, "c600"/14}, {0x0, 0xa, "65807fe97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x6, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x2, [{0x1, 0x6, "7f36c525"}]}]}}}}}}}, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r4, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={<r5=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e50226bd70000100000007000000", @ANYRES32, @ANYBLOB=' '], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x20000100)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4ea5, 0x9, @mcast1, 0x8}, r5, 0x8001}}, 0x48)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

355.119696ms ago: executing program 6 (id=1115):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b000000ff000000324900007f00000001"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000100)=0x7d8, 0x0}, 0x20)
r1 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000100)={'\x00', 0x4, 0x1, 0x3, 0x8, 0x25c3, <r2=>0xffffffffffffffff})
capset(&(0x7f0000000040)={0x19980330, r2}, &(0x7f0000000080)={0x6, 0x6, 0xf4, 0x87, 0xffffffff, 0x1ff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x12b, 0x0, &(0x7f0000000a40)="e30080670000ec67838717bd86dde148f0630962bb87dd44fe42904bcee14db4241544716b9ea42231ed3373a3e29953e3bb017d9c1fd05dacf5bb80b4b7ee0fae7aea53492b38978defbb39a1ffa8a175e8257c3c5386795f7aaa2b182cc4c3705dc9f253d21fba2eace93b558c750cfba810dc7a19dbb15a5a39c850a7541d5e2765acdedc133065149a3bb727e42ad8305aaecab5141901b2fe9df9b70001000000002e226c0d3da103584e12f876c1ceeb5cde8d693c54260d41d1037995a1cd288118dbf12115ce226253e5a18f67a0e104cc90ab1ffb103d4875d667fab1d2ab0f37a5d7964da187d9829c60360223745ab488c8e0196b6597a1b03a942871abf3c6886302e18a7c98eddb1bff82830721a399c2000000000000672f723ff0dd662302f3c61c9382", 0x0, 0x407, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc}, 0x50)
r3 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x28101)
ioctl$FIBMAP(r3, 0x1, &(0x7f0000000040)=0x85)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000440)={@multicast2, @loopback, @rand_addr=0x64010101}, 0xc)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)='8', 0x1}, {0x0, 0xfffffffffffffdf4}], 0x1)

309.551141ms ago: executing program 6 (id=1116):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$I2C_TIMEOUT(r1, 0x702, 0x80000000000008)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0xffffc000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffe14, 0x0, 0x0}, &(0x7f0000000000)=0x40)

212.02197ms ago: executing program 6 (id=1117):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x24, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0)

188.895786ms ago: executing program 6 (id=1118):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000007c0)}], 0x2}], 0x1, 0x20040800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

108.657977ms ago: executing program 6 (id=1119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r1, 0x852ac000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff0000820095"], &(0x7f0000000040)='syzkaller\x00', 0x5, 0xc7, &(0x7f0000000f40)=""/250, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002880)={0x1f, 0x10, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000003}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x6d}}]}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000140)=""/4078, 0xfee}], 0x1, 0xf2, 0x207fff)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000001300)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x100200}, 0xc, &(0x7f00000012c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="2c0100001e00000129bd7000fbdbdf25070000", @ANYRES32=r6, @ANYBLOB="0200000000100100080025000200000008000f00010000000f00240085e641a3453d1d2081effa00080023000400000008000500", @ANYRES32, @ANYBLOB="08001c00", @ANYRES32=r5, @ANYBLOB="cc003480140035007767320000000000000000000000000014003500767863616e31000000000000000000001400350076657468315f746f5f62726964677a6b616c6c657230000000000000140035007465616d3000000000000000000000001400350067656e65766530000000000000000000140035007866726d3000000000000000000000001400350067656e65766531000000000000000000140035006e657464657673696d30000000000000140035006261746164763000000000000000000008001f00466f0000"], 0x12c}, 0x1, 0x0, 0x0, 0x40015}, 0x44810)
sendmsg$IPSET_CMD_TYPE(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0xd, 0x6, 0x200, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x20008080)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r7, &(0x7f00000006c0)={0x16, 0x98, 0xfa00, {0x0, 0x3, 0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x7, 0x8, {"d77079a73df7cd023cdd351b4e1bb8a7"}, 0xf, 0x1, 0x4}}}, 0xa0)

0s ago: executing program 6 (id=1120):
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usbip_server_init(0x1) (async)
r0 = syz_usbip_server_init(0x1)
r1 = socket$pptp(0x18, 0x1, 0x2)
lseek(r1, 0x3, 0x2) (async)
lseek(r1, 0x3, 0x2)
syz_io_uring_setup(0x11b, &(0x7f0000000400)={0x0, 0x393a, 0x400, 0x0, 0x3a3}, &(0x7f00000001c0), &(0x7f0000000040)) (async)
r2 = syz_io_uring_setup(0x11b, &(0x7f0000000400)={0x0, 0x393a, 0x400, 0x0, 0x3a3}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3, r5}})
io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902"], 0x0)
timer_create(0x3, 0x0, &(0x7f00000000c0)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0)
timer_settime(r6, 0x0, &(0x7f0000000100)={{0x0, 0x989680}}, &(0x7f00000005c0))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$usbip_server(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000300000001"], 0x35) (async)
write$usbip_server(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000300000001"], 0x35)

kernel console output (not intermixed with test programs):

nk: 8 bytes leftover after parsing attributes in process `syz.3.529'.
[  422.112742][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  422.112763][   T36] audit: type=1326 audit(2000000197.209:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.112814][   T36] audit: type=1326 audit(2000000197.219:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.112854][   T36] audit: type=1326 audit(2000000197.299:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.112893][   T36] audit: type=1326 audit(2000000197.319:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.112930][   T36] audit: type=1326 audit(2000000197.319:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.112970][   T36] audit: type=1326 audit(2000000197.429:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.113009][   T36] audit: type=1326 audit(2000000197.449:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.113048][   T36] audit: type=1326 audit(2000000197.469:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.132503][   T36] audit: type=1326 audit(2000000197.649:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  422.133133][   T36] audit: type=1326 audit(2000000197.659:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8050 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  426.591046][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  426.708710][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  426.791201][ T5974] bond0 (unregistering): Released all slaves
[  427.549234][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  427.549352][   T36] audit: type=1326 audit(2000000202.969:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.551434][   T36] audit: type=1326 audit(2000000202.969:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.552715][   T36] audit: type=1326 audit(2000000202.989:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.553969][   T36] audit: type=1326 audit(2000000202.989:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.555186][   T36] audit: type=1326 audit(2000000202.999:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.556148][   T36] audit: type=1326 audit(2000000203.009:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.557006][   T36] audit: type=1326 audit(2000000203.019:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.566531][   T36] audit: type=1326 audit(2000000203.019:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.569769][   T36] audit: type=1326 audit(2000000203.029:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  427.571133][   T36] audit: type=1326 audit(2000000203.039:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x7ffc0000
[  428.184626][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  428.212175][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  428.213171][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  428.214501][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  428.215271][ T5805] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  428.778316][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  428.838464][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  428.859885][ T5974] bond0 (unregistering): Released all slaves
[  429.638312][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  429.698582][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  429.720130][ T5974] bond0 (unregistering): Released all slaves
[  430.582359][   T61] Bluetooth: hci3: command tx timeout
[  432.165402][ T8070] lo speed is unknown, defaulting to 1000
[  432.231316][ T8084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.538'.
[  432.896176][   T61] Bluetooth: hci3: command tx timeout
[  434.190753][ T8070] chnl_net:caif_netlink_parms(): no params data found
[  434.412782][ T8070] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.413012][ T8070] bridge0: port 1(bridge_slave_0) entered disabled state
[  434.413249][ T8070] bridge_slave_0: entered allmulticast mode
[  434.439392][ T8070] bridge_slave_0: entered promiscuous mode
[  434.446051][ T8070] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.447508][ T8070] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.468939][ T8070] bridge_slave_1: entered allmulticast mode
[  434.471999][ T8070] bridge_slave_1: entered promiscuous mode
[  434.559072][ T8070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  434.578720][ T8070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  434.651210][ T8070] team0: Port device team_slave_0 added
[  434.665161][ T8070] team0: Port device team_slave_1 added
[  434.733959][ T8070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.733977][ T8070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  434.734003][ T8070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  434.807542][ T8070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.807560][ T8070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  434.807735][ T8070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.961245][   T61] Bluetooth: hci3: command tx timeout
[  435.166376][ T8104] overlayfs: failed to resolve './file0': -2
[  435.918537][ T8070] hsr_slave_0: entered promiscuous mode
[  435.919416][ T8070] hsr_slave_1: entered promiscuous mode
[  435.919955][ T8070] debugfs: 'hsr0' already exists in 'hsr'
[  435.919971][ T8070] Cannot create hsr debugfs directory
[  436.177823][ T5974] hsr_slave_0: left promiscuous mode
[  436.197768][ T5974] hsr_slave_1: left promiscuous mode
[  436.198464][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.249160][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.387813][ T5974] hsr_slave_0: left promiscuous mode
[  436.407897][ T5974] hsr_slave_1: left promiscuous mode
[  436.408564][ T5974] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  436.408580][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.459013][ T5974] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  436.459038][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.607777][ T5974] hsr_slave_0: left promiscuous mode
[  436.627847][ T5974] hsr_slave_1: left promiscuous mode
[  436.628638][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.668388][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.816749][ T5974] veth1_macvtap: left promiscuous mode
[  436.816852][ T5974] veth0_macvtap: left promiscuous mode
[  436.817107][ T5974] veth1_vlan: left promiscuous mode
[  436.817277][ T5974] veth0_vlan: left promiscuous mode
[  437.008866][ T5960] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  437.038493][   T61] Bluetooth: hci3: command tx timeout
[  437.157717][ T5960] usb 4-1: Using ep0 maxpacket: 8
[  437.162023][ T5960] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  437.162051][ T5960] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  437.163067][ T5960] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  437.163091][ T5960] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  437.164063][ T5960] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  437.164084][ T5960] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  437.167335][ T5960] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  437.167363][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.167374][ T5960] usb 4-1: Product: syz
[  437.167381][ T5960] usb 4-1: Manufacturer: syz
[  437.167388][ T5960] usb 4-1: SerialNumber: syz
[  437.411305][ T5960] usb 4-1: USB disconnect, device number 17
[  437.769596][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  437.898373][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  440.367435][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  440.367507][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  441.106596][ T8149] FAULT_INJECTION: forcing a failure.
[  441.106596][ T8149] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  441.106665][ T8149] CPU: 0 UID: 0 PID: 8149 Comm: syz.2.553 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  441.106688][ T8149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  441.106707][ T8149] Call Trace:
[  441.106715][ T8149]  <TASK>
[  441.106721][ T8149]  dump_stack_lvl+0xe8/0x150
[  441.106747][ T8149]  should_fail_ex+0x46b/0x600
[  441.106762][ T8149]  _copy_from_user+0x2d/0xb0
[  441.106777][ T8149]  do_sock_getsockopt+0x165/0x3f0
[  441.106789][ T8149]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  441.106799][ T8149]  ? __fget_files+0x3a6/0x420
[  441.106814][ T8149]  ? __fget_files+0x2a/0x420
[  441.106830][ T8149]  __x64_sys_getsockopt+0x1aa/0x250
[  441.106849][ T8149]  do_syscall_64+0x14d/0xf80
[  441.106863][ T8149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.106873][ T8149]  ? clear_bhb_loop+0x40/0x90
[  441.106885][ T8149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.106895][ T8149] RIP: 0033:0x7febc27bbf79
[  441.106908][ T8149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  441.106917][ T8149] RSP: 002b:00007febc09f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  441.106931][ T8149] RAX: ffffffffffffffda RBX: 00007febc2a36090 RCX: 00007febc27bbf79
[  441.106939][ T8149] RDX: 000000000000007a RSI: 0000000000000084 RDI: 0000000000000008
[  441.106945][ T8149] RBP: 00007febc09f5090 R08: 0000200000000040 R09: 0000000000000000
[  441.106951][ T8149] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[  441.106958][ T8149] R13: 00007febc2a36128 R14: 00007febc2a36090 R15: 00007ffd4dd12c28
[  441.106973][ T8149]  </TASK>
[  442.087783][ T5887] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  442.263332][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.263367][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.263405][ T5887] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  442.263429][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.268613][ T5887] usb 4-1: config 0 descriptor??
