last executing test programs:

46.877857486s ago: executing program 4 (id=701):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000000)='2^', 0x2)
syz_usb_disconnect(r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1f, 0x0, 0x0, r4}, [@IFA_BROADCAST={0x8, 0x4, @private=0xa010100}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0)

43.311841035s ago: executing program 4 (id=708):
syz_open_dev$ptys(0xc, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720aacff0000000071101d00000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r6)
close(r5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="1ebac57c637d1fedb0c324b05bc966c8095b1ec4b868f1b1e782af3a79411da9b91bfe923c37fa6b32fc1512a5829686e30059bb802a2cea9b274b0975aecc180d97956d94330471f8a06acef797ceb3276bde7322666777c07b639727bc83a4f32c60b675", @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r8}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
close_range(r4, 0xffffffffffffffff, 0x0)
r9 = syz_open_dev$video4linux(&(0x7f0000000100), 0x7f5b, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0585605, &(0x7f0000000200)={0x1})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

43.311444499s ago: executing program 0 (id=709):
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x15, 0xea, 0xae, 0x20, 0x5da, 0xb6, 0xcdb7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbf, 0x46, 0x35}}]}}]}}, 0x0)
statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/187)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x6d0e4d1ae2da54ba, &(0x7f0000000180)={@private, @loopback, <r0=>0x0}, &(0x7f00000001c0)=0xc)
bind$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x15, r0, 0x1, 0x0, 0x6, @local}, 0x14)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
sendfile(r2, r3, 0x0, 0x6)
io_uring_enter(r3, 0x5c51, 0xdace, 0x10, &(0x7f00000002c0)={[0x63]}, 0x8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r6, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
connect$llc(r6, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
r7 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r7, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
clock_gettime(0x0, &(0x7f0000000380))
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x600})
socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000000000002eeed88696", @ANYRES32], 0x20}}, 0x8080)
socket$inet6_udp(0xa, 0x2, 0x0)

42.35396407s ago: executing program 4 (id=714):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000004000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0x1000a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000009c0)='kfree\x00', r2}, 0x10)
r3 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14/8\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x21400, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x441, 0x0)

40.571088515s ago: executing program 4 (id=717):
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, &(0x7f0000000200))
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'geneve1\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x2}, 0x4)
sendto$inet6(r1, &(0x7f0000000280)="0503092c8f0b480301020d00c52cf7c25975e010b02f0800eb2b2ff0dac8897c6b118777faffffff3066100cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e26, 0x7fff, @remote, 0x2100}, 0xffffffffffffff28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f000000d380))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000000c0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000100)=0x6)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000040))
keyctl$clear(0x5, 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x20000800)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0xb0, 0x41, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x99, 0x3, 0x0, 0x1, [@generic="427193e1acc0e0c706d27531dd4ed107a255fa413deec09c1428d030025331d7bbd3d6164c9c865056d848333c1604637b1b0e9c740fa9ff298794c1f5a57a319ac79db9fb44bd361c573d21453368c0cad0860bbfe5cfe6b6cba183bdce01c8cd8e785013d547223d4a9c3a28acf6f4e899eee50b65230a74cf93a3f81efc006cd84f1ce50ef5135f741dc302af841ff8df02b5ad"]}]}, 0xb0}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000500)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r6, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r6, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2c000801}, 0x20040010)
preadv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

38.123591581s ago: executing program 0 (id=719):
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000850000007b000000180100002020752500000000002023c4a3cb50770d0ac11e7ad8d9979520207b010072000000000000f8ffffffb702000008000000b703000000000000000000000600000095000000e800"/105], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x2, 0x0, @local, 0xa}, 0x1c)
socket(0x2, 0x2, 0x1)
bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x6e)
r4 = syz_open_procfs(0x0, 0x0)
preadv(r4, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0xa3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b0400000000000000000200000038000480340001800b0001006e756d67656e00002400028008000440000000000800014000000008080002400000000608000340000000010900010073797a30000000000900020073797a320000002014000000110001"], 0x8c}}, 0x0)
r6 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fspick(r7, &(0x7f0000000000)='.\x00', 0x0)
syz_usb_connect(0x4, 0x210, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3d173085e040f04cee8010203010902fe0101000000020904b5000ee84ffc0009050e03100006e109072501010604000725018015070009050500400005ff0509050900000207dee107250180970900090507100002020ca3072501030bf9ff09050010ff036002030905040c08000c0a0607250102050104090506"], 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00199c0879fc91f6859b566cde0f281bd2ca12105afac4ffb7f72487d07689c05de73c4c7940fd0b2b2a3157d3b9a4c04c6e4ec910"])
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=""/107)
creat(0x0, 0x0)

37.087940272s ago: executing program 4 (id=722):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x180)
read$FUSE(r0, &(0x7f0000012400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
r2 = syz_io_uring_setup(0x5c2, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r0}, &(0x7f00000002c0), &(0x7f00000001c0))
io_setup(0x0, 0x0)
prlimit64(r1, 0x9, &(0x7f0000000380)={0x100008, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_cancel(0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)={[], [], 0x2f})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r9)
tkill(r9, 0x8)
ptrace$peeksig(0x4209, r9, &(0x7f0000000040), &(0x7f0000000200))
setresuid(0x0, r8, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
io_setup(0x81, &(0x7f0000001440)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])

35.974412197s ago: executing program 4 (id=726):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x30, 0x4, 0x0, 0x2, 0xc0, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@multicast2}]}, @noop, @noop, @lsrr={0x83, 0x3, 0xdc}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38)

33.947446917s ago: executing program 0 (id=729):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000340)=""/186, 0xba}], 0x1, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)

30.883828194s ago: executing program 0 (id=733):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="0100"})
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_io_uring_setup(0x3b, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0x231, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000003702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000001404000000ffffffdc04000040000000b704000010000020620700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113940c19aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551558055dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086071d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea4f1fcfae8ce58bd63210a69f8e5227fd32e7d5a2c7ecf57ac64509224b52e746d631637e596e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777e3f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d61573bebb74efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d18165e2b6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0144587734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc6883e4eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18c756ce8de3369308b2dc6e9689dfd5af41f2dc427ec1ec801b7abd10529337207d4996e1e5862003833c68f95369ab3d187763cd805212fc0450ec3fed76f095ae5d13b6e553100976f6a60215b97f5a652f2788cda131dc9051c87e762130ca6164c621ad393dc183fd26d2099cd7a77040fdc6052788b61bdf581807542b0c552ea2587dd8e2612911598fdaf28029191b2768f987807e3c0c9d5042"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$pptp(0x18, 0x1, 0x2)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
openat$cgroup(r5, &(0x7f00000003c0)='syz1\x00', 0x200002, 0x0)
bind$pptp(r4, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="b000000016007f029e78f6030f7a0a762353bfb89fd8c902317bab30f89f080aaaaeb9d8091c815dcf03e14e877733fff4fe20a5be870f576b162e7de2d02673e789a4950c9cdc206e086fd0dc8ca9afcd9d522ac78876a4595146add31b35355848794ca3f8b38aef1e114ab9fb0200000000000000a3b0c81c6f8144e74fe13b80ca46c1a6c04ad73c9d44b605f900"/158, 0x9e}, {&(0x7f00000000c0)="68c32a7de6a2395800"/18, 0x12}], 0x2}, 0x0)
connect$pptp(r4, &(0x7f0000000280)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000100), 0x8000000000000000, 0xa0000)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f00000002c0)={0x0, 0x7, 0x95bb, 0x24c4, 0xffff, 0x40, 0xcd2, 0x3b, 0x7fffffffffffffff, 0x8, 0x5, 0x5})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r8, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x10, 0x0)
r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049e9)
write$FUSE_IOCTL(r9, &(0x7f0000000040)={0x20, 0x0, 0x0, {0x5cb, 0x4, 0x566e, 0x81}}, 0x20)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000004580), &(0x7f0000000080)={0x3fe}, 0x0, 0x0, 0x0)

29.391122952s ago: executing program 0 (id=734):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000340)={0x3, &(0x7f0000000300)=[{0x2f54, 0x9, 0xd6, 0x7fff}, {0x0, 0x6, 0xa, 0x9}, {0xe000, 0x80, 0x7, 0x440}]}, 0x10)
getsockopt(r0, 0x6, 0x8, &(0x7f00000000c0)=""/76, &(0x7f0000000180)=0x4c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000080)={r1}, &(0x7f0000000140)=0x8)
mkdir(&(0x7f00000003c0)='./file1\x00', 0x16)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1607010, 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x87, r3}, './file0\x00'})
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000040)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r5 = inotify_init1(0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r4)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, <r6=>0x0})
r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$EXT4_IOC_GROUP_EXTEND(r7, 0x40305829, &(0x7f0000000240))
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000090400206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000000)={0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)

27.43599155s ago: executing program 0 (id=739):
r0 = openat$khugepaged_scan(0xffffff9c, &(0x7f0000000540), 0x1, 0x0)
writev(r0, &(0x7f0000001b00)=[{&(0x7f00000005c0)="21b9b63701e94d98ecab63389f9f870d3b4fd3dc0fb3ec84c5b7e71898ee8cf1854ccaea81eb252249de41ba430b47735e5c533e5b2428a4bc6a66e7eb76ee057d4d4b5a9fb9d9c2a13ff4eb9396ae45581e7c1d084f1c7adb0406587c1482d7c12b5c307c39981473c4634ad9fb73c368b081c7169e", 0x76}, {&(0x7f0000000640)="2df58809fe30ee67e485bef50c7aea42dc7156e751049da9be11a11e01c0a819037ed041af571a7ae65eb850ae596b1e9c76b0f7007bec639fb2922a8732991ecc7fa58166de9601114f41b79408888b09dc1c5337fd711e7299ba85b77fcb0eed38ac39cf4c73cfd004935cc95409865af10303c7e4ff64572af39c7442ec8be4461ca6f808", 0x86}, {&(0x7f0000000700)="df97fcad444557f66476c9bf05bbedd95975c91b1d3bac90fc58af44aefea58029e67e889fc3760c23762b86e23a5925b5b0cddc0335d3a982851feac93389b8fb12c6795b585f46eadeccdb969b9989cd19f3462fb9854f4dc123f7a107e889f27e0d6cf3222cd6fbd9774977c5df69f974c0a3de74a6634efbeb46afa081f6b5376b1ff9b6ba16d74a0b874a1822be5f828d8100f7b335e2e9354063d1f43955852756263a72ac3f1d0683d7fd5f6e18ba79090f1016594b9189dfb3453545e2f501044a2cbacd55f458715854942f7b5f7ad7906c618e180f718be120fa00", 0xe0}, {&(0x7f0000000800)="fe", 0x1}, {&(0x7f0000000840)="92bef9b7a450afc8d0658725d89fff26289713450f770db3a69e4f4567985337044ba04462210918693856cca0b3b6deeda6d00199805574494328bfb5a0ed3e2c932bdf68e8b5b8b750ca1628980525922d18e1ff87428c6a29b7f4170eb5ab0e886dfa96526b3506226c3aeac3a65eff498d610b51b85450c0cf0341de1c65e888ec61aa05dc56bc660131faf0b8d913ee94c8043afd11a9537a5fe5c62852e81e910632ba0efdd434115c93c4b52020fec3c1fa8dc8", 0xb7}, {&(0x7f0000000900)="fe3c6643a137a8217680e386bcef71565dd444d1023f7905bb31895a9828bb9e94f4111d82d579a4248dfda31bf6b70cf894499ad059b0565ef38860c0391aed706bf5c2d348d3e4ff6175298adf0ca289a0c2a6059a3563ffa80fbecb952689b6367f44bd9c9cd98f13c0fcdaad6538c9d67801b620b7aacd0622f9221a67aaf0ebd5283fbfbb0af908fe0a9fc80e04c9df3e80aedb76d8cdfa2bdcb885bc4bad946b321f60169630dfc6ffec99b65dc52c3603999af12a2e6502023d4b159d1f1a7e301a9dc376134c67c63e91aec58aea207c8bac6141383010a8aa5d7fa3e589d0be67c4fd891a1baa3e9422c6592156631a99d2d56d3d7cd06644c7f8e7fb8ab7eb24fc0bffca9e5795265133870d456b20c8f18469446d21ea6e46e1ef64cac766fed93b537d04a84f3a02212f5f38d385c4e623758f6b3d9d2411abee78188dff54e731fa61e53da0827e989d7bf26bed75082bbd1a3fc5471ec33591c9e0c7fd19b2d9536a82800c1e39aee102bf458f5a17e72e626ec70632208f5a39cd20a5bb8375ab023e5f778e5295c625c87b4289cdd7cb7b85e91f049f32ad06c7ccd5374199708f714bdba589ea447185336b5947f72adb4057d3b2933805a32cc4893b9ee5926e91870c1aa6846c69bfce350f08439378acccbc3b88d5d6843f8a0ebbb7408c20a119c56062ae4ab90e22d5e4f9f2156b19a3eccbfe4b7e4d386419c6a85a4267d3cf3b9b4aea6421e54d5e4a23469861d6f00fea7612038a4e248786b17970cbee73fe412aace3215fbb804012c8d01c813fa560e3569c8f44fefcd8ac04b47cc2254b9af946bc4b0bdc432075e5f4bc5c720606ef9896d9e1360d241d2aa13dfdc68236901a92650eb1ca3c93b89484f4dd1935d9d843d614ddc864d4bb0cbb5f11e2fce92d88ee8368f1fe6bd9d39e8a9f1fb0a83f06321a8a4e8b5db2d72df1af74ff1141bb4ec86ed26f6da499199e301671cb13a07af0c9f107f520863e9c3d318117cb01dc1c2e7aaaf248b298918baa26815175573fe70df4ca133d9b77b66b844a8c9eb5c3bf39e932900d874c7dd24a1dae5bde25404236fb8f23f531188f86815c10aa843cfeb3b7d388a869d50c87b0e7097fa01668fb0d9a59e5c89d2ea1993b9cedaacbaf34e8f2b2a1db961d5bc1ce926df11d22443e9be2ebc6c0d4c8273d78f3f35f98cead1941314d28691393e0424703f6013f2c75b09313f299573a76a5dc4402ffffa8876e0e5ee734c8187f7e5d2c74b0a378e735992d43181b5609377ba999a1ae88494b77f8fd36f4a8d7a5a17c83bcd830663bb8dc2b229e4845bbf99e070057b61acc17f239cd3834a20b9b16c5888449c10f1b99aa4e501fac165fc07f2309ef2483f405a36f52117205cffcc1eafd1f9e4bf1f70919fcbc48763ed38171dbcc968fc38597bb0bb6f792658298f77a83a21f7ed228235b34611fe1129099892d256b634c05cb22be87003d6e0e779c9949421a2f75f0b30c1c51c94dd525703fa11206b185d8b6766fbfdb78b9866774751353bba1f780090b88a090c7011c365307fb8eb38bd213a58bb0580d254028ef80150089c4b3fdf802289461412485c5d6868423dd0f693d01f400cc89b07919535c815d295f75fca0dd18acb5c26b4803b6d9d3a3fb72f3997c79a5724db33dc60d9d44982f3b6523b17ebfa332bd2523972be2321236df1f9d2fac2c1e815757c9dd746f5e52c707194de0021b3cdd4503f9b3e0282962822a3d88e4f7c5fbdfe306e8a0587f9a618937eec056d7f23cd69117b9c23cc37b91c8220dcf8da3c38172fa96cc4d72465ad45408651f1cbbbeaee999ee6fd5dc0faa04988faab36307a17e86e2eec0641d6be8b869e44be2d3a5d99c7205827490b05bcaef847c3d89bd1d0922421425829bb1a2b9f781fc60d18deb152e65eaade1d2fdfcac594938141e390d2f24500fed56c0dd13b197eaeb0d10759b0777a23efc5d4ebfdfaa9f23b2c4764b052bacbfaf0071a32bbb2ef39fb8ea2d076992fb3bf1f35e4d33c976ad9bcb39eae68ddc11741f66f46e133607582b107dac26a77fffd0a76db83789c53a6d89dcbb639f2eabd5a6f066b6b1113d88ddd125348efe837a027177724611cf373160de2cc3de366c411073d8e03ddd4830253bdd0cf4c6f0bc12ab1902b3b50208f7bc1a99c97ac3e95abab6ba4032cb6f590e5c205cd951262f385569fc39b89b85359c8fce0d87b32ea869aa10d09755f48f60de55e6d707303dd9dcbfd658bb7cc0481222369786143fc2207929c01ad57aa71b922c265b17ffcf88f4e920764d46fd3e7b5c2a2217bd953ddf40f8943062be1e64f2592756cbc760dbc11d92ecd0c577636d9df0d1e65c24fc693be50be0a365461774e7b67e76d0eb20c2f6b5a8f959fc5728476549c27d0280af70c59b3e9a02529d0fe70a6f9cfabb552313a54187e9a485957ef43c5a67d5a3aa8ad0bc2f29de24eff94ce813db70b3847eae3ee143c0efc206285146ea0d412acbdd58d2352ce9a9071e101d786d18ae53d6b99db0268415e0aad7fc34c6ece22794ebc6c5e7fc1a4124972b2a9e849376725b3c2278152f6c3232084924621b1eaf722474c6d2839311af524a685032b67dc74f9eabbdca4406cef09681121c360d896a1ff1c43b4995b2bdb7457732602f4efb23f84c4217d5adb821e258f5535df101d60a06de861e5e14c3c22fb8f84dcea7d6ced7a5092971a1fc4dc69f067d80214253f2192d5ba37a2d1eac500b8e7b5508ff0ff6e3174f03bb004e28e16389cc57f90382909d5ee0b70fb0d3c1d588945bdf664ea7d2f67cad6f565c9bb5e33ee53863643f1d17ef1fdd20a9d6378f6b309a8250aa284087ccc59ebaee11aa79d3371e3cf6d09ffee1b6472c1058ba6a465593de181b541875a47e965a797e389d80cef2ce17349c37a24fc89e8b341a729b8eec81f7d5a968b37c56b9ab0159bf9c7a87a6df7944d78056c3fa4a73515be108e3f66cf2ec2f9398766d9389bb158f68d0765e0882a6998a0ad851a652e5e3da1ef6ff4ff2ef83b4d041bc4fabd4741f7b7b6c3faaf2da7edd2befedc00f5dbe3487efc96fe55b172348592b238eaed508e2e30630775508425f4f90a358d9d90659f07c1ca4ee3981cab2a90e822e5b26f5b39f44eddc779c6fdea10428821b1b4026da3e21afa3e0367ff3ed87b506bc1a6e32d13dcb01432c612d46ab8228354a9c4213595ac22c8a7a9cd683a48139cf21f82ba88fbc5463e76ba7d1fb7e8386b84da17f91270cc74ff3bcbce3647ae987b84ed3cbc8913c9c0167dc22154ce60b729b72da4dda995aba5df9978a8739690bb11a1b38fb04f78d451aaf5e81b0f825645119aa22a1521da97d458a100107896b594841eb4d263139e19aa4497a4e5a3d48927bb19ec4176c3ae1fe1c428e2a7a9074172b439df87123eaa48caead7588cf55f59c8c9d146187e2e05146364113d7358dcda10fa8cacf4b791a0eb1d39db289713f50e8bab0941c14229b0bad34621b2199b119aecd07ce7172fca36bc02645d1caf961e0770f2f60a1399f3a9e0051689c2e0427c9bb5f5a10e68b0f2e1f046a08c1ad826f9a9e9c5591ee16703206aacdba06cfa5d5929b65501e24b42bf6b79eb7ecb3c2a0d57e0e21e49904b02f65e8e24fe44e9b23320c4cdf0365be2a2864461fdae69f3f87556afdfb91789284231129c6eaf87be734b079f1d776b8d6260caf70607c38ec55514ff6071a9945bb7b5bbd64fe1024a32b551fff0fd7de9c65cb5eceb9af8c7360aeea91e0975b1a3cd2df8a07c8ce7f131837932d0ccad0d744f7b80e9e724a6b27f14c092519f0e700ee704290c5d7bd382371a670acfa612acabe59381bef7817337a363d944a90f73b9f936f3b0b22ebfe9cb817eb625501c48242274aedde3c4e5d9ba522fcbae721efd5cd64e891020e1ffa1875b1f55928b57891683df3ecbc87842847ca585251db4973a4f6450d0aba5e6b877580641552d430b99018ef621190a293277d58f0dc45bcf0be34fc22bbb4530f9b68d53d6c03a2df4c7b7fb14131bf6e55c574668669c774d1f1ac1154ec3bbf0e9daeff498f79b4b655a8a49967330d390d7756415cfbbc720e9ef0769841a60d0a6e187a48638a0e2ae4a4f3cad8691a3866333af0cffc727ed2495c6c2d72f474f730d821914f07e81ec952ae6507cfc7648a11676c1f2343918b4366b347ba4305a96bb5cda0c7de47a37cb9e85cf9219363ac58fe81953dd3557c0cb2ef320fa8637581928b7e994d658f11cf432eff4e72e76de6b3f89b53c41db39142af9ace48a9d2b61faa1ed316e55588e516c09e24f701f1ab76efc78a6f10f56897b21202e6f75e954002f2426cd57f05398e2e321c2046a3b63484b08957626d8d885dcf000ba65e295d6f9a230c1df03d9f8f9ff8cb5eb2c5d88aadd1469bc8300248e40024061d06bf081c435a96097a156d54d5dc2adf05d57a5cd0901fd1c425c13af616da0ade57a7a3a0a5fd29885deebcb39d7a6fd7ee2e49621ef23caf3a124dd37a7725666f7964c1eff150831e3be2285309c6ff80daf6400b858b147e38c4074a53c170723999a6ddac6fc2160069a77cda70cc1cfd46b3549884c1c57f611d5ce471e2432865351368cc2c05ee326b3d4f119f97d0e0939cdca01a73f6078085e0311f208da0cd42cc8129b0893e8a39978ddde24144bd56018247408b5c7e301ce0248e2241c0aca440f98fedb196553369b82b008ffa84c1e15b3a53b175446b3482f282e24c2e7a5f2774a94da4cd6f8ef02c6c8e943b82cee597c7451789339ca6b2951231fa8d65", 0xd6d}], 0x6)

10.206336935s ago: executing program 3 (id=763):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async, rerun: 64)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="5a10727e6c14a520f0e40c28eb7500000000000000"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000080000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000821400009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) (async)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000140)={r7, @in6={{0xa, 0x0, 0x0, @empty}}}, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r8, &(0x7f0000000080)="7b934a23d1dda2c1", 0x8, 0x0, &(0x7f0000000340)={0x2, 0x0, @empty}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001800dd8d000000000000000002000000000000060000000006001500010000001800168014000100000000000000000000003000000011"], 0x3c}}, 0x0) (async, rerun: 32)
setsockopt$inet_int(r8, 0x0, 0x6, 0x0, 0x0) (rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r10=>0x0, 0x1, 0x700, 0x91ad, 0x2, {{0x13, 0x4, 0x3, 0x36, 0x4c, 0x65, 0xffff, 0x9, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, {[@timestamp_prespec={0x44, 0x1c, 0x87, 0x3, 0x4, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x10000}, {@broadcast, 0x20}, {@broadcast, 0x3ff}]}, @ssrr={0x89, 0x1b, 0x9c, [@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x14}, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @rand_addr=0x64010100]}]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000030000007f0000000200000088000000", @ANYRES32, @ANYBLOB="ce910000fffb4dfd1b00000000000000030010008b94d613d8369f19e15cc96b940760a361eeca66af7c69a9d9e6a4daee07526f2e34ffc58f05a4293aa872d7a2bd0644", @ANYRES32=r10, @ANYRES32, @ANYBLOB="0400000000000000000000000900"/28], 0x50) (async, rerun: 64)
r11 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000001800dd8d00000000000000000200000000000006000000000600150006000000100016800c0002"], 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x0)

9.67881778s ago: executing program 3 (id=764):
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000850000007b000000180100002020752500000000002023c4a3cb50770d0ac11e7ad8d9979520207b010072000000000000f8ffffffb702000008000000b703000000000000000000000600000095000000e800"/105], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x2, 0x0, @local, 0xa}, 0x1c)
socket(0x2, 0x2, 0x1)
bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x6e)
r4 = syz_open_procfs(0x0, 0x0)
preadv(r4, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0xa3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b0400000000000000000200000038000480340001800b0001006e756d67656e00002400028008000440000000000800014000000008080002400000000608000340000000010900010073797a30000000000900020073797a320000002014000000110001"], 0x8c}}, 0x0)
r6 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fspick(r7, &(0x7f0000000000)='.\x00', 0x0)
syz_usb_connect(0x4, 0x210, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3d173085e040f04cee8010203010902fe0101000000020904b5000ee84ffc0009050e03100006e109072501010604000725018015070009050500400005ff0509050900000207dee107250180970900090507100002020ca3072501030bf9ff09050010ff036002030905040c08000c0a0607250102050104090506"], 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00199c0879fc91f6859b566cde0f281bd2ca12105afac4ffb7f72487d07689c05de73c4c7940fd0b2b2a3157d3b9a4c04c6e4ec910"])
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=""/107)
creat(0x0, 0x0)