[  442.591207][  T806] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  442.749106][  T806] usb 3-1: Using ep0 maxpacket: 8
[  442.751037][  T806] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  442.751101][  T806] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  442.752092][  T806] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  442.752114][  T806] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  442.753118][  T806] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  442.753140][  T806] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  442.817714][  T806] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  442.817736][  T806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.817747][  T806] usb 3-1: Product: syz
[  442.817754][  T806] usb 3-1: Manufacturer: syz
[  442.817762][  T806] usb 3-1: SerialNumber: syz
[  442.854973][ T5887] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  442.855047][ T5887] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  442.881933][ T5887] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0003/input/input19
[  442.937480][ T5887] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  443.020735][ T5180] usb 4-1: USB disconnect, device number 18
[  443.084360][ T5960] usb 3-1: USB disconnect, device number 19
[  444.084640][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  446.583853][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  446.806559][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  446.841132][ T5805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  446.846663][ T5805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  446.857241][ T5805] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  446.862426][ T5805] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  448.058424][ T8179] netlink: 48 bytes leftover after parsing attributes in process `syz.2.560'.
[  449.340378][ T5805] Bluetooth: hci4: command tx timeout
[  449.597743][ T5887] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  449.750084][ T5887] usb 4-1: config 0 has no interfaces?
[  449.752266][ T5887] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  449.752287][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.752298][ T5887] usb 4-1: Product: syz
[  449.752305][ T5887] usb 4-1: Manufacturer: syz
[  449.752312][ T5887] usb 4-1: SerialNumber: syz
[  449.755564][ T5887] usb 4-1: config 0 descriptor??
[  451.347903][ T5805] Bluetooth: hci4: command tx timeout
[  451.598882][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  451.798830][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  453.251819][ T5940] usb 4-1: USB disconnect, device number 19
[  453.300136][ T7876] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  454.777688][ T5805] Bluetooth: hci4: command tx timeout
[  454.906308][ T7876] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  455.310380][ T8166] lo speed is unknown, defaulting to 1000
[  455.740147][   T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  455.743076][   T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  455.748925][   T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  455.780048][   T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  455.781090][   T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  456.287671][ T8194] lo speed is unknown, defaulting to 1000
[  456.567818][ T5180] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  456.717709][ T5180] usb 4-1: Using ep0 maxpacket: 8
[  456.720049][ T5180] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  456.720075][ T5180] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  456.721227][ T8070] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  456.722077][ T5180] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  456.722099][ T5180] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  456.723290][ T5180] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  456.723317][ T5180] usb 4-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  456.725965][ T5180] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  456.725987][ T5180] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.725997][ T5180] usb 4-1: Product: syz
[  456.726004][ T5180] usb 4-1: Manufacturer: syz
[  456.726012][ T5180] usb 4-1: SerialNumber: syz
[  456.797975][   T61] Bluetooth: hci4: command tx timeout
[  456.927867][ T5180] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  456.983550][ T8198] overlayfs: failed to resolve './file1/file0': -2
[  457.010537][ T5960] usb 4-1: USB disconnect, device number 20
[  457.077720][ T5180] usb 3-1: Using ep0 maxpacket: 8
[  457.079504][ T5180] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  457.079529][ T5180] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  457.080615][ T5180] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  457.080638][ T5180] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  457.081622][ T5180] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  457.081644][ T5180] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  457.083770][ T5180] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  457.083790][ T5180] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.083800][ T5180] usb 3-1: Product: syz
[  457.083809][ T5180] usb 3-1: Manufacturer: syz
[  457.083816][ T5180] usb 3-1: SerialNumber: syz
[  457.185298][ T8070] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  457.237025][ T8070] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  457.279282][ T8070] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  457.358437][ T5960] usb 3-1: USB disconnect, device number 20
[  457.549009][ T8166] chnl_net:caif_netlink_parms(): no params data found
[  459.070941][   T61] Bluetooth: hci6: command tx timeout
[  459.134370][ T8194] chnl_net:caif_netlink_parms(): no params data found
[  459.410473][ T8166] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.410637][ T8166] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.411179][ T8166] bridge_slave_0: entered allmulticast mode
[  459.423300][ T8166] bridge_slave_0: entered promiscuous mode
[  459.442084][ T8166] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.442197][ T8166] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.442731][ T8166] bridge_slave_1: entered allmulticast mode
[  459.448500][ T8166] bridge_slave_1: entered promiscuous mode
[  459.713815][ T8166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.730868][ T8194] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.731073][ T8194] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.731309][ T8194] bridge_slave_0: entered allmulticast mode
[  459.785956][ T8194] bridge_slave_0: entered promiscuous mode
[  459.799779][ T8166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.807997][ T8194] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.808110][ T8194] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.808357][ T8194] bridge_slave_1: entered allmulticast mode
[  459.811523][ T8194] bridge_slave_1: entered promiscuous mode
[  460.036484][ T8166] team0: Port device team_slave_0 added
[  460.081691][ T8194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  460.099356][ T8166] team0: Port device team_slave_1 added
[  460.186439][ T8194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.681505][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.568'.
[  461.164339][ T5805] Bluetooth: hci6: command tx timeout
[  462.239578][ T8166] batman_adv: batadv0: Adding interface: batadv_slave_0
[  462.239597][ T8166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.239624][ T8166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  462.491117][ T8070] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.496174][ T8194] team0: Port device team_slave_0 added
[  462.497035][ T8166] batman_adv: batadv0: Adding interface: batadv_slave_1
[  462.497048][ T8166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.497074][ T8166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  462.643873][ T8194] team0: Port device team_slave_1 added
[  462.740771][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  462.740788][   T36] audit: type=1326 audit(2000000238.269:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8267 comm="syz.2.573" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x0
[  462.801539][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_0
[  462.801556][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.801581][ T8194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  462.813448][ T8166] hsr_slave_0: entered promiscuous mode
[  462.814893][ T8166] hsr_slave_1: entered promiscuous mode
[  462.815822][ T8166] debugfs: 'hsr0' already exists in 'hsr'
[  462.815845][ T8166] Cannot create hsr debugfs directory
[  462.869287][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_1
[  462.869314][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  462.869340][ T8194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.122783][ T8070] 8021q: adding VLAN 0 to HW filter on device team0
[  463.198007][ T5805] Bluetooth: hci6: command tx timeout
[  463.259234][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.260555][ T5973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.324385][ T8194] hsr_slave_0: entered promiscuous mode
[  463.329462][ T8194] hsr_slave_1: entered promiscuous mode
[  463.330427][ T8194] debugfs: 'hsr0' already exists in 'hsr'
[  463.330451][ T8194] Cannot create hsr debugfs directory
[  463.494194][   T36] audit: type=1326 audit(2000000239.019:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8284 comm="syz.3.574" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c652dbf79 code=0x0
[  466.024015][ T5805] Bluetooth: hci6: command tx timeout
[  466.290915][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.291052][ T5973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  466.360470][ T8301] usb usb8: usbfs: process 8301 (syz.2.577) did not claim interface 1 before use
[  466.395389][ T8299] bridge1: entered promiscuous mode
[  466.395416][ T8299] bridge1: entered allmulticast mode
[  466.771033][ T8320] netlink: 12 bytes leftover after parsing attributes in process `syz.3.582'.
[  466.825628][ T8322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  469.756690][ T8070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  470.137212][ T8381] bond1: entered promiscuous mode
[  470.247740][    T9] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  470.381384][ T8400] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  470.399714][    T9] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  470.399748][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  470.399764][    T9] usb 4-1: config 0 has no interface number 0
[  470.436200][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  470.436230][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.436250][    T9] usb 4-1: Product: syz
[  470.436263][    T9] usb 4-1: Manufacturer: syz
[  470.436277][    T9] usb 4-1: SerialNumber: syz
[  470.496939][    T9] usb 4-1: config 0 descriptor??
[  470.712842][ T8408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  470.713335][ T8408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.746576][ T5180] usb 4-1: USB disconnect, device number 21
[  470.902836][ T5974] bridge_slave_1: left allmulticast mode
[  470.902865][ T5974] bridge_slave_1: left promiscuous mode
[  470.903103][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.989226][ T5974] bridge_slave_0: left allmulticast mode
[  470.989253][ T5974] bridge_slave_0: left promiscuous mode
[  470.989505][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.143886][ T5974] bridge_slave_1: left allmulticast mode
[  471.143914][ T5974] bridge_slave_1: left promiscuous mode
[  471.144142][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.697573][ T5974] bridge_slave_0: left allmulticast mode
[  472.697660][ T5974] bridge_slave_0: left promiscuous mode
[  472.697908][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.812246][ T5974] bridge_slave_1: left allmulticast mode
[  472.812274][ T5974] bridge_slave_1: left promiscuous mode
[  472.812501][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.903550][ T5974] bridge_slave_0: left allmulticast mode
[  472.903579][ T5974] bridge_slave_0: left promiscuous mode
[  472.903819][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.590909][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  473.688502][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  473.949953][ T5974] bond0 (unregistering): Released all slaves
[  474.296173][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  474.389528][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  474.454267][ T5974] bond0 (unregistering): Released all slaves
[  474.788670][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  474.882431][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  474.966531][ T5974] bond0 (unregistering): Released all slaves
[  475.200615][ T8070] veth0_vlan: entered promiscuous mode
[  475.214314][ T8070] veth1_vlan: entered promiscuous mode
[  475.571916][ T8070] veth0_macvtap: entered promiscuous mode
[  475.650546][ T8070] veth1_macvtap: entered promiscuous mode
[  475.988634][ T5974] hsr_slave_0: left promiscuous mode
[  476.041165][ T5974] hsr_slave_1: left promiscuous mode
[  476.042128][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.078581][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  476.237787][ T5974] hsr_slave_0: left promiscuous mode
[  476.277893][ T5974] hsr_slave_1: left promiscuous mode
[  476.279728][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.308465][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  476.468373][ T5974] hsr_slave_0: left promiscuous mode
[  476.507835][ T5974] hsr_slave_1: left promiscuous mode
[  476.508519][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.530956][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  477.198231][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  477.318278][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  478.338478][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  478.474260][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  478.807791][ T5180] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  478.947747][ T5180] usb 3-1: device descriptor read/64, error -71
[  479.197808][ T5180] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  479.327773][ T5180] usb 3-1: device descriptor read/64, error -71
[  479.437987][ T5180] usb usb3-port1: attempt power cycle
[  479.468870][ T5974] team0 (unregistering): Port device team_slave_1 removed
[  479.588226][ T5974] team0 (unregistering): Port device team_slave_0 removed
[  479.790804][ T5180] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  479.808301][ T5180] usb 3-1: device descriptor read/8, error -71
[  480.057873][ T5180] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  480.090511][ T5180] usb 3-1: device descriptor read/8, error -71
[  480.156750][ T8070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  480.210494][ T8070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  480.220834][ T5180] usb usb3-port1: unable to enumerate USB device
[  480.243661][ T1107] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  480.243896][ T1107] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  480.243959][ T1107] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  480.243991][ T1107] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.771251][ T8166] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  481.895659][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  481.895680][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  481.896329][ T8166] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  482.220747][ T8166] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  483.099221][ T8166] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  484.008619][ T3553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.008633][ T3553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.023826][ T8194] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  484.104882][ T8194] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  484.145937][ T8194] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  484.212331][ T8194] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  488.026297][ T8166] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.632947][ T8194] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.690330][ T8166] 8021q: adding VLAN 0 to HW filter on device team0
[  490.758329][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.758407][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.822251][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.822386][ T6552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.825760][ T8194] 8021q: adding VLAN 0 to HW filter on device team0
[  491.042282][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.054970][ T6552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  491.973764][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.973899][ T6552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.425171][ T8554] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input20
[  497.553922][ T8194] 8021q: adding VLAN 0 to HW filter on device batadv0
[  497.705145][ T8166] 8021q: adding VLAN 0 to HW filter on device batadv0
[  498.027806][  T806] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  498.191664][  T806] usb 4-1: Using ep0 maxpacket: 16
[  498.197802][  T806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.197834][  T806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.197857][  T806] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  498.197894][  T806] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  498.197914][  T806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.210305][  T806] usb 4-1: config 0 descriptor??