6.142482544s ago: executing program 3 (id=765):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe2$9p(&(0x7f0000000000), 0x80)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
accept4(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_NF_CALL_IP6TABLES={0x5, 0x25, 0x1}]}}}]}, 0x44}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='net/rpc\x00')
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r3, @ANYRESHEX=r3], 0x20)

6.057373195s ago: executing program 2 (id=766):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat(0xffffffffffffffff, 0x0, 0x143040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="240000005800410f9c00f4f90085b3a85c91fddf080001000501009f0800028001000000", 0x24)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe2, 0x0) (fail_nth: 3)

5.612596479s ago: executing program 1 (id=767):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0)

4.87575201s ago: executing program 2 (id=768):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat(0xffffffffffffffff, 0x0, 0x143040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="240000005800410f9c00f4f90085b3a85c91fddf080001000501009f0800028001000000", 0x24)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe2, 0x0)

4.453461949s ago: executing program 1 (id=769):
r0 = mq_open(&(0x7f0000000200)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xeb\xc7-\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x41, 0x0, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x1, 0x1, {0xe, 0x39, 0x14, 0x1b, 0x2, 0x81, 0x4, 0x14b}}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000240)=@FILEID_UDF_WITH_PARENT={0x14}, &(0x7f0000000280), 0x0) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) (async)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) (async)
setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000140)=0x400, 0x4) (async)
sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) (async)
sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) (async)
r3 = dup(r2)
recvfrom$inet(r3, 0x0, 0x0, 0x2002, 0x0, 0x0)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x10, r0, 0x0)

3.918437078s ago: executing program 1 (id=770):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)="c238b735f8f9a247d018423f4fd1ad9aa85997f34b56", 0x16}, {&(0x7f00000002c0)="86b9fc52cc7d", 0x6}, {&(0x7f0000000500)="ab578ad83cd8c6a2a12c645474886bf481e42edc0e954c5f2d", 0x19}], 0x3}, 0x1)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r1, 0x0)
r2 = dup3(r1, r0, 0x0)
recvmmsg(r2, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0x500, 0x0)
read$FUSE(r2, &(0x7f0000019500)={0x2020}, 0x2020)

3.711758242s ago: executing program 1 (id=771):
socket$inet_dccp(0x2, 0x6, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x60)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = gettid()
r2 = getpid()
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000580)={0x0, 0x1, 0x0, &(0x7f0000000100)=""/47, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000001c0)=""/70, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000016c0))
ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af00, &(0x7f00000000c0))
r4 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000180)=r4)
dup(r0)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000040)=0x1)
socket$pppoe(0x18, 0x1, 0x0)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000380)={0x0, r4})
r5 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x0, 0x11, r5, 0x81000000)
r6 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x44040, &(0x7f00000002c0)={0xa, 0x4e20, 0x800000, @local, 0x2}, 0x1c)
kcmp(r1, r2, 0x3, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000002140)={'ip6gre0\x00', &(0x7f00000020c0)={'syztnl0\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @private1, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}})
r7 = socket$inet(0x2, 0x3, 0x4)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120102030109021b000100004302852dc89a87260200000009da858115ff1ddc4c"], 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40142, 0x0)
setsockopt$inet_msfilter(r7, 0x0, 0x23, 0x0, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

3.708528314s ago: executing program 2 (id=779):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)="c238b735f8f9a247d018423f4fd1ad9aa85997f34b56", 0x16}, {&(0x7f00000002c0)="86b9fc52cc7d", 0x6}, {0x0}], 0x3}, 0x1)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r1, 0x0)
r2 = dup3(r1, r0, 0x0)
recvmmsg(r2, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0x500, 0x0)
read$FUSE(r2, &(0x7f0000019500)={0x2020}, 0x2020)

3.011559694s ago: executing program 3 (id=772):
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000007c0)=0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x18)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f78790000000004000280"], 0xcc}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000480)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0xc2, 0x1, 0x0, 0x0, {[@window={0x3, 0x3, 0x9}, @mptcp=@synack={0x1e, 0x10, 0x1, 0x2, 0xa, 0x7, 0xe3}]}}}}}}}, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x400, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e6430"], 0x4b0}, 0x1, 0x0, 0x0, 0x44}, 0x0)
write$binfmt_elf32(r5, 0x0, 0x0)
close(r2)
getrlimit(0x2, &(0x7f0000000140))
execve(0x0, 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x90)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)

3.010712906s ago: executing program 2 (id=781):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r0 = syz_open_dev$vbi(0x0, 0x3, 0x2)
r1 = gettid()
setrlimit(0xb, &(0x7f0000000100))
r2 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8)
readv(r2, &(0x7f0000000340)=[{&(0x7f0000006a40)=""/161, 0xa1}], 0x1)
tkill(r1, 0xb)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x20010, 0xffffffffffffffff, 0xffffc000)
syz_emit_ethernet(0x3e, &(0x7f0000000240)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x8, 0x2c, 0x0, @dev, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x0, 0x13}}}}}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
lsetxattr$system_posix_acl(&(0x7f0000003340)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="020000"], 0x24, 0x0) (fail_nth: 3)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24044000}, 0x8810)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0x2)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x40045431, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x4000004e)

2.380389176s ago: executing program 1 (id=773):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000090a000000000000000000000000000008000a40000000000900020073797a30"], 0x50}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x2, 0xb0, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @lsrr={0x83, 0x3, 0xdc}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
r4 = dup(r2)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)

2.195196687s ago: executing program 2 (id=774):
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x15, 0xea, 0xae, 0x20, 0x5da, 0xb6, 0xcdb7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbf, 0x46, 0x35}}]}}]}}, 0x0)
statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/187)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x6d0e4d1ae2da54ba, &(0x7f0000000180)={@private, @loopback, <r0=>0x0}, &(0x7f00000001c0)=0xc)
bind$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x15, r0, 0x1, 0x0, 0x6, @local}, 0x14)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
sendfile(r2, r3, 0x0, 0x6)
io_uring_enter(r3, 0x5c51, 0xdace, 0x10, &(0x7f00000002c0)={[0x63]}, 0x8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r5, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
connect$llc(r5, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
r6 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r6, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
timerfd_settime(r3, 0x1, &(0x7f00000003c0)={{0x77359400}}, &(0x7f0000000400))
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x600})
socket$packet(0x11, 0x2, 0x300)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000000000002eeed88696", @ANYRES32], 0x20}}, 0x8080)
socket$inet6_udp(0xa, 0x2, 0x0)

1.493975736s ago: executing program 1 (id=775):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000340)=""/186, 0xba}], 0x1, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)

636.618525ms ago: executing program 2 (id=776):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x22043, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000170101c0"])
ioctl$TCFLSH(r0, 0x800455c9, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x4000010, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f0000006800)=[{{&(0x7f0000000240)=@un=@abs, 0x80, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/137, 0x89}], 0x1, &(0x7f0000000400)=""/169, 0xa9}, 0xffffa306}, {{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000580)=""/28, 0x1c}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f0000000680)=""/15, 0xf}, {&(0x7f00000006c0)=""/80, 0x50}, {&(0x7f0000000740)=""/114, 0x72}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/79, 0x4f}, {&(0x7f0000001840)}, {&(0x7f0000001880)=""/176, 0xb0}, {&(0x7f0000001940)=""/125, 0x7d}], 0xa, &(0x7f0000001a80)=""/134, 0x86}, 0xd6}, {{&(0x7f0000001b40)=@can, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001bc0)=""/27, 0x1b}, {&(0x7f0000001c00)=""/116, 0x74}, {&(0x7f0000001c80)=""/181, 0xb5}], 0x3, &(0x7f0000001d80)=""/1, 0x1}, 0x8b}, {{&(0x7f0000001dc0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f00000023c0)=[{&(0x7f0000001e40)=""/6, 0x6}, {&(0x7f0000001e80)=""/218, 0xda}, {&(0x7f0000001f80)=""/96, 0x60}, {&(0x7f0000002000)=""/60, 0x3c}, {&(0x7f0000002040)=""/164, 0xa4}, {&(0x7f0000002100)=""/254, 0xfe}, {&(0x7f0000002200)=""/159, 0x9f}, {&(0x7f00000022c0)=""/16, 0x10}, {&(0x7f0000002300)=""/103, 0x67}, {&(0x7f0000002380)=""/34, 0x22}], 0xa, &(0x7f0000002480)=""/227, 0xe3}, 0x9}, {{&(0x7f0000002580)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000002780)=[{&(0x7f0000002600)=""/104, 0x68}, {&(0x7f0000002680)=""/120, 0x78}, {&(0x7f0000002700)=""/128, 0x80}], 0x3, &(0x7f00000027c0)=""/16, 0x10}, 0x2}, {{&(0x7f0000002800)=@caif, 0x80, &(0x7f0000002980)=[{&(0x7f0000002880)=""/228, 0xe4}], 0x1, &(0x7f00000029c0)=""/254, 0xfe}, 0x9}, {{&(0x7f0000002ac0)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000002b40)=""/17, 0x11}, {&(0x7f0000002b80)=""/182, 0xb6}, {&(0x7f0000002c40)=""/197, 0xc5}, {&(0x7f0000002d40)=""/13, 0xd}], 0x4, &(0x7f0000004800)=""/4096, 0x1000}, 0xa}, {{&(0x7f0000002dc0)=@rc={0x1f, @none}, 0x80, &(0x7f0000003300)=[{&(0x7f0000002e40)=""/177, 0xb1}, {&(0x7f0000002f00)=""/248, 0xf8}, {&(0x7f0000003000)=""/200, 0xc8}, {&(0x7f0000003100)=""/85, 0x55}, {&(0x7f0000003180)=""/125, 0x7d}, {&(0x7f0000003200)=""/195, 0xc3}], 0x6, &(0x7f0000003380)=""/102, 0x66}, 0x13}, {{&(0x7f0000003400)=@caif=@rfm, 0x80, &(0x7f0000003540)=[{&(0x7f0000003480)=""/171, 0xab}, {&(0x7f0000005800)=""/4096, 0x1000}], 0x2, &(0x7f0000003580)=""/63, 0x3f}, 0x5}, {{&(0x7f00000035c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000003700)=[{&(0x7f0000003640)=""/172, 0xac}], 0x1, &(0x7f0000003740)=""/252, 0xfc}, 0x2}], 0xa, 0x2, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000f5dfe4)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff})
connect$unix(r11, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r12, &(0x7f0000000000), 0x651, 0x0)

523.3369ms ago: executing program 3 (id=777):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@deltclass={0x24, 0x29, 0x300, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0x7}, {0x4, 0xd}, {0x1, 0xa}}}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2, 0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x1, 0x0, 0xa3cc}, 'p'}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x800}}]}]}}]}, 0x54}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 2)

0s ago: executing program 3 (id=778):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@deltclass={0x24, 0x29, 0x300, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0x7}, {0x4, 0xd}, {0x1, 0xa}}}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2, 0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x1, 0x0, 0xa3cc}, 'p'}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x800}}]}]}}]}, 0x54}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  225.001564][   T12] veth0_vlan: left promiscuous mode
[  225.009185][ T5308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.035599][ T5308] usb 5-1: config 0 descriptor??
[  225.092537][ T7385] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  225.109456][ T5308] hub 5-1:0.0: USB hub found
[  225.848772][ T7412] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  226.027706][ T5239] Bluetooth: hci2: command tx timeout
[  228.097516][ T5239] Bluetooth: hci2: command tx timeout
[  228.497791][ T5239] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  228.513249][ T5239] Bluetooth: hci0: Injecting HCI hardware error event
[  228.530323][ T5239] Bluetooth: hci0: hardware error 0x00
[  228.923579][ T5308] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  230.328217][   T54] Bluetooth: hci2: command tx timeout
[  230.329203][ T5308] usbhid 5-1:0.0: can't add hid device: -71
[  230.357809][ T5308] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  230.401704][ T5308] usb 5-1: USB disconnect, device number 6
[  231.993809][ T7443] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  232.099265][   T12] team0 (unregistering): Port device team_slave_1 removed
[  232.149049][   T12] team0 (unregistering): Port device team_slave_0 removed
[  232.336672][ T5239] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  232.540769][ T7410] netlink: 'syz.1.537': attribute type 1 has an invalid length.
[  232.549148][ T7410] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  232.596976][ T7415] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  232.611426][ T7415] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  232.617603][ T7415] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  232.623638][ T7415] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  232.629660][ T7415] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  232.631286][ T7309] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  232.644959][ T7415] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  232.702586][ T7309] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  232.776944][ T7309] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  232.828413][ T7309] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  233.180421][ T7456] netlink: 'syz.3.545': attribute type 1 has an invalid length.
[  233.237504][ T7456] netlink: 'syz.3.545': attribute type 3 has an invalid length.
[  233.237575][ T7463] netlink: 28 bytes leftover after parsing attributes in process `syz.3.545'.
[  233.245167][ T7456] netlink: 224 bytes leftover after parsing attributes in process `syz.3.545'.
[  233.245191][ T7456] NCSI netlink: No device for ifindex 0
[  233.287610][ T7463] netlink: 28 bytes leftover after parsing attributes in process `syz.3.545'.
[  233.298288][ T7463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.545'.
[  233.422261][ T7309] 8021q: adding VLAN 0 to HW filter on device bond0
[  233.659428][ T7309] 8021q: adding VLAN 0 to HW filter on device team0
[  233.674677][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.681878][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.711521][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.718718][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.871311][ T7309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  234.005991][ T7490] ptrace attach of "./syz-executor exec"[5230] was attempted by "                                                                %"[7490]
[  234.213811][ T7309] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.310801][ T7309] veth0_vlan: entered promiscuous mode
[  234.371763][   T54] Bluetooth: hci4: unexpected event for opcode 0x203d
[  234.420056][ T7309] veth1_vlan: entered promiscuous mode
[  234.445153][ T7309] veth0_macvtap: entered promiscuous mode
[  234.458053][ T7309] veth1_macvtap: entered promiscuous mode
[  234.492900][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.568504][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.611173][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.666501][   T54] Bluetooth: hci3: command 0x0c1a tx timeout
[  234.669689][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.672575][ T5239] Bluetooth: hci2: command 0x0c1a tx timeout
[  234.685197][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.688532][ T4616] Bluetooth: hci1: command 0x041b tx timeout
[  234.703938][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.715301][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.770134][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.781929][ T7309] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.800529][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.836004][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.850086][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.861005][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.879860][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.890954][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.925651][ T7309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.945060][ T7309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.957998][ T7309] batman_adv: batadv0: Interface activated: batadv_slave_1
[  234.975459][ T7309] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.984714][ T7309] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.998992][ T7309] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.033403][ T7309] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.234002][ T1056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.257652][ T1056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.321712][ T7516] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  235.323322][ T2561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.346689][ T7516] kvm: pic: non byte read
[  235.352837][ T7516] kvm: pic: level sensitive irq not supported
[  235.352985][ T7516] kvm: pic: non byte read
[  235.355821][ T2561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.366121][ T7516] kvm: pic: level sensitive irq not supported
[  235.374547][ T7516] kvm: pic: non byte read
[  235.527642][ T5308] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  235.778552][ T5308] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 26
[  235.843649][ T5308] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  235.860004][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  235.872086][ T5308] usb 2-1: SerialNumber: syz
[  236.510433][ T5308] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  236.790019][ T5239] Bluetooth: hci2: command 0x0c1a tx timeout
[  237.191451][ T5274] usb 2-1: USB disconnect, device number 19
[  237.223861][ T5274] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  237.524832][ T7552] FAULT_INJECTION: forcing a failure.
[  237.524832][ T7552] name failslab, interval 1, probability 0, space 0, times 0
[  237.544137][ T7552] CPU: 1 UID: 0 PID: 7552 Comm: syz.4.566 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  237.554510][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  237.564567][ T7552] Call Trace:
[  237.567845][ T7552]  <TASK>
[  237.570777][ T7552]  dump_stack_lvl+0x241/0x360
[  237.575471][ T7552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.580673][ T7552]  ? __pfx__printk+0x10/0x10
[  237.585268][ T7552]  ? __kmalloc_noprof+0xb0/0x400
[  237.590201][ T7552]  ? __pfx___might_resched+0x10/0x10
[  237.595486][ T7552]  should_fail_ex+0x3b0/0x4e0
[  237.600163][ T7552]  ? kstrdup_quotable+0x1b0/0x5e0
[  237.605193][ T7552]  should_failslab+0xac/0x100
[  237.609876][ T7552]  ? kstrdup_quotable+0x1b0/0x5e0
[  237.614899][ T7552]  __kmalloc_noprof+0xd8/0x400
[  237.619660][ T7552]  kstrdup_quotable+0x1b0/0x5e0
[  237.624508][ T7552]  ? __pfx_kstrdup_quotable+0x10/0x10
[  237.629874][ T7552]  ? do_jit+0xbf22/0xf390
[  237.634197][ T7552]  ? get_cmdline+0x25e/0x290
[  237.638786][ T7552]  kstrdup_quotable_cmdline+0x2cf/0x340
[  237.644331][ T7552]  __report_access+0x4c/0x390
[  237.648999][ T7552]  ? _raw_spin_unlock_irq+0x23/0x50
[  237.654195][ T7552]  ? lockdep_hardirqs_on+0x99/0x150
[  237.659388][ T7552]  task_work_run+0x24f/0x310
[  237.663974][ T7552]  ? __pfx_task_work_run+0x10/0x10
[  237.669078][ T7552]  ? syscall_exit_to_user_mode+0xa3/0x370
[  237.674796][ T7552]  syscall_exit_to_user_mode+0x168/0x370
[  237.680428][ T7552]  do_syscall_64+0x100/0x230
[  237.685015][ T7552]  ? clear_bhb_loop+0x35/0x90
[  237.689688][ T7552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.695580][ T7552] RIP: 0033:0x7fbe4757def9
[  237.699989][ T7552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.719592][ T7552] RSP: 002b:00007fbe482a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  237.728004][ T7552] RAX: ffffffffffffffff RBX: 00007fbe47735f80 RCX: 00007fbe4757def9
[  237.735965][ T7552] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206
[  237.743927][ T7552] RBP: 00007fbe482a0090 R08: 0000000000000000 R09: 0000000000000000
[  237.751887][ T7552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.759848][ T7552] R13: 0000000000000000 R14: 00007fbe47735f80 R15: 00007ffe7b2df098
[  237.767822][ T7552]  </TASK>
[  237.806920][ T7552] ptrace attach of "(null)"[5224] was attempted by "                                                                %"[7552]
[  238.417586][ T5239] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  238.427443][ T5239] Bluetooth: hci4: Injecting HCI hardware error event
[  238.437352][ T5239] Bluetooth: hci4: hardware error 0x00
[  238.906745][ T4616] Bluetooth: hci2: command 0x0c1a tx timeout
[  239.186734][ T5308] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  239.266120][ T7584] tty tty4: ldisc open failed (-12), clearing slot 3
[  239.307550][ T7589] xt_hashlimit: size too large, truncated to 1048576
[  240.088378][ T5308] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  240.101096][ T5308] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  240.216887][ T5308] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  240.281937][ T5308] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  240.396872][ T7603] FAULT_INJECTION: forcing a failure.
[  240.396872][ T7603] name failslab, interval 1, probability 0, space 0, times 0
[  240.409638][ T7603] CPU: 1 UID: 0 PID: 7603 Comm: syz.3.578 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  240.419897][ T7603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  240.429976][ T7603] Call Trace:
[  240.433270][ T7603]  <TASK>
[  240.436239][ T7603]  dump_stack_lvl+0x241/0x360
[  240.440939][ T7603]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.446152][ T7603]  ? __pfx__printk+0x10/0x10
[  240.450763][ T7603]  ? fs_reclaim_acquire+0x93/0x140
[  240.455893][ T7603]  ? __pfx___might_resched+0x10/0x10
[  240.461201][ T7603]  should_fail_ex+0x3b0/0x4e0
[  240.465900][ T7603]  ? tomoyo_encode+0x26f/0x540
[  240.470676][ T7603]  should_failslab+0xac/0x100
[  240.475376][ T7603]  ? tomoyo_encode+0x26f/0x540
[  240.480159][ T7603]  __kmalloc_noprof+0xd8/0x400
[  240.484942][ T7603]  tomoyo_encode+0x26f/0x540
[  240.489552][ T7603]  tomoyo_realpath_from_path+0x59e/0x5e0
[  240.495214][ T7603]  tomoyo_path_number_perm+0x23a/0x880
[  240.500699][ T7603]  ? tomoyo_path_number_perm+0x208/0x880
[  240.506347][ T7603]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  240.512378][ T7603]  ? __fget_files+0x29/0x470
[  240.516987][ T7603]  ? __fget_files+0x3f3/0x470
[  240.521685][ T7603]  security_file_ioctl+0xc6/0x2a0
[  240.526724][ T7603]  __se_sys_ioctl+0x47/0x170
[  240.531326][ T7603]  do_syscall_64+0xf3/0x230
[  240.535844][ T7603]  ? clear_bhb_loop+0x35/0x90
[  240.540534][ T7603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.546448][ T7603] RIP: 0033:0x7f4dfd17def9
[  240.550877][ T7603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.570495][ T7603] RSP: 002b:00007f4dfdeb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  240.578925][ T7603] RAX: ffffffffffffffda RBX: 00007f4dfd336130 RCX: 00007f4dfd17def9
[  240.586910][ T7603] RDX: 0000000020000240 RSI: 0000000040305829 RDI: 0000000000000009
[  240.594888][ T7603] RBP: 00007f4dfdeb0090 R08: 0000000000000000 R09: 0000000000000000
[  240.602867][ T7603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.610846][ T7603] R13: 0000000000000000 R14: 00007f4dfd336130 R15: 00007ffc9a010698
[  240.618845][ T7603]  </TASK>
[  240.623077][ T7603] ERROR: Out of memory at tomoyo_realpath_from_path.
[  240.638618][ T5239] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  240.679751][ T5308] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  240.690241][ T5308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.752097][ T5308] usb 5-1: config 0 descriptor??
[  241.413451][ T5308] usbhid 5-1:0.0: can't add hid device: -71
[  241.440705][ T5308] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  241.467259][ T5308] usb 5-1: USB disconnect, device number 7
[  241.718417][   T47] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  241.897142][   T47] usb 3-1: Using ep0 maxpacket: 8
[  241.912214][   T47] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  241.937532][   T47] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  241.991661][   T47] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  242.013742][   T47] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  242.040443][   T47] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  242.061338][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.106448][ T7624] veth0_to_bridge: entered promiscuous mode
[  242.162380][ T7623] veth0_to_bridge: left promiscuous mode
[  242.300370][   T47] usb 3-1: GET_CAPABILITIES returned 0
[  242.305908][   T47] usbtmc 3-1:16.0: can't read capabilities
[  242.528146][ T7617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.780437][ T7617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.137811][ T7636] FAULT_INJECTION: forcing a failure.
[  243.137811][ T7636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.189508][ T7636] CPU: 1 UID: 0 PID: 7636 Comm: syz.3.591 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  243.199853][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  243.209931][ T7636] Call Trace:
[  243.213218][ T7636]  <TASK>
[  243.216164][ T7636]  dump_stack_lvl+0x241/0x360
[  243.220875][ T7636]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.226105][ T7636]  ? __pfx__printk+0x10/0x10
[  243.230722][ T7636]  ? __pfx_lock_release+0x10/0x10