[  498.412441][ T8194] veth0_vlan: entered promiscuous mode
[  498.451255][ T8194] veth1_vlan: entered promiscuous mode
[  498.589025][ T8194] veth0_macvtap: entered promiscuous mode
[  498.616677][ T8194] veth1_macvtap: entered promiscuous mode
[  498.655511][ T8194] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.681360][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.681403][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.681428][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.681454][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.681479][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.681504][  T806] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  498.731378][ T8194] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.763364][ T6552] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.763594][ T6552] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.763655][ T6552] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.763687][ T6552] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  499.303045][  T806] microsoft 0003:045E:07DA.0004: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  499.303066][  T806] microsoft 0003:045E:07DA.0004: no inputs found
[  499.303074][  T806] microsoft 0003:045E:07DA.0004: could not initialize ff, continuing anyway
[  499.361230][  T806] usb 4-1: USB disconnect, device number 22
[  499.498554][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.498575][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.655271][ T8166] veth0_vlan: entered promiscuous mode
[  499.693983][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.694004][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.749032][ T8166] veth1_vlan: entered promiscuous mode
[  499.828510][ T8615] capability: warning: `syz.3.623' uses deprecated v2 capabilities in a way that may be insecure
[  499.952263][ T8166] veth0_macvtap: entered promiscuous mode
[  499.983093][ T8166] veth1_macvtap: entered promiscuous mode
[  500.017062][ T8166] batman_adv: batadv0: Interface activated: batadv_slave_0
[  500.052108][ T8166] batman_adv: batadv0: Interface activated: batadv_slave_1
[  500.082609][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  500.082830][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  500.084090][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  500.085315][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  500.413518][ T8624] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  500.977840][ T5960] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  501.052697][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.052783][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.131743][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 36, changing to 9
[  501.131779][ T5960] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  501.131821][ T5960] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  501.131844][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.201042][ T5960] usb 3-1: config 0 descriptor??
[  502.278873][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  502.278943][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  502.320898][ T5974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  502.320916][ T5974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.326936][ T5960] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  502.647778][ T5960] usb 3-1: USB disconnect, device number 25
[  502.735770][ T8646] fido_id[8646]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  504.747883][ T8666] capability: warning: `syz.5.631' uses 32-bit capabilities (legacy support in use)
[  505.407835][ T5802] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  505.577772][ T5802] usb 6-1: device descriptor read/64, error -71
[  505.861633][ T5802] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  506.007869][ T5802] usb 6-1: device descriptor read/64, error -71
[  506.229861][ T5802] usb usb6-port1: attempt power cycle
[  506.837782][ T5802] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  506.868569][ T5802] usb 6-1: device descriptor read/8, error -71
[  507.147739][ T5802] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  507.180587][ T5802] usb 6-1: device descriptor read/8, error -71
[  507.298506][ T5802] usb usb6-port1: unable to enumerate USB device
[  509.777500][ T5802] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  509.947149][ T5802] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  509.947189][ T5802] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.947208][ T5802] usb 3-1: Product: syz
[  509.947222][ T5802] usb 3-1: Manufacturer: syz
[  509.947236][ T5802] usb 3-1: SerialNumber: syz
[  511.373538][ T5802] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  511.373604][ T5802] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[  511.374507][ T5802] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  511.374567][ T5802] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  511.376550][ T5802] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  512.378566][ T5802] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  512.629424][ T5802] usb 3-1: USB disconnect, device number 26
[  514.997933][   T36] audit: type=1326 audit(2000000289.379:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8727 comm="syz.3.643" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c652dbf79 code=0x0
[  515.587817][ T5940] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  515.757013][ T5940] usb 8-1: Using ep0 maxpacket: 8
[  515.759044][ T5940] usb 8-1: config 0 has an invalid interface number: 255 but max is 0
[  515.759070][ T5940] usb 8-1: config 0 has no interface number 0
[  515.759114][ T5940] usb 8-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=38.34
[  515.759136][ T5940] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.789948][ T5940] usb 8-1: config 0 descriptor??
[  516.587764][ T5940] snd-usb-audio 8-1:0.255: probe with driver snd-usb-audio failed with error -71
[  516.593845][ T5940] usb 8-1: USB disconnect, device number 2
[  518.136901][ T8768] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input22
[  522.378118][ T8803] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input23
[  525.891104][   T36] audit: type=1326 audit(2000000301.379:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8809 comm="syz.3.658" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c652dbf79 code=0x0
[  526.790479][ T8812] ODEBUG: Out of memory. ODEBUG disabled
[  527.712285][ T8834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.662'.
[  530.937944][ T8867] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input24
[  532.921414][   T36] audit: type=1326 audit(2000000308.279:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8879 comm="syz.3.672" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c652dbf79 code=0x0
[  536.241928][ T8900] netlink: 148 bytes leftover after parsing attributes in process `syz.7.677'.
[  536.269142][ T8900] netlink: 116 bytes leftover after parsing attributes in process `syz.7.677'.
[  536.269158][ T8900] netlink: 24 bytes leftover after parsing attributes in process `syz.7.677'.
[  536.475815][ T8907] netlink: 32 bytes leftover after parsing attributes in process `syz.2.675'.
[  536.475830][ T8907] tipc: Invalid UDP bearer configuration
[  536.475851][ T8907] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  536.482791][ T8907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'.
[  537.294403][ T8934] binder: 8923:8934 ioctl c0306201 0 returned -14
[  537.301617][ T8934] netlink: 12 bytes leftover after parsing attributes in process `syz.3.683'.
[  537.418466][ T8936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.683'.
[  537.962677][ T8935] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  537.968002][ T8934] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  538.237721][  T806] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  538.406495][  T806] usb 3-1: config 255 has 0 interfaces, different from the descriptor's value: 1
[  538.406531][  T806] usb 3-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc
[  538.406548][  T806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.735679][ T8946] lo speed is unknown, defaulting to 1000
[  538.795952][ T8955] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  538.869565][ T8955] bond1 (unregistering): Released all slaves
[  538.923812][  T969] usb 3-1: USB disconnect, device number 27
[  542.375992][ T8988] netlink: 20 bytes leftover after parsing attributes in process `syz.2.696'.
[  545.112590][ T5960] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  545.268749][ T5960] usb 3-1: Using ep0 maxpacket: 8
[  545.272639][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  545.272679][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  545.272717][ T5960] usb 3-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00
[  545.272740][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.365555][ T5960] usb 3-1: config 0 descriptor??
[  545.824353][ T5960] thrustmaster 0003:044F:B653.0006: hidraw0: USB HID v0.04 Device [HID 044f:b653] on usb-dummy_hcd.2-1/input0
[  545.824388][ T5960] thrustmaster 0003:044F:B653.0006: no inputs found
[  545.998178][ T9014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.702'.
[  546.429230][ T5886] usb 3-1: USB disconnect, device number 28
[  547.597767][ T5879] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[  547.700858][ T9033] FAULT_INJECTION: forcing a failure.
[  547.700858][ T9033] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.700892][ T9033] CPU: 0 UID: 0 PID: 9033 Comm: syz.3.706 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  547.700914][ T9033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  547.700926][ T9033] Call Trace:
[  547.700934][ T9033]  <TASK>
[  547.700942][ T9033]  dump_stack_lvl+0xe8/0x150
[  547.700972][ T9033]  should_fail_ex+0x46b/0x600
[  547.700998][ T9033]  _copy_from_user+0x2d/0xb0
[  547.701022][ T9033]  ___sys_sendmsg+0x1c6/0x360
[  547.701040][ T9033]  ? __lock_acquire+0x6b5/0x2cf0
[  547.701066][ T9033]  ? __pfx____sys_sendmsg+0x10/0x10
[  547.701117][ T9033]  ? __fget_files+0x2a/0x420
[  547.701139][ T9033]  ? __fget_files+0x3a6/0x420
[  547.701171][ T9033]  __x64_sys_sendmsg+0x1c3/0x2a0
[  547.701192][ T9033]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  547.701219][ T9033]  ? __pfx_ksys_write+0x10/0x10
[  547.701249][ T9033]  do_syscall_64+0x14d/0xf80
[  547.701270][ T9033]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.701287][ T9033]  ? trace_irq_disable+0x37/0x100
[  547.701303][ T9033]  ? clear_bhb_loop+0x40/0x90
[  547.701330][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.701347][ T9033] RIP: 0033:0x7f2c652dbf79
[  547.701363][ T9033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  547.701377][ T9033] RSP: 002b:00007f2c6352e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  547.701398][ T9033] RAX: ffffffffffffffda RBX: 00007f2c65555fa0 RCX: 00007f2c652dbf79
[  547.701411][ T9033] RDX: 0000000000040000 RSI: 00002000000004c0 RDI: 0000000000000003
[  547.701423][ T9033] RBP: 00007f2c6352e090 R08: 0000000000000000 R09: 0000000000000000
[  547.701434][ T9033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.701444][ T9033] R13: 00007f2c65556038 R14: 00007f2c65555fa0 R15: 00007fff629129a8
[  547.701472][ T9033]  </TASK>
[  547.751876][ T5879] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.752941][ T5879] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.753996][ T5879] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.754045][ T5879] usb 8-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  547.754069][ T5879] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.001228][ T5879] usb 8-1: config 0 descriptor??
[  548.138632][ T9037] netlink: 12 bytes leftover after parsing attributes in process `syz.5.707'.
[  551.916344][ T9043] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  552.176997][ T9053] FAULT_INJECTION: forcing a failure.
[  552.176997][ T9053] name failslab, interval 1, probability 0, space 0, times 1
[  552.177028][ T9053] CPU: 0 UID: 0 PID: 9053 Comm: syz.2.710 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  552.177046][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  552.177054][ T9053] Call Trace:
[  552.177059][ T9053]  <TASK>
[  552.177065][ T9053]  dump_stack_lvl+0xe8/0x150
[  552.177088][ T9053]  should_fail_ex+0x46b/0x600
[  552.177108][ T9053]  should_failslab+0xa8/0x100
[  552.177124][ T9053]  kmem_cache_alloc_noprof+0x87/0x680
[  552.177139][ T9053]  ? prepare_creds+0x30/0x820
[  552.177156][ T9053]  prepare_creds+0x30/0x820
[  552.177171][ T9053]  copy_creds+0x10e/0xa30
[  552.177191][ T9053]  copy_process+0x904/0x3d00
[  552.177211][ T9053]  ? __lock_acquire+0x6b5/0x2cf0
[  552.177235][ T9053]  ? __might_fault+0xaf/0x130
[  552.177259][ T9053]  ? __pfx_copy_process+0x10/0x10
[  552.177278][ T9053]  ? _copy_from_user+0x94/0xb0
[  552.177302][ T9053]  kernel_clone+0x249/0x7f0
[  552.177321][ T9053]  ? __pfx_kernel_clone+0x10/0x10
[  552.177354][ T9053]  __se_sys_clone3+0x33c/0x360
[  552.177376][ T9053]  ? __pfx___se_sys_clone3+0x10/0x10
[  552.177419][ T9053]  ? __pfx_ksys_write+0x10/0x10
[  552.177442][ T9053]  do_syscall_64+0x14d/0xf80
[  552.177460][ T9053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.177475][ T9053]  ? clear_bhb_loop+0x40/0x90
[  552.177492][ T9053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.177506][ T9053] RIP: 0033:0x7febc27bbf79
[  552.177521][ T9053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  552.177536][ T9053] RSP: 002b:00007febc09f4ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  552.177569][ T9053] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007febc27bbf79
[  552.177584][ T9053] RDX: 00007febc09f4f10 RSI: 0000000000000058 RDI: 00007febc09f4f10
[  552.177595][ T9053] RBP: 00007febc09f5090 R08: 0000000000000000 R09: 0000000000000058
[  552.177605][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  552.177615][ T9053] R13: 00007febc2a36128 R14: 00007febc2a36090 R15: 00007ffd4dd12c28
[  552.177644][ T9053]  </TASK>
[  552.347796][ T5879] usb 8-1: string descriptor 0 read error: -71
[  553.656850][ T5879] usb 8-1: USB disconnect, device number 3
[  555.861395][ T9060] Bluetooth: hci3: command 0x0406 tx timeout
[  559.645025][ T9101] netlink: 'syz.5.723': attribute type 4 has an invalid length.