[  243.235773][ T7636]  should_fail_ex+0x3b0/0x4e0
[  243.240468][ T7636]  _copy_from_iter+0x1ed/0x1d60
[  243.245337][ T7636]  ? __virt_addr_valid+0x183/0x530
[  243.250455][ T7636]  ? __pfx_lock_release+0x10/0x10
[  243.255488][ T7636]  ? __alloc_skb+0x28f/0x440
[  243.260086][ T7636]  ? __pfx__copy_from_iter+0x10/0x10
[  243.265378][ T7636]  ? __virt_addr_valid+0x183/0x530
[  243.270489][ T7636]  ? __virt_addr_valid+0x183/0x530
[  243.276117][ T7636]  ? __virt_addr_valid+0x45f/0x530
[  243.281225][ T7636]  ? __check_object_size+0x49c/0x900
[  243.286518][ T7636]  netlink_sendmsg+0x73d/0xcb0
[  243.291291][ T7636]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.296576][ T7636]  ? _parse_integer_limit+0x1b5/0x200
[  243.301946][ T7636]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.307236][ T7636]  __sock_sendmsg+0x221/0x270
[  243.311912][ T7636]  sock_write_iter+0x2d7/0x3f0
[  243.316670][ T7636]  ? __pfx_sock_write_iter+0x10/0x10
[  243.321963][ T7636]  do_iter_readv_writev+0x608/0x890
[  243.327164][ T7636]  ? mark_lock+0x9a/0x360
[  243.331486][ T7636]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  243.337203][ T7636]  ? bpf_lsm_file_permission+0x9/0x10
[  243.342569][ T7636]  ? security_file_permission+0x74/0x280
[  243.348205][ T7636]  ? rw_verify_area+0x1c3/0x6f0
[  243.353055][ T7636]  vfs_writev+0x376/0xba0
[  243.357393][ T7636]  ? __pfx_vfs_writev+0x10/0x10
[  243.362239][ T7636]  ? vfs_write+0x7bf/0xc90
[  243.366665][ T7636]  ? __fdget_pos+0x19a/0x320
[  243.371252][ T7636]  do_writev+0x1b1/0x350
[  243.375495][ T7636]  ? __pfx_do_writev+0x10/0x10
[  243.380255][ T7636]  ? do_syscall_64+0x100/0x230
[  243.385022][ T7636]  ? do_syscall_64+0xb6/0x230
[  243.389698][ T7636]  do_syscall_64+0xf3/0x230
[  243.394199][ T7636]  ? clear_bhb_loop+0x35/0x90
[  243.398875][ T7636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.404767][ T7636] RIP: 0033:0x7f4dfd17def9
[  243.409181][ T7636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.428787][ T7636] RSP: 002b:00007f4dfdeb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  243.437219][ T7636] RAX: ffffffffffffffda RBX: 00007f4dfd336130 RCX: 00007f4dfd17def9
[  243.445207][ T7636] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000004
[  243.453184][ T7636] RBP: 00007f4dfdeb0090 R08: 0000000000000000 R09: 0000000000000000
[  243.461153][ T7636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.469123][ T7636] R13: 0000000000000000 R14: 00007f4dfd336130 R15: 00007ffc9a010698
[  243.477099][ T7636]  </TASK>
[  244.241856][ T7643] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.593'.
[  244.252033][ T7643] openvswitch: netlink: Multiple metadata blocks provided
[  244.440274][ T7643] netlink: 32 bytes leftover after parsing attributes in process `syz.3.593'.
[  244.647707][   T29] audit: type=1326 audit(1726737025.091:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.699153][   T29] audit: type=1326 audit(1726737025.091:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.736670][ T7617] coredump: 19(syz.2.584): interrupted: fatal signal pending
[  244.755286][ T7640] syz.4.592 (7640) used greatest stack depth: 18832 bytes left
[  244.763671][ T7617] coredump: 19(syz.2.584): written to core: VMAs: 33, size 97345536; core: 26479186 bytes, pos 47030272
[  244.777805][   T29] audit: type=1326 audit(1726737025.091:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.858914][   T29] audit: type=1326 audit(1726737025.091:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.916955][ T5275] usb 3-1: USB disconnect, device number 14
[  244.926405][   T29] audit: type=1326 audit(1726737025.091:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.952366][   T29] audit: type=1326 audit(1726737025.091:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  244.985635][   T29] audit: type=1326 audit(1726737025.091:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  245.014587][   T29] audit: type=1326 audit(1726737025.091:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7637 comm="syz.4.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7ffc0000
[  248.667476][ T7677] coredump: 486(syz.4.602): written to core: VMAs: 37, size 99647488; core: 73876634 bytes, pos 99655680
[  249.924827][   T47] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  249.964419][ T4616] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  249.975186][ T4616] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  250.108425][   T47] usb 4-1: Using ep0 maxpacket: 16
[  250.128189][ T4616] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  250.143564][ T4616] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  250.155199][ T4616] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  250.165214][ T4616] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  250.441125][   T47] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  250.644124][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.653896][   T47] usb 4-1: Product: syz
[  250.658693][   T47] usb 4-1: Manufacturer: syz
[  250.663314][   T47] usb 4-1: SerialNumber: syz
[  250.670807][   T47] usb 4-1: config 0 descriptor??
[  250.694953][   T47] visor 4-1:0.0: Sony Clie 3.5 converter detected
[  250.881791][   T47] usb 4-1: clie_3_5_startup: get config number bad return length: 0
[  250.890180][   T47] visor 4-1:0.0: probe with driver visor failed with error -5
[  251.994679][ T7712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.071627][ T7712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.101135][ T7720] xt_hashlimit: size too large, truncated to 1048576
[  252.259095][ T4616] Bluetooth: hci5: command tx timeout
[  252.273584][ T1056] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.306564][ T7692] chnl_net:caif_netlink_parms(): no params data found
[  252.486513][ T1056] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.313672][ T1056] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.543560][ T5308] usb 4-1: USB disconnect, device number 23
[  253.562356][ T7744] xt_hashlimit: size too large, truncated to 1048576
[  253.657490][ T1056] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.830077][ T7692] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.864397][ T7692] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.896554][ T7692] bridge_slave_0: entered allmulticast mode
[  253.928750][ T7692] bridge_slave_0: entered promiscuous mode
[  253.967684][ T7692] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.002618][ T7692] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.027991][ T7692] bridge_slave_1: entered allmulticast mode
[  254.057575][ T7692] bridge_slave_1: entered promiscuous mode
[  254.175412][ T7692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  254.213673][ T7692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  254.339031][ T4616] Bluetooth: hci5: command tx timeout
[  254.479754][ T7692] team0: Port device team_slave_0 added
[  254.515363][ T7692] team0: Port device team_slave_1 added
[  254.848784][ T7692] batman_adv: batadv0: Adding interface: batadv_slave_0
[  254.909476][ T7692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  255.013500][ T7692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  255.056133][ T1056] bridge_slave_1: left allmulticast mode
[  255.125400][ T1056] bridge_slave_1: left promiscuous mode
[  255.164535][ T1056] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.216397][ T1056] bridge_slave_0: left allmulticast mode
[  255.225997][ T1056] bridge_slave_0: left promiscuous mode
[  255.252089][ T1056] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.870647][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[  255.877229][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[  256.452029][ T4616] Bluetooth: hci5: command tx timeout
[  257.641031][ T1056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  257.710617][ T1056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  257.729663][ T1056] bond0 (unregistering): Released all slaves
[  257.768415][ T7692] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.798938][ T7692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.886822][ T7692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.499091][ T4616] Bluetooth: hci5: command tx timeout
[  259.124885][ T7692] hsr_slave_0: entered promiscuous mode
[  259.205512][ T7692] hsr_slave_1: entered promiscuous mode
[  259.282059][ T7692] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  259.308491][ T7692] Cannot create hsr debugfs directory
[  259.560315][ T1056] hsr_slave_0: left promiscuous mode
[  259.606343][ T1056] hsr_slave_1: left promiscuous mode
[  259.625010][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.655603][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.691767][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.709374][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.773445][ T1056] veth1_macvtap: left promiscuous mode
[  259.793964][ T1056] veth0_macvtap: left promiscuous mode
[  259.821906][ T1056] veth1_vlan: left promiscuous mode
[  259.827178][ T1056] veth0_vlan: left promiscuous mode
[  261.506725][ T1056] team0 (unregistering): Port device team_slave_1 removed
[  261.658669][ T1056] team0 (unregistering): Port device team_slave_0 removed
[  263.069363][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  263.078340][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  263.093347][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  263.106765][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  263.114880][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  263.122533][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  264.400734][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  264.416181][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  264.425557][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  264.434713][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  264.444579][ T5239] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  264.452035][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  264.480027][ T7842] chnl_net:caif_netlink_parms(): no params data found
[  265.221085][ T4616] Bluetooth: hci1: command tx timeout
[  265.842900][ T1056] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.881062][ T7842] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.888374][ T7842] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.896324][ T7842] bridge_slave_0: entered allmulticast mode
[  265.913143][ T7842] bridge_slave_0: entered promiscuous mode
[  265.926071][ T7842] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.935506][ T7842] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.946062][ T7842] bridge_slave_1: entered allmulticast mode
[  265.957445][ T7842] bridge_slave_1: entered promiscuous mode
[  265.983368][ T7895] netlink: 16 bytes leftover after parsing attributes in process `syz.3.647'.
[  266.069209][ T1056] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.159322][ T7842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.174150][ T7692] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  266.195687][ T7906] netlink: 'syz.3.648': attribute type 1 has an invalid length.
[  266.218888][ T7906] netlink: 'syz.3.648': attribute type 3 has an invalid length.
[  266.227475][ T1056] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.229141][ T7906] netlink: 224 bytes leftover after parsing attributes in process `syz.3.648'.
[  266.252510][ T7906] NCSI netlink: No device for ifindex 0
[  266.277443][ T7842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.303340][ T7692] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  266.323050][ T7692] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  266.343413][ T7911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.648'.
[  266.357814][ T7911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.648'.
[  266.367727][ T7911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.648'.
[  266.474396][ T1056] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.500331][ T4616] Bluetooth: hci0: command tx timeout
[  266.544945][ T7842] team0: Port device team_slave_0 added
[  266.558491][ T7692] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  266.694939][ T7842] team0: Port device team_slave_1 added
[  266.842781][ T7842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.855631][ T7842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.889621][ T7842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.921903][ T7842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.929525][ T7842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.956304][ T7842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  267.016221][ T7870] chnl_net:caif_netlink_parms(): no params data found
[  267.050156][ T5275] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  267.133315][ T7842] hsr_slave_0: entered promiscuous mode
[  267.150870][ T7842] hsr_slave_1: entered promiscuous mode
[  267.159637][ T7842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  267.170064][ T7842] Cannot create hsr debugfs directory
[  267.219297][ T5275] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  267.246108][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.282741][ T5275] usb 4-1: config 0 descriptor??
[  267.301339][ T4616] Bluetooth: hci1: command tx timeout
[  267.305323][ T1056] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.551749][ T1056] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.635356][ T7692] 8021q: adding VLAN 0 to HW filter on device bond0
[  267.669109][ T1056] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.691222][ T7870] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.698377][ T7870] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.712747][ T7870] bridge_slave_0: entered allmulticast mode
[  267.722934][ T7870] bridge_slave_0: entered promiscuous mode
[  267.731642][ T7870] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.738786][ T7870] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.746163][ T7870] bridge_slave_1: entered allmulticast mode
[  267.753504][ T7870] bridge_slave_1: entered promiscuous mode
[  267.811124][ T1056] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.867050][ T7870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.909236][ T7870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  267.949875][ T7692] 8021q: adding VLAN 0 to HW filter on device team0
[  268.025069][ T7870] team0: Port device team_slave_0 added
[  268.061666][ T2582] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.068828][ T2582] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.108909][ T5275] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  268.131042][ T5275] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  268.145886][ T5275] [drm:udl_init] *ERROR* Selecting channel failed
[  268.169804][ T7870] team0: Port device team_slave_1 added
[  268.219370][ T5275] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  268.237244][ T5275] [drm] Initialized udl on minor 2
[  268.246384][ T5275] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  268.287802][ T5275] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  268.297769][   T33] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.304932][   T33] bridge0: port 2(bridge_slave_1) entered forwarding state
[  268.335074][ T7012] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  268.345341][ T5275] usb 4-1: USB disconnect, device number 24
[  268.362238][ T7012] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  268.391910][ T7870] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.398899][ T7870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.438222][ T7870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.525777][ T7870] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.538225][ T7870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.580239][ T4616] Bluetooth: hci0: command tx timeout
[  268.586781][ T7870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.670011][ T1056] bridge_slave_1: left allmulticast mode
[  268.677001][ T1056] bridge_slave_1: left promiscuous mode
[  268.684258][ T1056] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.693211][   T29] audit: type=1326 audit(1726737049.138:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.717046][   T29] audit: type=1326 audit(1726737049.138:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe4757c890 code=0x7fc00000
[  268.717392][ T1056] bridge_slave_0: left allmulticast mode
[  268.745078][   T29] audit: type=1326 audit(1726737049.138:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.746195][ T1056] bridge_slave_0: left promiscuous mode
[  268.772752][ T1056] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.773417][   T29] audit: type=1326 audit(1726737049.138:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.802716][   T29] audit: type=1326 audit(1726737049.138:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.824691][   T29] audit: type=1326 audit(1726737049.138:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.827449][ T1056] bridge_slave_1: left allmulticast mode
[  268.853607][ T1056] bridge_slave_1: left promiscuous mode
[  268.859428][ T1056] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.859475][   T29] audit: type=1326 audit(1726737049.138:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.890581][   T29] audit: type=1326 audit(1726737049.138:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.892207][ T1056] bridge_slave_0: left allmulticast mode
[  268.919566][ T1056] bridge_slave_0: left promiscuous mode
[  268.920769][   T29] audit: type=1326 audit(1726737049.138:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  268.925896][ T1056] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.956100][   T29] audit: type=1326 audit(1726737049.138:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7983 comm="syz.4.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4757def9 code=0x7fc00000
[  269.380372][ T4616] Bluetooth: hci1: command tx timeout
[  269.690521][ T1056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.702993][ T1056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  269.713449][ T1056] bond0 (unregistering): Released all slaves
[  269.764010][ T5308] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  269.835378][ T1056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.846950][ T1056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  269.857404][ T1056] bond0 (unregistering): Released all slaves
[  269.941421][ T5308] usb 4-1: New USB device found, idVendor=0458, idProduct=7029, bcdDevice=8b.92
[  269.946672][ T7870] hsr_slave_0: entered promiscuous mode
[  269.963388][ T7870] hsr_slave_1: entered promiscuous mode
[  269.971738][ T5308] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.981084][ T5308] usb 4-1: Product: syz
[  269.985624][ T7870] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  269.985786][ T5308] usb 4-1: Manufacturer: syz
[  269.997319][ T7870] Cannot create hsr debugfs directory
[  270.009107][ T5308] usb 4-1: SerialNumber: syz
[  270.030711][ T5308] usb 4-1: config 0 descriptor??
[  270.048582][ T5308] gspca_main: gspca_sn9c20x-2.14.0 probing 0458:7029
[  270.675879][ T4616] Bluetooth: hci0: command tx timeout
[  270.923511][ T8007] FAULT_INJECTION: forcing a failure.
[  270.923511][ T8007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.980206][ T5308] gspca_sn9c20x: Write register 1001 failed -71
[  270.992598][ T8007] CPU: 0 UID: 0 PID: 8007 Comm: syz.4.659 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  271.002881][ T8007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  271.012957][ T8007] Call Trace:
[  271.016247][ T8007]  <TASK>
[  271.019188][ T8007]  dump_stack_lvl+0x241/0x360
[  271.023892][ T8007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.029122][ T8007]  ? __pfx__printk+0x10/0x10
[  271.033749][ T8007]  should_fail_ex+0x3b0/0x4e0
[  271.038462][ T8007]  _copy_from_user+0x2f/0xe0
[  271.043074][ T8007]  bpf_test_init+0x11f/0x180
[  271.047689][ T8007]  bpf_prog_test_run_skb+0x2bb/0x1820
[  271.053089][ T8007]  ? __pfx_lock_release+0x10/0x10
[  271.058154][ T8007]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  271.063986][ T8007]  ? fput+0x1a8/0x230
[  271.067992][ T8007]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  271.073823][ T8007]  bpf_prog_test_run+0x334/0x3b0
[  271.078797][ T8007]  __sys_bpf+0x48d/0x810
[  271.083071][ T8007]  ? __pfx___sys_bpf+0x10/0x10
[  271.087876][ T8007]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  271.093884][ T8007]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  271.100238][ T8007]  ? do_syscall_64+0x100/0x230
[  271.105042][ T8007]  __x64_sys_bpf+0x7c/0x90
[  271.109483][ T8007]  do_syscall_64+0xf3/0x230
[  271.114014][ T8007]  ? clear_bhb_loop+0x35/0x90
[  271.118717][ T8007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.124632][ T8007] RIP: 0033:0x7fbe4757def9
[  271.129058][ T8007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.148684][ T8007] RSP: 002b:00007fbe482a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  271.157132][ T8007] RAX: ffffffffffffffda RBX: 00007fbe47735f80 RCX: 00007fbe4757def9
[  271.165126][ T8007] RDX: 0000000000000050 RSI: 0000000020000080 RDI: 000000000000000a
[  271.173117][ T8007] RBP: 00007fbe482a0090 R08: 0000000000000000 R09: 0000000000000000
[  271.181111][ T8007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.189102][ T8007] R13: 0000000000000000 R14: 00007fbe47735f80 R15: 00007ffe7b2df098
[  271.197106][ T8007]  </TASK>
[  271.201599][ T5308] gspca_sn9c20x: Device initialization failed
[  271.208862][ T5308] gspca_sn9c20x 4-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[  271.228464][ T5308] usb 4-1: USB disconnect, device number 25
[  271.460721][ T4616] Bluetooth: hci1: command tx timeout
[  271.656503][ T8026] trusted_key: encrypted_key: insufficient parameters specified
[  271.736928][ T7842] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  271.784016][ T7842] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  271.864789][ T7692] 8021q: adding VLAN 0 to HW filter on device batadv0
[  271.916865][ T7842] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  271.982563][ T1056] hsr_slave_0: left promiscuous mode
[  271.988551][ T1056] hsr_slave_1: left promiscuous mode
[  271.997415][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  272.010231][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_0
[  272.025489][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  272.037223][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.056126][ T1056] hsr_slave_0: left promiscuous mode
[  272.065031][ T1056] hsr_slave_1: left promiscuous mode
[  272.077107][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  272.087199][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_0
[  272.099723][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  272.116870][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.170062][ T1056] veth1_macvtap: left promiscuous mode
[  272.175714][ T1056] veth0_macvtap: left promiscuous mode
[  272.184479][ T1056] veth1_vlan: left promiscuous mode
[  272.189819][ T1056] veth0_vlan: left promiscuous mode
[  272.196279][ T1056] veth1_macvtap: left promiscuous mode
[  272.202441][ T1056] veth0_macvtap: left promiscuous mode
[  272.207980][ T1056] veth1_vlan: left promiscuous mode
[  272.213602][ T1056] veth0_vlan: left promiscuous mode
[  272.759794][ T4616] Bluetooth: hci0: command tx timeout
[  273.547801][ T1056] team0 (unregistering): Port device team_slave_1 removed
[  273.624652][ T1056] team0 (unregistering): Port device team_slave_0 removed
[  273.831007][ T5275] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  273.971132][ T5275] usb 4-1: device descriptor read/64, error -71
[  274.213674][ T5275] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  274.338006][ T1056] team0 (unregistering): Port device team_slave_1 removed
[  274.356992][ T5275] usb 4-1: device descriptor read/64, error -71
[  274.388073][ T1056] team0 (unregistering): Port device team_slave_0 removed
[  274.474562][ T5275] usb usb4-port1: attempt power cycle
[  274.753262][ T7842] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  274.795570][ T8058] netlink: 24 bytes leftover after parsing attributes in process `syz.4.669'.
[  274.821025][ T4616] Bluetooth: hci0: command tx timeout
[  274.826569][ T5275] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  274.866199][ T5275] usb 4-1: device descriptor read/8, error -71
[  274.898594][ T8061] Driver unsupported XDP return value 0 on prog  (id 241) dev N/A, expect packet loss!
[  274.959348][ T7692] veth0_vlan: entered promiscuous mode
[  275.042980][ T7692] veth1_vlan: entered promiscuous mode
[  275.111222][ T5275] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  275.151527][ T5275] usb 4-1: device descriptor read/8, error -71
[  275.218097][ T7692] veth0_macvtap: entered promiscuous mode
[  275.228670][ T7870] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  275.240384][ T7692] veth1_macvtap: entered promiscuous mode
[  275.259764][ T7842] 8021q: adding VLAN 0 to HW filter on device bond0
[  275.267419][ T7870] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  275.288867][ T5275] usb usb4-port1: unable to enumerate USB device
[  275.293869][ T7870] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  275.329228][ T7870] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  275.347057][ T7692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.357800][ T7692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.368361][ T7692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.379045][ T7692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.392102][ T7692] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.409754][ T7842] 8021q: adding VLAN 0 to HW filter on device team0
[  275.420454][ T7692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.433465][ T7692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.444468][ T7692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.455177][ T7692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.471770][ T7692] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.499168][ T7692] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.511780][ T7692] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.520488][ T7692] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.529794][ T7692] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.556712][ T2561] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.563885][ T2561] bridge0: port 1(bridge_slave_0) entered forwarding state
[  275.574805][ T2561] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.581956][ T2561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  275.758839][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.773771][ T7870] 8021q: adding VLAN 0 to HW filter on device bond0
[  275.793717][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  275.837105][ T7870] 8021q: adding VLAN 0 to HW filter on device team0
[  275.898240][   T33] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.905401][   T33] bridge0: port 1(bridge_slave_0) entered forwarding state
[  275.931747][   T33] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.938898][   T33] bridge0: port 2(bridge_slave_1) entered forwarding state
[  275.939043][ T8070] netlink: 12 bytes leftover after parsing attributes in process `syz.4.672'.
[  275.982295][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.990195][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.018107][ T7870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  276.186354][ T7842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  276.204449][ T8085] FAULT_INJECTION: forcing a failure.
[  276.204449][ T8085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.233482][ T8085] CPU: 1 UID: 0 PID: 8085 Comm: syz.1.605 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  276.243850][ T8085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  276.253923][ T8085] Call Trace:
[  276.257219][ T8085]  <TASK>
[  276.260174][ T8085]  dump_stack_lvl+0x241/0x360
[  276.264898][ T8085]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.270134][ T8085]  ? __pfx__printk+0x10/0x10
[  276.274756][ T8085]  ? snprintf+0xda/0x120
[  276.276828][ T7842] veth0_vlan: entered promiscuous mode
[  276.279011][ T8085]  should_fail_ex+0x3b0/0x4e0
[  276.279051][ T8085]  _copy_to_user+0x2f/0xb0
[  276.293576][ T8085]  simple_read_from_buffer+0xca/0x150
[  276.298973][ T8085]  proc_fail_nth_read+0x1e9/0x250
[  276.304015][ T8085]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.305548][ T7842] veth1_vlan: entered promiscuous mode
[  276.309570][ T8085]  ? rw_verify_area+0x55e/0x6f0
[  276.309595][ T8085]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.325441][ T8085]  vfs_read+0x201/0xbc0
[  276.329621][ T8085]  ? __pfx_lock_release+0x10/0x10
[  276.334672][ T8085]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  276.340352][ T7842] veth0_macvtap: entered promiscuous mode
[  276.340572][ T8085]  ? __pfx_vfs_read+0x10/0x10
[  276.350963][ T8085]  ? __fget_files+0x3f3/0x470
[  276.355669][ T8085]  ? __fdget_pos+0x24e/0x320
[  276.359782][ T7842] veth1_macvtap: entered promiscuous mode
[  276.360260][ T8085]  ksys_read+0x1a0/0x2c0
[  276.360290][ T8085]  ? __pfx_ksys_read+0x10/0x10
[  276.374997][ T8085]  ? do_syscall_64+0x100/0x230
[  276.377385][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.379776][ T8085]  ? do_syscall_64+0xb6/0x230
[  276.379809][ T8085]  do_syscall_64+0xf3/0x230
[  276.390330][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.394844][ T8085]  ? clear_bhb_loop+0x35/0x90