[  559.645050][ T9101] netlink: 17 bytes leftover after parsing attributes in process `syz.5.723'.
[  561.867797][ T9116] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input25
[  563.265645][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  563.265715][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  569.550477][ T9198] netlink: 8 bytes leftover after parsing attributes in process `syz.5.743'.
[  570.101091][ T9215] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  570.102094][ T9215] IPVS: set_ctl: invalid protocol: 108 172.30.0.7:20004
[  570.390771][ T5805] Bluetooth: hci4: command 0x0406 tx timeout
[  570.637154][ T9226] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  570.637175][ T9226] overlayfs: maximum fs stacking depth exceeded
[  571.944666][ T9246] netlink: 12 bytes leftover after parsing attributes in process `syz.2.757'.
[  573.978559][ T9278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.765'.
[  574.798886][ T9297] QAT: failed to copy from user cfg_data.
[  576.576089][ T9319] netlink: 16 bytes leftover after parsing attributes in process `syz.3.769'.
[  578.132938][ T9352] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  578.221559][ T5960] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  578.446331][ T5960] usb 6-1: config 0 has an invalid interface number: 69 but max is 0
[  578.446362][ T5960] usb 6-1: config 0 has no interface number 0
[  578.446407][ T5960] usb 6-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  578.446432][ T5960] usb 6-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  578.539779][ T5960] usb 6-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  578.539799][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.539810][ T5960] usb 6-1: Product: syz
[  578.539817][ T5960] usb 6-1: Manufacturer: syz
[  578.539824][ T5960] usb 6-1: SerialNumber: syz
[  578.585195][ T5960] usb 6-1: config 0 descriptor??
[  578.587998][ T9349] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  578.619348][ T5960] cyberjack 6-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  578.680469][ T5960] usb 6-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  578.835133][   T36] audit: type=1326 audit(2000000354.359:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.6.776" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  579.284246][ T9371] warning: `syz.7.783' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  579.768105][   T36] audit: type=1326 audit(2000000355.299:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.768537][   T36] audit: type=1326 audit(2000000355.299:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.768786][   T36] audit: type=1326 audit(2000000355.299:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.769030][   T36] audit: type=1326 audit(2000000355.299:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.769281][   T36] audit: type=1326 audit(2000000355.299:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.769554][   T36] audit: type=1326 audit(2000000355.299:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.771184][   T36] audit: type=1326 audit(2000000355.299:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.778842][   T36] audit: type=1326 audit(2000000355.299:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  579.780023][   T36] audit: type=1326 audit(2000000355.309:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9367 comm="syz.7.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7deabf79 code=0x7fc00000
[  580.619233][  T969] usb 6-1: USB disconnect, device number 6
[  580.672252][  T969] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  580.673081][  T969] cyberjack 6-1:0.69: device disconnected
[  580.745279][ T9389] FAULT_INJECTION: forcing a failure.
[  580.745279][ T9389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.745310][ T9389] CPU: 1 UID: 0 PID: 9389 Comm: syz.7.788 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  580.745332][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  580.745342][ T9389] Call Trace:
[  580.745349][ T9389]  <TASK>
[  580.745358][ T9389]  dump_stack_lvl+0xe8/0x150
[  580.745385][ T9389]  should_fail_ex+0x46b/0x600
[  580.745412][ T9389]  strncpy_from_user+0x36/0x2b0
[  580.745436][ T9389]  do_getname+0x77/0x250
[  580.745460][ T9389]  do_sys_openat2+0xca/0x200
[  580.745484][ T9389]  ? __pfx_do_sys_openat2+0x10/0x10
[  580.745514][ T9389]  ? ksys_write+0x248/0x270
[  580.745534][ T9389]  ? __pfx_ksys_write+0x10/0x10
[  580.745553][ T9389]  __x64_sys_openat+0x138/0x170
[  580.745579][ T9389]  do_syscall_64+0x14d/0xf80
[  580.745601][ T9389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.745618][ T9389]  ? trace_irq_disable+0x37/0x100
[  580.745634][ T9389]  ? clear_bhb_loop+0x40/0x90
[  580.745655][ T9389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.745673][ T9389] RIP: 0033:0x7f8c7de6c84e
[  580.745689][ T9389] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  580.745705][ T9389] RSP: 002b:00007f8c7c0fdec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  580.745724][ T9389] RAX: ffffffffffffffda RBX: 00007f8c7c0fe6c0 RCX: 00007f8c7de6c84e
[  580.745737][ T9389] RDX: 0000000000000002 RSI: 00007f8c7c0fdf90 RDI: ffffffffffffff9c
[  580.745750][ T9389] RBP: 00007f8c7c0fe090 R08: 0000000000000000 R09: 0000000000000000
[  580.745761][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.745772][ T9389] R13: 00007f8c7e126038 R14: 00007f8c7e125fa0 R15: 00007ffca3a5f908
[  580.745802][ T9389]  </TASK>
[  581.510500][ T9398] netlink: 'syz.5.794': attribute type 8 has an invalid length.
[  581.918759][ T9406] netlink: 44 bytes leftover after parsing attributes in process `syz.5.796'.
[  581.958168][ T9406] dvmrp1: tun_chr_ioctl cmd 2147767506
[  581.997839][  T806] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  582.127799][  T806] usb 8-1: device descriptor read/64, error -71
[  582.176779][ T9416] overlayfs: failed to resolve './file2': -2
[  582.367768][  T806] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  583.813043][  T806] usb 8-1: device descriptor read/64, error -71
[  583.927872][  T806] usb usb8-port1: attempt power cycle
[  584.412178][  T806] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  584.440326][  T806] usb 8-1: device descriptor read/8, error -71
[  584.718941][  T806] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  584.818033][  T806] usb 8-1: device descriptor read/8, error -71
[  584.928274][  T806] usb usb8-port1: unable to enumerate USB device
[  585.346231][ T9445] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  585.698470][ T9459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.813'.
[  587.906605][ T9495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.824'.
[  589.068239][ T9508] 9p: Bad value for 'rfdno'
[  589.111332][   T36] kauditd_printk_skb: 21 callbacks suppressed
[  589.111350][   T36] audit: type=1326 audit(2000000364.639:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111396][   T36] audit: type=1326 audit(2000000364.639:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111434][   T36] audit: type=1326 audit(2000000364.639:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111472][   T36] audit: type=1326 audit(2000000364.639:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111510][   T36] audit: type=1326 audit(2000000364.639:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111548][   T36] audit: type=1326 audit(2000000364.639:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111585][   T36] audit: type=1326 audit(2000000364.639:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.111623][   T36] audit: type=1326 audit(2000000364.639:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.120165][   T36] audit: type=1326 audit(2000000364.649:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  589.120216][   T36] audit: type=1326 audit(2000000364.649:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  591.267559][ T9527] overlayfs: failed to resolve './file0': -2
[  592.979688][ T9542] FAULT_INJECTION: forcing a failure.
[  592.979688][ T9542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.979721][ T9542] CPU: 0 UID: 0 PID: 9542 Comm: syz.6.833 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  592.979742][ T9542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  592.979752][ T9542] Call Trace:
[  592.979760][ T9542]  <TASK>
[  592.979769][ T9542]  dump_stack_lvl+0xe8/0x150
[  592.979797][ T9542]  should_fail_ex+0x46b/0x600
[  592.979825][ T9542]  _copy_to_user+0x31/0xb0
[  592.979854][ T9542]  simple_read_from_buffer+0xe1/0x170
[  592.979881][ T9542]  proc_fail_nth_read+0x1be/0x230
[  592.979905][ T9542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  592.979927][ T9542]  ? rw_verify_area+0x2ac/0x4e0
[  592.979950][ T9542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  592.979970][ T9542]  vfs_read+0x212/0xa70
[  592.979995][ T9542]  ? __pfx_vfs_read+0x10/0x10
[  592.980014][ T9542]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  592.980037][ T9542]  ? lockdep_hardirqs_on+0x7a/0x110
[  592.980059][ T9542]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  592.980080][ T9542]  ? mutex_lock_nested+0x152/0x1d0
[  592.980096][ T9542]  ? fdget_pos+0x252/0x320
[  592.980126][ T9542]  ksys_read+0x156/0x270
[  592.980145][ T9542]  ? __pfx_ksys_read+0x10/0x10
[  592.980170][ T9542]  do_syscall_64+0x14d/0xf80
[  592.980190][ T9542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.980207][ T9542]  ? trace_irq_disable+0x37/0x100
[  592.980221][ T9542]  ? clear_bhb_loop+0x40/0x90
[  592.980241][ T9542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.980258][ T9542] RIP: 0033:0x7f7c0654c84e
[  592.980275][ T9542] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  592.980291][ T9542] RSP: 002b:00007f7c047e5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  592.980310][ T9542] RAX: ffffffffffffffda RBX: 00007f7c047e66c0 RCX: 00007f7c0654c84e
[  592.980324][ T9542] RDX: 000000000000000f RSI: 00007f7c047e60a0 RDI: 0000000000000004
[  592.980336][ T9542] RBP: 00007f7c047e6090 R08: 0000000000000000 R09: 0000000000000000
[  592.980347][ T9542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.980358][ T9542] R13: 00007f7c06806038 R14: 00007f7c06805fa0 R15: 00007ffeb821b9e8
[  592.980395][ T9542]  </TASK>
[  593.374130][ T9547] RDS: rds_bind could not find a transport for ::ffff:172.30.0.6, load rds_tcp or rds_rdma?
[  593.782277][ T9505] syz.2.826 (9505): drop_caches: 2
[  593.870868][ T9557] netlink: 12 bytes leftover after parsing attributes in process `syz.6.836'.
[  594.373971][ T9567] program syz.5.839 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  595.374119][ T9582] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  596.776413][ T9599] overlayfs: failed to resolve './file0': -2
[  596.894077][   T36] kauditd_printk_skb: 51 callbacks suppressed
[  596.894094][   T36] audit: type=1326 audit(2000000372.419:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9561 comm="syz.6.838" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  597.667961][ T9364] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  597.795868][ T9620] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input26
[  598.948433][ T9364] usb 3-1: Using ep0 maxpacket: 8
[  599.570152][ T9364] usb 3-1: unable to get BOS descriptor or descriptor too short
[  599.571498][ T9364] usb 3-1: config 7 has an invalid interface number: 214 but max is 0
[  599.571523][ T9364] usb 3-1: config 7 has no interface number 0
[  599.571555][ T9364] usb 3-1: config 7 interface 214 has no altsetting 0
[  599.573854][ T9364] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice=f5.f8
[  599.573881][ T9364] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.573900][ T9364] usb 3-1: Product: syz
[  599.573913][ T9364] usb 3-1: Manufacturer: syz
[  599.573926][ T9364] usb 3-1: SerialNumber: syz
[  599.928880][ T9364] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.214/input/input27
[  599.983749][ T5149] bcm5974 3-1:7.214: could not read from device
[  600.089194][ T9626] netlink: 12 bytes leftover after parsing attributes in process `syz.5.849'.
[  600.177171][ T5149] bcm5974 3-1:7.214: could not read from device
[  600.208349][ T9364] usb 3-1: USB disconnect, device number 29
[  600.463320][ T9633] netlink: 12 bytes leftover after parsing attributes in process `syz.5.851'.
[  601.878055][ T9364] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  601.899026][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  601.901978][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  601.903852][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  601.905060][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  601.905756][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  602.029775][ T9364] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  602.029831][ T9364] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  602.029858][ T9364] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  602.029885][ T9364] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  602.031543][ T9364] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  602.031569][ T9364] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  602.031587][ T9364] usb 3-1: SerialNumber: syz
[  602.037348][ T9642] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  602.141080][ T9364] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[  602.173325][ T9648] lo speed is unknown, defaulting to 1000
[  602.203749][ T9652] overlayfs: unescaped trailing colons in lowerdir mount option.
[  602.258272][ T9652] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  602.258289][ T9652] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  602.356184][ T9652] vhci_hcd vhci_hcd.0: Device attached
[  602.387937][ T9663] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  602.387937][ T9663] The task syz.2.853 (9663) triggered the difference, watch for misbehavior.
[  602.869642][ T9669] netlink: 304 bytes leftover after parsing attributes in process `syz.2.853'.
[  603.009053][ T9657] vhci_hcd: connection closed
[  603.032737][ T1323] vhci_hcd vhci_hcd.5: stop threads
[  603.032770][ T1323] vhci_hcd vhci_hcd.5: release socket
[  603.043155][ T5960] usb 44-1: SetAddress Request (2) to port 0
[  603.044140][ T5960] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  603.046501][ T1323] vhci_hcd vhci_hcd.5: disconnect device
[  603.091506][ T5960] usb 44-1: enqueue for inactive port 0
[  603.505920][ T5960] usb usb44-port1: attempt power cycle
[  604.192881][ T9060] Bluetooth: hci1: command tx timeout
[  604.199960][ T5960] usb usb44-port1: unable to enumerate USB device
[  605.487332][ T9364] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[  605.670079][ T9364] usb 3-1: USB disconnect, device number 30
[  605.859427][ T6552] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.881089][ T9683] overlayfs: failed to resolve './file0': -2
[  606.227906][ T9060] Bluetooth: hci1: command tx timeout
[  606.432434][ T6552] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.958728][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.861'.
[  606.987497][ T6552] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.329215][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc1) = 0x200
[  607.338565][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0xbe2a
[  607.349533][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x75c2
[  607.349890][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x5f2a
[  607.366016][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x75c2
[  607.379490][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0xb7b2
[  607.382034][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x1f8a
[  607.382250][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0xe532
[  607.397826][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x7102
[  607.400829][ T9707] kvm: kvm [9705]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x7900
[  607.407718][ T5940] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  607.452208][ T6552] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.497855][ T9364] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  607.587753][ T5940] usb 3-1: Using ep0 maxpacket: 16
[  607.589617][ T5940] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[  607.589643][ T5940] usb 3-1: config 0 has no interface number 0
[  607.589708][ T5940] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  607.592272][ T5940] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  607.592311][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.592331][ T5940] usb 3-1: Product: syz
[  607.592345][ T5940] usb 3-1: Manufacturer: syz
[  607.592360][ T5940] usb 3-1: SerialNumber: syz
[  607.654804][ T9364] usb 7-1: Using ep0 maxpacket: 32
[  607.665160][ T9364] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.665193][ T9364] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  607.665230][ T9364] usb 7-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  607.665253][ T9364] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.725379][ T5940] usb 3-1: config 0 descriptor??
[  607.732498][ T9648] chnl_net:caif_netlink_parms(): no params data found
[  607.777163][ T9364] usb 7-1: config 0 descriptor??
[  607.967219][ T5940] usbtouchscreen 3-1:0.214: Failed to read FW rev: -71
[  607.967466][ T5940] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[  608.015330][ T5940] usb 3-1: USB disconnect, device number 31
[  608.215851][ T9364] asus 0003:0B05:1822.0007: item fetching failed at offset 5/7
[  608.216573][ T9364] asus 0003:0B05:1822.0007: Asus hid parse failed: -22
[  608.216676][ T9364] asus 0003:0B05:1822.0007: probe with driver asus failed with error -22
[  608.317771][ T9060] Bluetooth: hci1: command tx timeout
[  608.389979][ T9723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.868'.
[  608.440866][ T9710] netlink: 40 bytes leftover after parsing attributes in process `syz.6.865'.
[  608.440899][ T9710] netlink: 40 bytes leftover after parsing attributes in process `syz.6.865'.
[  608.448063][ T9710] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  608.450097][ T9648] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.450217][ T9648] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.450427][ T9648] bridge_slave_0: entered allmulticast mode
[  608.455852][ T9648] bridge_slave_0: entered promiscuous mode
[  608.511282][ T9648] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.511471][ T9648] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.511650][ T9648] bridge_slave_1: entered allmulticast mode
[  608.522862][ T9648] bridge_slave_1: entered promiscuous mode
[  608.623126][ T9710] input: syz1 as /devices/virtual/input/input29
[  608.693506][ T6552] bridge_slave_1: left allmulticast mode
[  608.693610][ T6552] bridge_slave_1: left promiscuous mode
[  608.693845][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.744394][ T5960] usb 7-1: USB disconnect, device number 2
[  608.961537][ T6552] bridge_slave_0: left allmulticast mode
[  608.961563][ T6552] bridge_slave_0: left promiscuous mode
[  608.961796][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.013109][ T9731] netlink: 'syz.5.871': attribute type 61 has an invalid length.
[  609.013124][ T9731] netlink: 'syz.5.871': attribute type 62 has an invalid length.
[  609.213864][ T9734] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.872' resets device
[  609.734521][ T9741] syz.2.875 uses obsolete (PF_INET,SOCK_PACKET)
[  609.796969][   T36] audit: type=1326 audit(2000000385.319:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9737 comm="syz.6.874" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  612.495016][ T9060] Bluetooth: hci1: command tx timeout
[  613.147791][ T9364] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  613.299867][ T9364] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  613.299897][ T9364] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  613.299917][ T9364] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  613.299952][ T9364] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  613.299991][ T9364] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  613.300013][ T9364] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  613.300035][ T9364] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  613.383992][ T9364] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  613.384023][ T9364] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.384045][ T9364] usb 3-1: Manufacturer: 㝂
[  613.420147][ T9364] usb 3-1: config 0 descriptor??
[  613.424199][ T9364] hub 3-1:0.0: bad descriptor, ignoring hub
[  613.424237][ T9364] hub 3-1:0.0: probe with driver hub failed with error -5
[  613.466941][ T9364] input: 㝂 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input30
[  614.408449][ T6552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  614.458384][ T6552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  614.466627][ T9364] usb 3-1: USB disconnect, device number 32
[  614.521051][ T6552] bond0 (unregistering): Released all slaves
[  614.972214][ T9648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.304623][ T9648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  616.091886][ T9798] netlink: 'syz.5.891': attribute type 10 has an invalid length.
[  616.091918][ T9798] netlink: 40 bytes leftover after parsing attributes in process `syz.5.891'.
[  616.126112][ T9648] team0: Port device team_slave_0 added
[  616.241801][ T9798] team0: Device geneve0 failed to register rx_handler
[  616.287309][ T9802] netlink: 36 bytes leftover after parsing attributes in process `syz.2.892'.
[  616.304753][ T9802] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[  616.340254][ T9798] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  616.343409][ T9648] team0: Port device team_slave_1 added
[  616.538796][ T5887] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  616.687708][ T5887] usb 3-1: Using ep0 maxpacket: 8
[  616.690321][ T5887] usb 3-1: config 0 has an invalid interface number: 122 but max is 0
[  616.690347][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.690366][ T5887] usb 3-1: config 0 has no interface number 0
[  616.690410][ T5887] usb 3-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  616.690437][ T5887] usb 3-1: config 0 interface 122 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  616.690457][ T5887] usb 3-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0
[  616.690471][ T5887] usb 3-1: config 0 interface 122 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 8
[  616.701990][   T36] audit: type=1326 audit(2000000392.229:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9784 comm="syz.6.888" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  616.710006][ T5887] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  616.710034][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.710052][ T5887] usb 3-1: Product: syz
[  616.710065][ T5887] usb 3-1: Manufacturer: syz
[  616.710079][ T5887] usb 3-1: SerialNumber: syz
[  616.725534][ T5887] usb 3-1: config 0 descriptor??
[  616.933500][ T9802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  616.936891][ T9802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  616.955980][ T5887] usb 3-1: NFC: intf ffff888034051000 id ffffffff8e54a8e0
[  617.054407][ T5887] usb 3-1: USB disconnect, device number 33
[  617.130178][ T9648] batman_adv: batadv0: Adding interface: batadv_slave_0
[  617.130196][ T9648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  617.130247][ T9648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  617.516893][ T9648] batman_adv: batadv0: Adding interface: batadv_slave_1
[  617.517394][ T9648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  617.556345][ T9648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  618.167100][ T9816] program syz.3.895 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  618.690538][ T9826] overlayfs: missing 'lowerdir'
[  620.653781][ T9648] hsr_slave_0: entered promiscuous mode
[  620.655042][ T9648] hsr_slave_1: entered promiscuous mode
[  620.655942][ T9648] debugfs: 'hsr0' already exists in 'hsr'
[  620.655966][ T9648] Cannot create hsr debugfs directory
[  620.680949][  T969] lo speed is unknown, defaulting to 1000
[  622.877694][ T6552] hsr_slave_0: left promiscuous mode
[  622.949369][ T6552] hsr_slave_1: left promiscuous mode
[  622.950344][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  622.950367][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_0
[  623.031750][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  623.031777][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_1
[  623.223385][ T6552] veth1_macvtap: left promiscuous mode
[  623.223486][ T6552] veth0_macvtap: left promiscuous mode
[  623.223730][ T6552] veth1_vlan: left promiscuous mode
[  623.223896][ T6552] veth0_vlan: left promiscuous mode
[  624.641251][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  624.641319][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  624.928703][ T9875] FAULT_INJECTION: forcing a failure.
[  624.928703][ T9875] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  624.928739][ T9875] CPU: 0 UID: 0 PID: 9875 Comm: syz.5.907 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  624.928765][ T9875] Tainted: [L]=SOFTLOCKUP
[  624.928771][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  624.928784][ T9875] Call Trace:
[  624.928791][ T9875]  <TASK>
[  624.928799][ T9875]  dump_stack_lvl+0xe8/0x150
[  624.928828][ T9875]  should_fail_ex+0x46b/0x600
[  624.928854][ T9875]  _copy_from_user+0x2d/0xb0
[  624.928878][ T9875]  kvm_vm_ioctl+0x50d/0xd50
[  624.928905][ T9875]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  624.928946][ T9875]  ? kasan_quarantine_put+0xbb/0x1f0
[  624.928999][ T9875]  ? tomoyo_path_number_perm+0x219/0x630
[  624.929024][ T9875]  ? tomoyo_path_number_perm+0x219/0x630
[  624.929050][ T9875]  ? do_vfs_ioctl+0x117b/0x1540
[  624.929072][ T9875]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  624.929108][ T9875]  ? __asan_memset+0x22/0x50
[  624.929131][ T9875]  ? smack_file_ioctl+0x331/0x360
[  624.929168][ T9875]  ? __fget_files+0x2a/0x420
[  624.929189][ T9875]  ? __fget_files+0x3a6/0x420
[  624.929209][ T9875]  ? __fget_files+0x2a/0x420
[  624.929234][ T9875]  ? bpf_lsm_file_ioctl+0x9/0x20
[  624.929255][ T9875]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  624.929277][ T9875]  __se_sys_ioctl+0xff/0x170
[  624.929298][ T9875]  do_syscall_64+0x14d/0xf80
[  624.929320][ T9875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.929337][ T9875]  ? trace_irq_disable+0x37/0x100
[  624.929353][ T9875]  ? clear_bhb_loop+0x40/0x90
[  624.929374][ T9875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.929391][ T9875] RIP: 0033:0x7f9caa8fbf79
[  624.929408][ T9875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  624.929424][ T9875] RSP: 002b:00007f9ca8b56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  624.929444][ T9875] RAX: ffffffffffffffda RBX: 00007f9caab75fa0 RCX: 00007f9caa8fbf79
[  624.929457][ T9875] RDX: 0000200000000080 RSI: 000000004020aed2 RDI: 0000000000000004
[  624.929469][ T9875] RBP: 00007f9ca8b56090 R08: 0000000000000000 R09: 0000000000000000
[  624.929481][ T9875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.929492][ T9875] R13: 00007f9caab76038 R14: 00007f9caab75fa0 R15: 00007ffd9f138708
[  624.929521][ T9875]  </TASK>
[  627.680491][ T9882] netlink: 24 bytes leftover after parsing attributes in process `syz.6.910'.