[  276.394875][ T8085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.394897][ T8085] RIP: 0033:0x7fa84817c93c
[  276.394915][ T8085] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  276.394930][ T8085] RSP: 002b:00007fa847bff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  276.394952][ T8085] RAX: ffffffffffffffda RBX: 00007fa848335f80 RCX: 00007fa84817c93c
[  276.394967][ T8085] RDX: 000000000000000f RSI: 00007fa847bff0a0 RDI: 0000000000000005
[  276.394981][ T8085] RBP: 00007fa847bff090 R08: 0000000000000000 R09: 0000000000000000
[  276.394994][ T8085] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[  276.395007][ T8085] R13: 0000000000000000 R14: 00007fa848335f80 R15: 00007ffea7292bc8
[  276.395041][ T8085]  </TASK>
[  276.499795][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.518561][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.529321][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.539874][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.552725][ T7842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.579613][ T7870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  276.603712][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.617979][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.629972][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.640999][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.661956][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.683315][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.702387][ T7842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.749043][ T7842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.764743][ T7842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.779972][ T7842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.793947][ T8095] netlink: 20 bytes leftover after parsing attributes in process `syz.3.675'.
[  276.794512][ T7842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.922988][ T7870] veth0_vlan: entered promiscuous mode
[  277.028977][ T7870] veth1_vlan: entered promiscuous mode
[  277.071204][ T7012] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  277.117577][ T1056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.153037][ T1056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.229548][ T7012] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  277.239481][ T7870] veth0_macvtap: entered promiscuous mode
[  277.245418][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.255284][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.272658][ T7012] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  277.297256][ T7012] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  277.317508][ T7870] veth1_macvtap: entered promiscuous mode
[  277.345419][ T7012] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.373897][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.406902][ T7012] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  277.441406][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.453221][ T7012] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  277.471365][ T7012] usb 2-1: Product: syz
[  277.475564][ T7012] usb 2-1: Manufacturer: syz
[  277.481678][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.507915][ T7012] cdc_wdm 2-1:1.0: skipping garbage
[  277.517122][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.531337][ T7012] cdc_wdm 2-1:1.0: skipping garbage
[  277.541876][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.554567][ T7012] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  277.571105][ T7012] cdc_wdm 2-1:1.0: Unknown control protocol
[  277.577659][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.608233][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.630270][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.659924][ T7870] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.734506][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.783432][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.793035][ T8117] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.677'.
[  277.807036][ T8117] openvswitch: netlink: Multiple metadata blocks provided
[  277.818990][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.881432][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.952991][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.041344][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.051221][ T7870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.264042][ T7870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.482932][ T7870] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.602653][ T8117] netlink: 32 bytes leftover after parsing attributes in process `syz.3.677'.
[  283.294063][  T939] usb 2-1: USB disconnect, device number 20
[  283.336256][ T7870] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.384624][ T7870] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.406187][ T7870] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.438342][ T7870] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  284.321300][ T8131] netlink: 16 bytes leftover after parsing attributes in process `syz.4.678'.
[  284.522895][  T939] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  284.533825][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.541665][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.673116][ T8136] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  284.681390][ T8136] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  284.700769][  T939] usb 2-1: Using ep0 maxpacket: 16
[  284.718552][  T939] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  284.729490][ T8136] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  284.744974][  T939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.753268][ T8136] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  284.762964][  T939] usb 2-1: Product: syz
[  284.769166][  T939] usb 2-1: Manufacturer: syz
[  284.774220][  T939] usb 2-1: SerialNumber: syz
[  284.780424][  T939] usb 2-1: config 0 descriptor??
[  284.792471][  T939] visor 2-1:0.0: Sony Clie 3.5 converter detected
[  284.822374][ T8136] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  284.842326][ T8136] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  284.890995][ T8136] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  284.910620][ T8136] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  284.978347][ T1056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.988095][ T1056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.013349][  T939] usb 2-1: clie_3_5_startup: get config number bad return length: 0
[  285.056068][  T939] visor 2-1:0.0: probe with driver visor failed with error -5
[  285.542617][ T7012] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  285.646395][ T8155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  285.674391][ T8155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.434700][ T7012] usb 5-1: Using ep0 maxpacket: 16
[  286.539861][ T7012] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.562953][ T7012] usb 5-1: config 0 interface 0 altsetting 37 has an invalid descriptor for endpoint zero, skipping
[  286.593341][ T7012] usb 5-1: config 0 interface 0 altsetting 37 has 3 endpoint descriptors, different from the interface descriptor's value: 1
[  286.614320][ T7012] usb 5-1: config 0 interface 0 has no altsetting 0
[  286.736080][ T7012] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  286.762466][ T7012] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  286.798573][ T7012] usb 5-1: Manufacturer: syz
[  286.828662][ T7012] usb 5-1: config 0 descriptor??
[  287.129164][ T8170] sp0: Synchronizing with TNC
[  287.542899][  T942] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  287.606173][    T9] usb 2-1: USB disconnect, device number 21
[  288.557540][  T942] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  288.569424][  T942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.598238][  T942] usb 3-1: Product: syz
[  288.614175][  T942] usb 3-1: Manufacturer: syz
[  288.626202][ T8184] FAULT_INJECTION: forcing a failure.
[  288.626202][ T8184] name failslab, interval 1, probability 0, space 0, times 0
[  288.641068][  T942] usb 3-1: SerialNumber: syz
[  288.656258][  T942] usb 3-1: config 0 descriptor??
[  288.686314][ T8184] CPU: 1 UID: 0 PID: 8184 Comm: syz.3.694 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  288.696696][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  288.706772][ T8184] Call Trace:
[  288.710067][ T8184]  <TASK>
[  288.713016][ T8184]  dump_stack_lvl+0x241/0x360
[  288.717724][ T8184]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.722948][ T8184]  ? __pfx__printk+0x10/0x10
[  288.727567][ T8184]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  288.733043][ T8184]  ? __pfx___might_resched+0x10/0x10
[  288.738353][ T8184]  should_fail_ex+0x3b0/0x4e0
[  288.743064][ T8184]  should_failslab+0xac/0x100
[  288.747770][ T8184]  ? __se_sys_mount+0x15a/0x3c0
[  288.752648][ T8184]  __kmalloc_cache_noprof+0x6c/0x2c0
[  288.757961][ T8184]  ? memdup_user+0x9f/0xc0
[  288.762403][ T8184]  __se_sys_mount+0x15a/0x3c0
[  288.767110][ T8184]  ? __pfx___se_sys_mount+0x10/0x10
[  288.772325][ T8184]  ? __secure_computing+0x125/0x370
[  288.777549][ T8184]  ? __x64_sys_mount+0x20/0xc0
[  288.782332][ T8184]  do_syscall_64+0xf3/0x230
[  288.786862][ T8184]  ? clear_bhb_loop+0x35/0x90
[  288.791569][ T8184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.797483][ T8184] RIP: 0033:0x7f4dfd17def9
[  288.801914][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.821544][ T8184] RSP: 002b:00007f4dfdef2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  288.829986][ T8184] RAX: ffffffffffffffda RBX: 00007f4dfd335f80 RCX: 00007f4dfd17def9
[  288.837977][ T8184] RDX: 0000000020002100 RSI: 0000000020000000 RDI: 0000000000000000
[  288.845966][ T8184] RBP: 00007f4dfdef2090 R08: 00000000200013c0 R09: 0000000000000000
[  288.853955][ T8184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.861945][ T8184] R13: 0000000000000000 R14: 00007f4dfd335f80 R15: 00007ffc9a010698
[  288.869947][ T8184]  </TASK>
[  288.895020][ T7012] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  288.923006][  T942] cx82310_eth 3-1:0.0: probe with driver cx82310_eth failed with error -22
[  288.942716][ T7012] usb 5-1: USB disconnect, device number 8
[  289.320878][  T942] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[  289.624044][ T8170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.685857][ T8170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.808545][ T8206] loop0: detected capacity change from 0 to 127
[  290.102848][  T942] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  290.287144][  T942] usb 1-1: Using ep0 maxpacket: 16
[  290.316275][  T942] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.342835][  T942] usb 1-1: config 0 interface 0 altsetting 37 has an invalid descriptor for endpoint zero, skipping
[  290.359644][  T942] usb 1-1: config 0 interface 0 altsetting 37 has 3 endpoint descriptors, different from the interface descriptor's value: 1
[  290.382941][  T942] usb 1-1: config 0 interface 0 has no altsetting 0
[  290.402225][  T942] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  290.471818][  T942] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  290.480222][  T942] usb 1-1: Manufacturer: syz
[  290.517950][  T942] usb 1-1: config 0 descriptor??
[  292.299179][ T8216] coredump: 577(syz.3.702): written to core: VMAs: 38, size 97681408; core: 60286118 bytes, pos 97689600
[  292.429599][ T8213] fuse: Bad value for 'user_id'
[  292.489217][ T8213] fuse: Bad value for 'user_id'
[  292.503412][ T5275] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  292.602097][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.703'.
[  292.901298][  T942] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  292.931588][  T939] usb 3-1: USB disconnect, device number 15
[  292.940376][  T942] usb 1-1: USB disconnect, device number 20
[  292.949234][ T5275] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  293.007721][ T5275] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.030010][ T5275] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.066309][ T8220] netlink: 'syz.3.704': attribute type 1 has an invalid length.
[  293.078720][ T5275] usb 5-1: config 0 interface 0 has no altsetting 0
[  293.078823][ T8226] FAULT_INJECTION: forcing a failure.
[  293.078823][ T8226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  293.099707][ T5275] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.115773][ T5275] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.124508][ T8226] CPU: 0 UID: 0 PID: 8226 Comm: syz.0.705 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  293.136881][ T8226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  293.146940][ T8226] Call Trace:
[  293.150208][ T8226]  <TASK>
[  293.153135][ T8226]  dump_stack_lvl+0x241/0x360
[  293.157830][ T8226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.163018][ T8226]  ? __pfx__printk+0x10/0x10
[  293.167629][ T8226]  ? __pfx_lock_release+0x10/0x10
[  293.172650][ T8226]  ? tomoyo_path_number_perm+0x71a/0x880
[  293.178278][ T8226]  should_fail_ex+0x3b0/0x4e0
[  293.182960][ T8226]  _copy_from_user+0x2f/0xe0
[  293.187581][ T8226]  wext_handle_ioctl+0xf2/0x270
[  293.192446][ T8226]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  293.197920][ T8226]  ? __asan_memset+0x23/0x50
[  293.202497][ T8226]  ? smack_file_ioctl+0x29e/0x3a0
[  293.207512][ T8226]  sock_ioctl+0x17c/0x8e0
[  293.211831][ T8226]  ? __pfx_sock_ioctl+0x10/0x10
[  293.216674][ T8226]  ? __fget_files+0x3f3/0x470
[  293.221349][ T8226]  ? __pfx_sock_ioctl+0x10/0x10
[  293.226194][ T8226]  __se_sys_ioctl+0xf9/0x170
[  293.230776][ T8226]  do_syscall_64+0xf3/0x230
[  293.235269][ T8226]  ? clear_bhb_loop+0x35/0x90
[  293.239937][ T8226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.245817][ T8226] RIP: 0033:0x7f0a5937def9
[  293.250221][ T8226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.269820][ T8226] RSP: 002b:00007f0a58dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.278243][ T8226] RAX: ffffffffffffffda RBX: 00007f0a59535f80 RCX: 00007f0a5937def9
[  293.286205][ T8226] RDX: 0000000020000000 RSI: 0000000000008b34 RDI: 0000000000000003
[  293.294162][ T8226] RBP: 00007f0a58dff090 R08: 0000000000000000 R09: 0000000000000000
[  293.302120][ T8226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.310077][ T8226] R13: 0000000000000000 R14: 00007f0a59535f80 R15: 00007ffe4a4f9028
[  293.318046][ T8226]  </TASK>
[  293.326006][ T8220] netlink: 'syz.3.704': attribute type 3 has an invalid length.
[  293.326172][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'.
[  293.336319][ T5275] usb 5-1: config 0 interface 0 has no altsetting 0
[  293.349694][ T8220] netlink: 224 bytes leftover after parsing attributes in process `syz.3.704'.