[  628.787819][ T5887] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  628.954650][ T5887] usb 3-1: Using ep0 maxpacket: 32
[  628.957227][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  628.976074][ T5887] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  628.976098][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  628.976110][ T5887] usb 3-1: Product: syz
[  628.976117][ T5887] usb 3-1: Manufacturer: syz
[  628.976124][ T5887] usb 3-1: SerialNumber: syz
[  628.981036][ T5887] usb 3-1: config 0 descriptor??
[  629.025216][ T5887] hub 3-1:0.0: bad descriptor, ignoring hub
[  629.025263][ T5887] hub 3-1:0.0: probe with driver hub failed with error -5
[  629.621680][    T9] usb 3-1: USB disconnect, device number 34
[  632.926190][   T36] audit: type=1326 audit(2000000408.449:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9909 comm="syz.2.919" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7febc27bbf79 code=0x0
[  634.423436][ T6552] team0 (unregistering): Port device team_slave_1 removed
[  634.483432][ T9925] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  634.737815][ T5887] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  634.748342][ T6552] team0 (unregistering): Port device team_slave_0 removed
[  634.919935][ T5887] usb 3-1: Using ep0 maxpacket: 32
[  634.926972][ T5887] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  634.926999][ T5887] usb 3-1: config 0 has no interface number 0
[  634.927044][ T5887] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  634.927071][ T5887] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 33573, setting to 1024
[  634.927100][ T5887] usb 3-1: config 0 interface 2 has no altsetting 0
[  634.930614][ T5887] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  634.930642][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.930661][ T5887] usb 3-1: Product: syz
[  634.930675][ T5887] usb 3-1: Manufacturer: syz
[  634.930688][ T5887] usb 3-1: SerialNumber: syz
[  634.936002][ T5887] usb 3-1: config 0 descriptor??
[  635.245494][ T5887] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  635.682283][ T5887] usb 3-1: USB disconnect, device number 35
[  636.226518][ T9942] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  636.300699][ T9060] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  636.315947][ T9060] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  636.316896][ T9060] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  636.318568][ T9060] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  636.321515][ T9060] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  638.391297][ T5805] Bluetooth: hci4: command tx timeout
[  638.526690][   T36] audit: type=1326 audit(2000000414.039:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9951 comm="syz.5.931" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  640.457836][  T969] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  640.467749][ T5805] Bluetooth: hci4: command tx timeout
[  640.627840][  T969] usb 6-1: Using ep0 maxpacket: 32
[  640.629590][  T969] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  640.629618][  T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.634113][  T969] usb 6-1: config 0 descriptor??
[  640.668487][  T969] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  640.847110][  T969] gspca_vc032x: reg_r err -71
[  640.847146][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847158][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847167][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847175][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847184][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847193][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847201][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847209][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847221][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847230][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847238][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847254][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847262][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847271][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847279][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847290][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847297][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847304][  T969] gspca_vc032x: I2c Bus Busy Wait 00
[  640.847316][  T969] gspca_vc032x: Unknown sensor...
[  640.847404][  T969] vc032x 6-1:0.0: probe with driver vc032x failed with error -22
[  640.963068][  T969] usb 6-1: USB disconnect, device number 7
[  641.031837][ T9892] netlink: 20 bytes leftover after parsing attributes in process `syz.6.913'.
[  641.693583][ T9944] lo speed is unknown, defaulting to 1000
[  641.939328][   T36] audit: type=1326 audit(2000000417.369:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9982 comm="syz.6.940" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  642.547743][ T5805] Bluetooth: hci4: command tx timeout
[  643.610097][ T9989] 9p: Bad value for 'wfdno'
[  643.692008][ T9993] overlayfs: missing 'lowerdir'
[  643.770376][ T9997] overlayfs: failed to resolve './file0': -2
[  644.630560][ T5805] Bluetooth: hci4: command tx timeout
[  644.714117][ T5940] kernel write not supported for file /binder/transaction_log (pid: 5940 comm: kworker/1:6)
[  644.964669][ T5805] Bluetooth: hci3: Unable to find connection with handle 0x00ad
[  645.741880][   T36] audit: type=1326 audit(2000000421.189:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10025 comm="syz.6.950" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0658bf79 code=0x0
[  652.379942][ T9648] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  652.904378][T10063] 9pnet_virtio: no channels available for device syz
[  653.702810][ T6552] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.773436][ T9648] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  653.974367][ T9648] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  654.002554][ T9944] chnl_net:caif_netlink_parms(): no params data found
[  654.018615][ T9648] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  654.147877][   T36] audit: type=1326 audit(2000000429.669:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10069 comm="syz.2.960" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7febc27bbf79 code=0x0
[  654.294452][ T6552] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.892593][ T6552] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.037785][ T9364] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  655.295052][ T9364] usb 6-1: config 0 has an invalid interface number: 47 but max is 2
[  655.295083][ T9364] usb 6-1: config 0 has an invalid descriptor of length 117, skipping remainder of the config
[  655.295103][ T9364] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[  655.295124][ T9364] usb 6-1: config 0 has no interface number 0
[  655.295155][ T9364] usb 6-1: too many endpoints for config 0 interface 47 altsetting 111: 248, using maximum allowed: 30
[  655.295207][ T9364] usb 6-1: config 0 interface 47 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 248
[  655.295235][ T9364] usb 6-1: config 0 interface 47 has no altsetting 0
[  655.295267][ T9364] usb 6-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  655.295289][ T9364] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.362248][ T9364] usb 6-1: config 0 descriptor??
[  655.493044][ T6552] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.607960][ T9944] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.608836][ T9944] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.609338][ T9944] bridge_slave_0: entered allmulticast mode
[  655.614454][ T9944] bridge_slave_0: entered promiscuous mode
[  655.666967][ T9944] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.667094][ T9944] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.667318][ T9944] bridge_slave_1: entered allmulticast mode
[  655.671936][T10083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.712455][ T9944] bridge_slave_1: entered promiscuous mode
[  655.713623][T10083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.766061][ T9364] usb 6-1: string descriptor 0 read error: -71
[  655.896728][ T9364] usb 6-1: USB disconnect, device number 8
[  656.051863][ T9944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  656.164488][ T9944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  656.747540][ T9944] team0: Port device team_slave_0 added
[  656.812733][ T9944] team0: Port device team_slave_1 added
[  657.115950][ T9944] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.115962][ T9944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  657.115976][ T9944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.130767][ T9944] batman_adv: batadv0: Adding interface: batadv_slave_1
[  657.130785][ T9944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  657.130810][ T9944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  657.510264][ T6552] bridge_slave_1: left allmulticast mode
[  657.510292][ T6552] bridge_slave_1: left promiscuous mode
[  657.510521][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.600172][ T6552] bridge_slave_0: left allmulticast mode
[  657.600198][ T6552] bridge_slave_0: left promiscuous mode
[  657.600439][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.523288][T10121] FAULT_INJECTION: forcing a failure.
[  659.523288][T10121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  659.523324][T10121] CPU: 0 UID: 0 PID: 10121 Comm: syz.6.969 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  659.523350][T10121] Tainted: [L]=SOFTLOCKUP
[  659.523357][T10121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  659.523367][T10121] Call Trace:
[  659.523375][T10121]  <TASK>
[  659.523383][T10121]  dump_stack_lvl+0xe8/0x150
[  659.523412][T10121]  should_fail_ex+0x46b/0x600
[  659.523439][T10121]  _copy_from_user+0x2d/0xb0
[  659.523463][T10121]  memdup_user+0x5e/0xd0
[  659.523487][T10121]  strndup_user+0x68/0xd0
[  659.523511][T10121]  __se_sys_mount+0x9d/0x420
[  659.523534][T10121]  ? ksys_write+0x248/0x270
[  659.523554][T10121]  ? __pfx___se_sys_mount+0x10/0x10
[  659.523582][T10121]  ? __x64_sys_mount+0x20/0xc0
[  659.523605][T10121]  do_syscall_64+0x14d/0xf80
[  659.523627][T10121]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.523644][T10121]  ? trace_irq_disable+0x37/0x100
[  659.523660][T10121]  ? clear_bhb_loop+0x40/0x90
[  659.523681][T10121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.523699][T10121] RIP: 0033:0x7f7c0658bf79
[  659.523716][T10121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  659.523741][T10121] RSP: 002b:00007f7c047e6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  659.523762][T10121] RAX: ffffffffffffffda RBX: 00007f7c06805fa0 RCX: 00007f7c0658bf79
[  659.523775][T10121] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000
[  659.523788][T10121] RBP: 00007f7c047e6090 R08: 0000200000000040 R09: 0000000000000000
[  659.523800][T10121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  659.523812][T10121] R13: 00007f7c06806038 R14: 00007f7c06805fa0 R15: 00007ffeb821b9e8
[  659.523843][T10121]  </TASK>
[  659.686924][ T5940] kernel read not supported for file /sysvipc/msg (pid: 5940 comm: kworker/1:6)
[  660.087837][   T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  660.237790][   T10] usb 7-1: Using ep0 maxpacket: 16
[  660.240878][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.240902][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.240924][   T10] usb 7-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  660.240937][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.245019][   T10] usb 7-1: config 0 descriptor??
[  660.791335][   T10] kye 0003:0458:5013.0008: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  660.796922][   T10] kye 0003:0458:5013.0008: unknown main item tag 0x2
[  660.796961][   T10] kye 0003:0458:5013.0008: item fetching failed at offset 4/5
[  660.825935][   T10] kye 0003:0458:5013.0008: parse failed
[  660.826013][   T10] kye 0003:0458:5013.0008: probe with driver kye failed with error -22
[  661.393932][ T9060] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  661.413148][ T9060] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  661.413625][ T9060] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  661.457929][ T9060] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  661.461415][ T9060] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  661.928511][ T6552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  662.008842][ T6552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  662.041219][ T6552] bond0 (unregistering): Released all slaves
[  662.214058][ T9944] hsr_slave_0: entered promiscuous mode
[  662.219985][ T9944] hsr_slave_1: entered promiscuous mode
[  662.244363][ T9944] debugfs: 'hsr0' already exists in 'hsr'
[  662.244387][ T9944] Cannot create hsr debugfs directory
[  662.287361][  T969] usb 7-1: USB disconnect, device number 3
[  663.233832][T10127] lo speed is unknown, defaulting to 1000
[  664.380892][ T9060] Bluetooth: hci0: command tx timeout
[  664.557878][  T969] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  664.757799][  T969] usb 7-1: Using ep0 maxpacket: 8
[  664.764482][  T969] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  664.764512][  T969] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.820550][  T969] pvrusb2: Hardware description: Terratec Grabster AV400
[  664.820568][  T969] pvrusb2: **********
[  664.820575][  T969] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  664.820586][  T969] pvrusb2: Important functionality might not be entirely working.
[  664.820598][  T969] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  664.820610][  T969] pvrusb2: **********
[  665.020174][ T2361] pvrusb2: Invalid write control endpoint
[  665.201044][  T969] usb 7-1: USB disconnect, device number 4
[  665.242151][ T2361] pvrusb2: Invalid write control endpoint
[  665.242167][ T2361] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  665.242176][ T2361] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  665.242184][ T2361] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  665.242194][ T2361] pvrusb2: Device being rendered inoperable
[  665.261736][ T2361] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  665.261796][ T2361] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  665.275702][ T2361] pvrusb2: Attached sub-driver cx25840
[  665.275718][ T2361] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  665.275727][ T2361] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  665.863902][T10175] overlayfs: missing 'lowerdir'
[  665.872770][ T6552] hsr_slave_0: left promiscuous mode
[  665.903161][T10175] netlink: 8 bytes leftover after parsing attributes in process `syz.6.981'.
[  665.918042][ T6552] hsr_slave_1: left promiscuous mode
[  665.918684][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  665.918701][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_0
[  665.949687][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  665.949711][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_1
[  666.039820][   T36] audit: type=1326 audit(2000000441.559:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10166 comm="syz.5.979" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  666.255192][ T6552] veth1_macvtap: left promiscuous mode
[  666.255287][ T6552] veth0_macvtap: left promiscuous mode
[  666.255521][ T6552] veth1_vlan: left promiscuous mode
[  666.255681][ T6552] veth0_vlan: left promiscuous mode
[  666.388210][ T5805] Bluetooth: hci0: command tx timeout
[  666.567775][ T9364] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  666.757793][ T9364] usb 3-1: Using ep0 maxpacket: 8
[  666.779879][ T9364] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  666.779907][ T9364] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  666.779928][ T9364] usb 3-1: config 0 has no interface number 0
[  666.779972][ T9364] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  666.779998][ T9364] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  666.780025][ T9364] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  666.781192][ T9364] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  666.781219][ T9364] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  666.781239][ T9364] usb 3-1: Product: syz
[  666.786405][ T9364] usb 3-1: config 0 descriptor??
[  666.787135][T10182] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  667.023973][ T9364] usb 3-1: USB disconnect, device number 36
[  667.909121][T10185] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input32
[  668.511894][ T5805] Bluetooth: hci0: command tx timeout
[  668.737818][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  668.877759][   T10] usb 6-1: device descriptor read/64, error -71
[  670.027724][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  670.157739][   T10] usb 6-1: device descriptor read/64, error -71
[  670.268267][   T10] usb usb6-port1: attempt power cycle
[  670.548373][ T5805] Bluetooth: hci0: command tx timeout
[  670.597741][ T5960] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  670.615368][   T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  670.646303][   T10] usb 6-1: device descriptor read/8, error -71
[  670.768961][ T5960] usb 3-1: config 0 has an invalid interface number: 111 but max is 0
[  670.768989][ T5960] usb 3-1: config 0 has no interface number 0
[  670.769028][ T5960] usb 3-1: New USB device found, idVendor=05a9, idProduct=8065, bcdDevice=41.96
[  670.769040][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.771906][ T5960] usb 3-1: config 0 descriptor??
[  670.782594][ T5960] gspca_main: ov534_9-2.14.0 probing 05a9:8065
[  670.868351][ T6552] team0 (unregistering): Port device team_slave_1 removed
[  670.887736][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  670.909342][   T10] usb 6-1: device descriptor read/8, error -71
[  671.018334][   T10] usb usb6-port1: unable to enumerate USB device
[  671.118441][ T6552] team0 (unregistering): Port device team_slave_0 removed
[  672.994125][ T5960] gspca_ov534_9: reg_w failed -110
[  673.327733][ T5960] gspca_ov534_9: Unknown sensor 0000
[  673.327813][ T5960] ov534_9 3-1:0.111: probe with driver ov534_9 failed with error -22
[  675.317364][   T36] audit: type=1326 audit(2000000450.839:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10218 comm="syz.5.992" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  675.462880][   T10] usb 3-1: USB disconnect, device number 37
[  675.764230][ T9944] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  675.822562][T10127] chnl_net:caif_netlink_parms(): no params data found
[  675.856258][ T9944] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  676.173193][T10219] tmpfs: Bad value for 'mpol'
[  676.176546][T10241] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input33
[  676.324865][ T9944] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  676.423615][ T9944] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  676.928507][T10264] netlink: 108 bytes leftover after parsing attributes in process `syz.2.997'.
[  677.066119][T10127] bridge0: port 1(bridge_slave_0) entered blocking state
[  677.066321][T10127] bridge0: port 1(bridge_slave_0) entered disabled state
[  677.066541][T10127] bridge_slave_0: entered allmulticast mode
[  677.094054][T10127] bridge_slave_0: entered promiscuous mode
[  677.144828][T10127] bridge0: port 2(bridge_slave_1) entered blocking state
[  677.144970][T10127] bridge0: port 2(bridge_slave_1) entered disabled state
[  677.145175][T10127] bridge_slave_1: entered allmulticast mode
[  677.173997][T10127] bridge_slave_1: entered promiscuous mode
[  677.496683][T10127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  677.606019][T10272] overlayfs: missing 'lowerdir'
[  677.691787][T10272] netlink: 8 bytes leftover after parsing attributes in process `syz.2.999'.
[  677.871926][T10127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  678.364641][T10127] team0: Port device team_slave_0 added
[  678.368477][T10127] team0: Port device team_slave_1 added
[  678.550637][T10127] batman_adv: batadv0: Adding interface: batadv_slave_0
[  678.550649][T10127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  678.550663][T10127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  679.031267][T10127] batman_adv: batadv0: Adding interface: batadv_slave_1
[  679.031284][T10127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  679.031310][T10127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  679.710089][T10127] hsr_slave_0: entered promiscuous mode
[  679.730103][T10127] hsr_slave_1: entered promiscuous mode
[  679.733675][T10127] debugfs: 'hsr0' already exists in 'hsr'
[  679.733700][T10127] Cannot create hsr debugfs directory
[  680.107774][ T5802] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  680.237764][ T5802] usb 3-1: device descriptor read/64, error -71
[  680.355967][ T6552] bridge_slave_1: left allmulticast mode
[  680.356002][ T6552] bridge_slave_1: left promiscuous mode
[  680.356230][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state
[  680.482319][ T6552] bridge_slave_0: left allmulticast mode
[  680.482348][ T6552] bridge_slave_0: left promiscuous mode
[  680.482586][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.483055][ T5802] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  680.607750][ T5802] usb 3-1: device descriptor read/64, error -71
[  680.722467][ T5802] usb usb3-port1: attempt power cycle
[  681.127806][ T5802] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  681.165818][ T5802] usb 3-1: device descriptor read/8, error -71
[  681.413393][ T5802] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  681.428430][ T5802] usb 3-1: device descriptor read/8, error -71
[  681.538085][ T5802] usb usb3-port1: unable to enumerate USB device
[  681.661919][T10319] FAULT_INJECTION: forcing a failure.
[  681.661919][T10319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  681.661943][T10319] CPU: 1 UID: 0 PID: 10319 Comm: syz.6.1010 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  681.661958][T10319] Tainted: [L]=SOFTLOCKUP
[  681.661962][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  681.661968][T10319] Call Trace:
[  681.661973][T10319]  <TASK>
[  681.661977][T10319]  dump_stack_lvl+0xe8/0x150
[  681.661996][T10319]  should_fail_ex+0x46b/0x600
[  681.662012][T10319]  _copy_from_user+0x2d/0xb0
[  681.662027][T10319]  __sys_bind+0x1cc/0x410
[  681.662042][T10319]  ? __pfx___sys_bind+0x10/0x10
[  681.662061][T10319]  ? __pfx_ksys_write+0x10/0x10
[  681.662075][T10319]  __x64_sys_bind+0x7a/0x90
[  681.662089][T10319]  do_syscall_64+0x14d/0xf80
[  681.662102][T10319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.662112][T10319]  ? trace_irq_disable+0x37/0x100
[  681.662121][T10319]  ? clear_bhb_loop+0x40/0x90
[  681.662133][T10319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.662142][T10319] RIP: 0033:0x7f7c0658bf79
[  681.662152][T10319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  681.662161][T10319] RSP: 002b:00007f7c047e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  681.662172][T10319] RAX: ffffffffffffffda RBX: 00007f7c06805fa0 RCX: 00007f7c0658bf79
[  681.662179][T10319] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000004
[  681.662185][T10319] RBP: 00007f7c047e6090 R08: 0000000000000000 R09: 0000000000000000
[  681.662192][T10319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  681.662197][T10319] R13: 00007f7c06806038 R14: 00007f7c06805fa0 R15: 00007ffeb821b9e8
[  681.662213][T10319]  </TASK>
[  682.151634][ T5805] Bluetooth: hci6: unexpected cc 0x203d length: 9 > 1
[  682.292017][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f037c00: rx timeout, send abort
[  682.500724][T10330] af_packet: tpacket_rcv: packet too big, clamped from 18 to 4294967286. macoff=82
[  682.658132][ T6552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  682.792963][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f037400: rx timeout, send abort
[  682.794007][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f037c00: abort rx timeout. Force session deactivation
[  683.044695][ T6552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  683.215026][ T6552] bond0 (unregistering): Released all slaves
[  683.293042][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805f037400: abort rx timeout. Force session deactivation
[  683.384713][ T9944] 8021q: adding VLAN 0 to HW filter on device bond0
[  683.400081][ T9577] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  683.577766][ T9577] usb 7-1: Using ep0 maxpacket: 16
[  683.615430][ T9577] usb 7-1: config 0 has an invalid interface number: 60 but max is 0
[  683.615458][ T9577] usb 7-1: config 0 has no interface number 0
[  683.704578][ T9577] usb 7-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=fa.5a
[  683.704609][ T9577] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.704629][ T9577] usb 7-1: Product: syz
[  683.704651][ T9577] usb 7-1: Manufacturer: syz
[  683.704665][ T9577] usb 7-1: SerialNumber: syz
[  683.784263][ T9577] usb 7-1: config 0 descriptor??
[  683.819980][ T9577] gspca_main: spca500-2.14.0 probing 046d:0900
[  684.367892][ T9577] gspca_spca500: reg write: error -32
[  684.420682][ T9577] gspca_spca500: reg write: error -32
[  684.426637][ T9577] gspca_spca500: reg write: error -32
[  684.472579][ T9577] gspca_spca500: reg write: error -32
[  684.472986][ T9577] gspca_spca500: reg write: error -32
[  684.473364][ T9577] gspca_spca500: reg write: error -32
[  684.473735][ T9577] gspca_spca500: reg write: error -32
[  684.474103][ T9577] gspca_spca500: reg write: error -32
[  684.474477][ T9577] gspca_spca500: reg write: error -32
[  684.474862][ T9577] gspca_spca500: reg write: error -32
[  684.475357][ T9577] gspca_spca500: reg write: error -32
[  684.475745][ T9577] gspca_spca500: reg write: error -32
[  684.476129][ T9577] gspca_spca500: reg write: error -32
[  684.476510][ T9577] gspca_spca500: reg write: error -32
[  684.607354][ T6552] hsr_slave_0: left promiscuous mode
[  684.628673][ T6552] hsr_slave_1: left promiscuous mode
[  684.629577][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_0
[  684.680417][ T6552] batman_adv: batadv0: Removing interface: batadv_slave_1
[  685.587447][   T36] audit: type=1326 audit(2000000461.109:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10355 comm="syz.2.1017" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7febc27bbf79 code=0x0
[  686.072477][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  686.072543][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  686.347121][ T5960] usb 7-1: USB disconnect, device number 5
[  686.531186][ T6552] team0 (unregistering): Port device team_slave_1 removed
[  687.226932][ T6552] team0 (unregistering): Port device team_slave_0 removed
[  687.603577][   T36] audit: type=1326 audit(2000000463.129:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.603696][   T36] audit: type=1326 audit(2000000463.129:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.604125][   T36] audit: type=1326 audit(2000000463.129:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.604349][   T36] audit: type=1326 audit(2000000463.129:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.604636][   T36] audit: type=1326 audit(2000000463.129:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.605027][   T36] audit: type=1326 audit(2000000463.129:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.605205][   T36] audit: type=1326 audit(2000000463.129:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.605490][   T36] audit: type=1326 audit(2000000463.129:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  687.605698][   T36] audit: type=1326 audit(2000000463.129:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10379 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7febc27bbf79 code=0x7ffc0000
[  690.175639][ T9944] 8021q: adding VLAN 0 to HW filter on device team0
[  690.259697][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.259821][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state
[  690.644674][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.644749][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  693.281099][T10127] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  693.358832][T10127] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  693.430743][T10127] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  693.518959][T10127] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  693.642459][ T9944] 8021q: adding VLAN 0 to HW filter on device batadv0
[  693.847710][   T36] kauditd_printk_skb: 18 callbacks suppressed
[  693.847728][   T36] audit: type=1326 audit(2000000469.369:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10446 comm="syz.5.1038" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  695.230449][T10127] 8021q: adding VLAN 0 to HW filter on device bond0
[  695.305047][T10127] 8021q: adding VLAN 0 to HW filter on device team0
[  695.361929][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state
[  695.362125][ T8683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  695.418773][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  695.418872][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  696.019872][ T9944] veth0_vlan: entered promiscuous mode
[  696.073009][ T9944] veth1_vlan: entered promiscuous mode
[  696.315949][ T9944] veth0_macvtap: entered promiscuous mode
[  696.370847][ T9944] veth1_macvtap: entered promiscuous mode
[  696.592435][T10481] netlink: 'syz.5.1044': attribute type 2 has an invalid length.
[  696.691647][T10127] 8021q: adding VLAN 0 to HW filter on device batadv0
[  696.905973][ T9060] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  696.935326][ T9060] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  696.935735][ T9060] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  696.957912][ T9060] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  696.958689][ T9060] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  697.308975][T10488] xfs: Unknown parameter 'n������y'
[  697.455469][T10485] lo speed is unknown, defaulting to 1000
[  697.905260][T10502] overlayfs: failed to resolve './file1': -2
[  698.787838][   T36] audit: type=1326 audit(2000000474.309:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10511 comm="syz.2.1047" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7febc27bbf79 code=0x0
[  699.028113][ T5805] Bluetooth: hci1: command tx timeout
[  701.168624][ T5805] Bluetooth: hci1: command tx timeout
[  704.227852][ T5805] Bluetooth: hci1: command tx timeout
[  704.960430][T10485] chnl_net:caif_netlink_parms(): no params data found
[  706.393915][ T5805] Bluetooth: hci1: command tx timeout
[  707.160981][   T36] audit: type=1326 audit(2000000482.689:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10560 comm="syz.5.1057" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  708.328163][T10127] veth0_vlan: entered promiscuous mode
[  709.922554][T10485] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.922675][T10485] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.922907][T10485] bridge_slave_0: entered allmulticast mode
[  709.925385][T10485] bridge_slave_0: entered promiscuous mode
[  709.980399][T10485] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.980528][T10485] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.980736][T10485] bridge_slave_1: entered allmulticast mode
[  709.983410][T10485] bridge_slave_1: entered promiscuous mode
[  710.017760][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  710.116323][T10592] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1065'.
[  710.131089][T10127] veth1_vlan: entered promiscuous mode
[  710.180148][   T10] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  710.180175][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.209656][   T10] usb 7-1: config 0 descriptor??
[  710.232369][T10485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.236637][   T10] gspca_main: cpia1-2.14.0 probing 0813:0001
[  710.276491][T10485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.775356][   T10] cpia1 7-1:0.0: unexpected state after lo power cmd: 00
[  710.979918][T10583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  710.985900][T10583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.156387][T10485] team0: Port device team_slave_0 added
[  711.204874][T10485] team0: Port device team_slave_1 added
[  711.322446][   T10] cpia1 7-1:0.0: only firmware version 1 is supported (got: 160)
[  711.381191][T10605] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1067'.
[  711.496390][T10485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  711.496407][T10485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  711.496432][T10485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  711.557480][T10485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  711.557497][T10485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  711.557523][T10485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  711.687874][T10504] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  711.741260][   T36] audit: type=1326 audit(2000000487.269:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10608 comm="syz.5.1068" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9caa8fbf79 code=0x0
[  711.839993][T10504] usb 3-1: config 4 has an invalid interface number: 88 but max is 0
[  711.840024][T10504] usb 3-1: config 4 has no interface number 0
[  711.840068][T10504] usb 3-1: config 4 interface 88 altsetting 119 has a duplicate endpoint with address 0xB, skipping
[  711.840091][T10504] usb 3-1: config 4 interface 88 altsetting 119 has an endpoint descriptor with address 0xD5, changing to 0x85
[  711.840117][T10504] usb 3-1: config 4 interface 88 altsetting 119 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  711.840144][T10504] usb 3-1: config 4 interface 88 has no altsetting 0
[  711.843914][T10504] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  711.843943][T10504] usb 3-1: New USB device strings: Mfr=8, Product=0, SerialNumber=3
[  711.843964][T10504] usb 3-1: Manufacturer: syz
[  711.843979][T10504] usb 3-1: SerialNumber: syz
[  711.983612][T10605] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  712.114854][T10127] veth0_macvtap: entered promiscuous mode
[  712.175360][T10485] hsr_slave_0: entered promiscuous mode
[  712.194947][T10485] hsr_slave_1: entered promiscuous mode
[  712.211644][T10485] debugfs: 'hsr0' already exists in 'hsr'
[  712.211671][T10485] Cannot create hsr debugfs directory
[  712.260274][T10127] veth1_macvtap: entered promiscuous mode
[  712.314199][T10504] usb 3-1: USB disconnect, device number 42
[  712.472708][ T9908] bridge_slave_1: left allmulticast mode
[  712.472738][ T9908] bridge_slave_1: left promiscuous mode
[  712.472968][ T9908] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.628444][ T9908] bridge_slave_0: left allmulticast mode
[  714.628475][ T9908] bridge_slave_0: left promiscuous mode
[  714.628726][ T9908] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.724562][T10504] usb 7-1: USB disconnect, device number 6
[  716.668287][ T9908] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  716.697924][   T10] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  716.744362][ T9908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  716.761624][ T9908] bond0 (unregistering): Released all slaves
[  716.857146][   T10] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  716.857177][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.857207][   T10] usb 3-1: Product: syz
[  716.857219][   T10] usb 3-1: Manufacturer: syz
[  716.857233][   T10] usb 3-1: SerialNumber: syz
[  716.909827][   T10] usb 3-1: config 0 descriptor??
[  717.143349][T10662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  717.144882][T10662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.151873][ T5805] Bluetooth: hci2: unknown advertising packet type: 0x17
[  717.151908][ T5805] Bluetooth: hci2: unknown advertising packet type: 0x5f
[  717.151923][ T5805] Bluetooth: hci2: Dropping invalid advertising data
[  717.151942][ T5805] Bluetooth: hci2: Malformed LE Event: 0x02
[  717.170534][T10662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  717.171013][T10662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.244882][T10127] batman_adv: batadv0: Interface activated: batadv_slave_0
[  717.299795][   T10] usb-storage 3-1:0.0: USB Mass Storage device detected
[  717.458113][   T10] usb 3-1: USB disconnect, device number 43
[  717.497183][ T9908] hsr_slave_0: left promiscuous mode
[  717.523517][T10681] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1086'.
[  717.712651][ T9908] hsr_slave_1: left promiscuous mode
[  717.713588][ T9908] batman_adv: batadv0: Removing interface: batadv_slave_0
[  717.778772][ T9908] batman_adv: batadv0: Removing interface: batadv_slave_1
[  718.030106][ T9908] veth1_macvtap: left promiscuous mode
[  718.030204][ T9908] veth0_macvtap: left promiscuous mode
[  718.030517][ T9908] veth1_vlan: left promiscuous mode
[  718.030677][ T9908] veth0_vlan: left promiscuous mode
[  718.744547][T10720] netlink: 212360 bytes leftover after parsing attributes in process `syz.2.1100'.
[  720.322706][T10763] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  720.322734][T10763] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  720.322914][T10763] vhci_hcd vhci_hcd.0: Device attached
[  720.325708][T10764] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  720.325726][T10764] #PF: supervisor read access in kernel mode
[  720.325736][T10764] #PF: error_code(0x0000) - not-present page
[  720.325747][T10764] PGD 8000000055387067 P4D 8000000055387067 PUD 0 
[  720.325770][T10764] Oops: Oops: 0000 [#1] SMP KASAN PTI
[  720.325791][T10764] CPU: 1 UID: 0 PID: 10764 Comm: vhci_rx Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  720.325813][T10764] Tainted: [L]=SOFTLOCKUP
[  720.325818][T10764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  720.325826][T10764] RIP: 0010:kcov_remote_start+0x2a1/0x710
[  720.325852][T10764] Code: 5e 8d 4c 8b b8 18 44 29 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 40 96 c2 8d 4d 8b 3f 49 81 ff 40 96 c2 8d 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 01 70 db 02 84 c0 74 0e 49 8b 07 49
[  720.325866][T10764] RSP: 0018:ffffc90005c0fc88 EFLAGS: 00010207
[  720.325879][T10764] RAX: 0000000000000000 RBX: ffff8880265a1e00 RCX: 0000000000000000
[  720.325889][T10764] RDX: 0000000098996300 RSI: 0000000000000001 RDI: ffffffff8b861520
[  720.325900][T10764] RBP: 0000000000100000 R08: ffffffff8b14a050 R09: ffffffff8dbcd480
[  720.325910][T10764] R10: dffffc0000000000 R11: fffffbfff1e9250f R12: 0000000000000002
[  720.325921][T10764] R13: 0000000000000001 R14: ffff8880308ffd00 R15: 0000000000000000
[  720.325930][T10764] FS:  0000000000000000(0000) GS:ffff888126695000(0000) knlGS:0000000000000000
[  720.325943][T10764] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  720.325953][T10764] CR2: 0000000000000010 CR3: 000000007ddd2000 CR4: 00000000003526f0
[  720.325967][T10764] Call Trace:
[  720.325973][T10764]  <TASK>
[  720.325981][T10764]  vhci_rx_loop+0x18d/0xa00
[  720.326001][T10764]  ? __pfx_vhci_rx_loop+0x10/0x10
[  720.326015][T10764]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  720.326034][T10764]  ? __kthread_parkme+0x7a/0x1f0
[  720.326054][T10764]  kthread+0x388/0x470
[  720.326072][T10764]  ? __pfx_vhci_rx_loop+0x10/0x10
[  720.326084][T10764]  ? __pfx_kthread+0x10/0x10
[  720.326102][T10764]  ret_from_fork+0x51e/0xb90
[  720.326119][T10764]  ? __pfx_ret_from_fork+0x10/0x10
[  720.326135][T10764]  ? __switch_to+0xc7d/0x1400
[  720.326150][T10764]  ? __pfx_kthread+0x10/0x10
[  720.326169][T10764]  ret_from_fork_asm+0x1a/0x30
[  720.326194][T10764]  </TASK>
[  720.326203][T10764] Modules linked in:
[  720.326219][T10764] CR2: 0000000000000010
[  720.326230][T10764] ---[ end trace 0000000000000000 ]---
[  720.326237][T10764] RIP: 0010:kcov_remote_start+0x2a1/0x710
[  720.326257][T10764] Code: 5e 8d 4c 8b b8 18 44 29 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 40 96 c2 8d 4d 8b 3f 49 81 ff 40 96 c2 8d 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 01 70 db 02 84 c0 74 0e 49 8b 07 49
[  720.326270][T10764] RSP: 0018:ffffc90005c0fc88 EFLAGS: 00010207
[  720.326282][T10764] RAX: 0000000000000000 RBX: ffff8880265a1e00 RCX: 0000000000000000
[  720.326292][T10764] RDX: 0000000098996300 RSI: 0000000000000001 RDI: ffffffff8b861520
[  720.326302][T10764] RBP: 0000000000100000 R08: ffffffff8b14a050 R09: ffffffff8dbcd480
[  720.326312][T10764] R10: dffffc0000000000 R11: fffffbfff1e9250f R12: 0000000000000002
[  720.326322][T10764] R13: 0000000000000001 R14: ffff8880308ffd00 R15: 0000000000000000
[  720.326331][T10764] FS:  0000000000000000(0000) GS:ffff888126695000(0000) knlGS:0000000000000000
[  720.326344][T10764] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  720.326354][T10764] CR2: 0000000000000010 CR3: 000000007ddd2000 CR4: 00000000003526f0
[  720.326371][T10764] Kernel panic - not syncing: Fatal exception
[  720.326728][T10764] Kernel Offset: disabled