[  293.349712][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'.
[  293.359144][ T8220] NCSI netlink: No device for ifindex 0
[  293.375301][ T5275] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.032550][ T8223] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'.
[  294.047391][ T5275] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.058662][ T5275] usb 5-1: config 0 interface 0 has no altsetting 0
[  294.135769][ T5275] usb 5-1: unable to read config index 3 descriptor/start: -71
[  294.180721][ T5275] usb 5-1: can't read configurations, error -71
[  294.433485][    T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  294.633360][    T9] usb 1-1: Using ep0 maxpacket: 32
[  295.016814][    T9] usb 1-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7
[  295.039703][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.056168][    T9] usb 1-1: Product: syz
[  295.061902][    T9] usb 1-1: Manufacturer: syz
[  295.067270][    T9] usb 1-1: SerialNumber: syz
[  295.074980][    T9] usb 1-1: config 0 descriptor??
[  295.116221][    T9] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  295.353507][    T8] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  295.389722][   T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.805132][    T8] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  296.825396][    T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  296.835570][    T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  296.844987][    T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.859260][    T8] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  296.868417][    T8] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  296.876474][    T8] usb 3-1: Product: syz
[  296.880660][    T8] usb 3-1: Manufacturer: syz
[  296.913594][    T8] cdc_wdm 3-1:1.0: skipping garbage
[  296.918849][    T8] cdc_wdm 3-1:1.0: skipping garbage
[  296.918960][   T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.935270][    T8] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  296.941197][    T8] cdc_wdm 3-1:1.0: Unknown control protocol
[  297.113248][   T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.385316][    T8] usb 1-1: USB disconnect, device number 21
[  298.070573][   T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.117359][    T8] usb 3-1: USB disconnect, device number 16
[  299.137473][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  299.147384][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  299.162194][ T5239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  299.172208][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  299.194591][ T5239] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  299.201967][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  299.368899][ T4616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  299.384775][ T4616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  299.463419][ T4616] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  299.501024][ T8272] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  300.155546][ T4616] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  300.166235][ T4616] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  300.173477][ T4616] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  300.195427][   T62] bridge_slave_1: left allmulticast mode
[  300.201117][   T62] bridge_slave_1: left promiscuous mode
[  300.206941][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.235425][   T62] bridge_slave_0: left allmulticast mode
[  300.241085][   T62] bridge_slave_0: left promiscuous mode
[  300.349935][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.736309][ T8291] FAULT_INJECTION: forcing a failure.
[  300.736309][ T8291] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  300.765051][ T8291] CPU: 1 UID: 0 PID: 8291 Comm: syz.2.723 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  300.775345][ T8291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  300.787144][ T8291] Call Trace:
[  300.790417][ T8291]  <TASK>
[  300.793354][ T8291]  dump_stack_lvl+0x241/0x360
[  300.798142][ T8291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.803341][ T8291]  ? __pfx__printk+0x10/0x10
[  300.807936][ T8291]  should_fail_ex+0x3b0/0x4e0
[  300.812624][ T8291]  prepare_alloc_pages+0x1da/0x5d0
[  300.817754][ T8291]  __alloc_pages_noprof+0x166/0x6c0
[  300.822989][ T8291]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  300.828734][ T8291]  alloc_pages_mpol_noprof+0x3e8/0x680
[  300.834194][ T8291]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  300.840179][ T8291]  ? do_raw_spin_unlock+0x13c/0x8b0
[  300.845378][ T8291]  folio_alloc_mpol_noprof+0x36/0x50
[  300.850660][ T8291]  __read_swap_cache_async+0x249/0x8c0
[  300.856123][ T8291]  ? __pfx___read_swap_cache_async+0x10/0x10
[  300.862126][ T8291]  swap_cluster_readahead+0x674/0x800
[  300.867496][ T8291]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  300.873393][ T8291]  ? xas_load+0x59b/0x5c0
[  300.877754][ T8291]  swapin_readahead+0x1bf/0xfd0
[  300.882608][ T8291]  ? filemap_get_entry+0x123/0x3b0
[  300.887713][ T8291]  ? __pfx_swapin_readahead+0x10/0x10
[  300.893089][ T8291]  ? __filemap_get_folio+0x984/0xc10
[  300.898369][ T8291]  ? swap_cache_get_folio+0xa6/0x570
[  300.903650][ T8291]  do_swap_page+0x798/0x5b40
[  300.908233][ T8291]  ? mark_lock+0x9a/0x360
[  300.912557][ T8291]  ? rcu_is_watching+0x15/0xb0
[  300.917310][ T8291]  ? __pte_offset_map+0x2c4/0x380
[  300.922337][ T8291]  ? do_swap_page+0x151/0x5b40
[  300.927095][ T8291]  ? __pfx_do_swap_page+0x10/0x10
[  300.932112][ T8291]  ? pte_offset_map_nolock+0x137/0x1f0
[  300.937568][ T8291]  ? __pfx_pte_offset_map_nolock+0x10/0x10
[  300.943371][ T8291]  handle_pte_fault+0x61f/0x6fc0
[  300.948991][ T8291]  ? is_bpf_text_address+0x26/0x2a0
[  300.954185][ T8291]  ? mark_lock+0x9a/0x360
[  300.958505][ T8291]  ? __pfx_handle_pte_fault+0x10/0x10
[  300.963882][ T8291]  ? mt_find+0x226/0x850
[  300.968129][ T8291]  ? __pfx_lock_release+0x10/0x10
[  300.973170][ T8291]  handle_mm_fault+0x1053/0x1ad0
[  300.978121][ T8291]  ? __pfx_handle_mm_fault+0x10/0x10
[  300.983406][ T8291]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  300.989730][ T8291]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  300.995007][ T8291]  exc_page_fault+0x2b9/0x8c0
[  300.999704][ T8291]  asm_exc_page_fault+0x26/0x30
[  301.004590][ T8291] RIP: 0010:__get_user_4+0x11/0x20
[  301.009700][ T8291] Code: 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
[  301.029296][ T8291] RSP: 0018:ffffc90002d4fc98 EFLAGS: 00050206
[  301.035357][ T8291] RAX: 0000000020000100 RBX: ffff8880207841e8 RCX: ffffc90002d4fb03
[  301.043320][ T8291] RDX: 0000000000000000 RSI: ffffffff8c0aea80 RDI: ffffffff8c5fea80
[  301.051282][ T8291] RBP: ffffc90002d4fd70 R08: ffffffff901acdaf R09: 1ffffffff20359b5
[  301.059242][ T8291] R10: dffffc0000000000 R11: fffffbfff20359b6 R12: ffff888020784000
[  301.067212][ T8291] R13: 0000000040047452 R14: 1ffff920005a9f98 R15: ffffc90002d4fce0
[  301.075222][ T8291]  ppp_async_ioctl+0x303/0x7a0
[  301.079985][ T8291]  ? __pfx___mutex_lock+0x10/0x10
[  301.085013][ T8291]  ? __pfx_ppp_async_ioctl+0x10/0x10
[  301.090307][ T8291]  ? __pfx_ppp_async_ioctl+0x10/0x10
[  301.095598][ T8291]  ppp_ioctl+0xb15/0x1cd0
[  301.099933][ T8291]  ? __pfx_ppp_ioctl+0x10/0x10
[  301.104698][ T8291]  ? __fget_files+0x3f3/0x470
[  301.109387][ T8291]  ? __pfx_ppp_ioctl+0x10/0x10
[  301.114164][ T8291]  __se_sys_ioctl+0xf9/0x170
[  301.118757][ T8291]  do_syscall_64+0xf3/0x230
[  301.123288][ T8291]  ? clear_bhb_loop+0x35/0x90
[  301.127964][ T8291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.133851][ T8291] RIP: 0033:0x7fdd2757def9
[  301.138257][ T8291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.157864][ T8291] RSP: 002b:00007fdd28406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  301.166306][ T8291] RAX: ffffffffffffffda RBX: 00007fdd27735f80 RCX: 00007fdd2757def9
[  301.174300][ T8291] RDX: 0000000020000100 RSI: 0000000040047452 RDI: 0000000000000004
[  301.182272][ T8291] RBP: 00007fdd28406090 R08: 0000000000000000 R09: 0000000000000000
[  301.190240][ T8291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.198206][ T8291] R13: 0000000000000000 R14: 00007fdd27735f80 R15: 00007ffc6e9e6978
[  301.206182][ T8291]  </TASK>
[  301.274080][ T5275] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  301.519245][ T5275] usb 1-1: Using ep0 maxpacket: 16
[  302.262822][ T5275] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.273482][ T5239] Bluetooth: hci2: command tx timeout
[  302.345141][ T5275] usb 1-1: config 0 interface 0 altsetting 37 has an invalid descriptor for endpoint zero, skipping
[  302.364745][ T5275] usb 1-1: config 0 interface 0 altsetting 37 has 3 endpoint descriptors, different from the interface descriptor's value: 1
[  302.392856][ T5275] usb 1-1: config 0 interface 0 has no altsetting 0
[  302.435951][ T5275] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  302.460876][ T5275] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  302.494177][ T5275] usb 1-1: Manufacturer: syz
[  302.525701][ T5275] usb 1-1: config 0 descriptor??
[  303.470060][ T5275] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  303.517657][ T5275] usb 1-1: USB disconnect, device number 22
[  304.344447][ T5239] Bluetooth: hci2: command tx timeout
[  304.471752][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.503173][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.584935][   T62] bond0 (unregistering): Released all slaves
[  304.674705][ T8304] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  304.681312][ T8304] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  304.706210][ T8304] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  304.964686][  T939] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  304.986700][ T7012] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  305.146157][ T7012] usb 3-1: Using ep0 maxpacket: 32
[  305.156730][  T939] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  305.174665][  T939] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  305.180723][ T7012] usb 3-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7
[  305.204253][ T7012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.207950][  T939] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  305.231732][   T62] hsr_slave_0: left promiscuous mode
[  305.234962][ T7012] usb 3-1: Product: syz
[  305.241225][ T7012] usb 3-1: Manufacturer: syz
[  305.247135][   T62] hsr_slave_1: left promiscuous mode
[  305.264188][ T7012] usb 3-1: SerialNumber: syz
[  305.265210][  T939] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.300224][ T7012] usb 3-1: config 0 descriptor??
[  305.304969][  T939] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  305.317193][ T7012] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  305.324867][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  305.332818][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  305.350260][  T939] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  305.370505][  T939] usb 1-1: Product: syz
[  305.376165][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  305.385992][  T939] usb 1-1: Manufacturer: syz
[  305.397249][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.428786][  T939] cdc_wdm 1-1:1.0: skipping garbage
[  305.434125][  T939] cdc_wdm 1-1:1.0: skipping garbage
[  305.447735][  T939] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  305.479560][   T62] veth1_macvtap: left promiscuous mode
[  305.485284][  T939] cdc_wdm 1-1:1.0: Unknown control protocol
[  305.514655][   T62] veth0_macvtap: left promiscuous mode
[  305.524692][   T62] veth1_vlan: left promiscuous mode
[  305.530040][   T62] veth0_vlan: left promiscuous mode
[  306.015534][  T939] usb 1-1: USB disconnect, device number 23
[  306.258984][ T7012] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  306.436182][ T7012] usb 4-1: Using ep0 maxpacket: 16
[  306.444966][ T7012] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  306.475145][ T7012] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.498724][ T7012] usb 4-1: Product: syz
[  306.502930][ T7012] usb 4-1: Manufacturer: syz
[  306.515260][ T7012] usb 4-1: SerialNumber: syz
[  306.543346][ T7012] r8152-cfgselector 4-1: Unknown version 0x0000
[  306.551278][ T7012] r8152-cfgselector 4-1: config 0 descriptor??
[  306.583094][ T8290] coredump: 613(syz.4.722): written to core: VMAs: 38, size 99856384; core: 62350594 bytes, pos 99864576
[  306.752534][ T5239] Bluetooth: hci2: command 0x0419 tx timeout
[  306.831292][   T62] team0 (unregistering): Port device team_slave_1 removed
[  306.917221][   T62] team0 (unregistering): Port device team_slave_0 removed
[  307.044261][ T8349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.059633][ T8349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.927431][ T8345] warning: `syz.0.733' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  308.112631][    T8] usb 3-1: USB disconnect, device number 17
[  308.254146][ T8265] chnl_net:caif_netlink_parms(): no params data found
[  308.690812][ T8265] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.754959][    T8] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  308.785532][ T8265] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.809260][ T8265] bridge_slave_0: entered allmulticast mode
[  308.836319][ T5239] Bluetooth: hci2: command 0x0419 tx timeout
[  308.882141][ T8265] bridge_slave_0: entered promiscuous mode
[  308.914984][    T8] usb 1-1: Using ep0 maxpacket: 32
[  308.927686][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.939037][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.953253][    T8] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  308.964369][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.004005][    T8] usb 1-1: config 0 descriptor??
[  309.036989][    T8] hub 1-1:0.0: USB hub found
[  309.045485][ T8265] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.052936][ T8265] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.060485][ T8265] bridge_slave_1: entered allmulticast mode
[  309.077800][ T8265] bridge_slave_1: entered promiscuous mode
[  309.125367][ T8265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.158147][  T942] r8152-cfgselector 4-1: USB disconnect, device number 30
[  309.225193][    T8] hub 1-1:0.0: 1 port detected
[  309.267085][ T8265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.447593][    T8] hub 1-1:0.0: hub_hub_status failed (err = -71)
[  309.483993][ T8265] team0: Port device team_slave_0 added
[  309.490932][    T8] hub 1-1:0.0: config failed, can't get hub status (err -71)
[  309.511075][ T8265] team0: Port device team_slave_1 added
[  309.551150][    T8] usbhid 1-1:0.0: can't add hid device: -71
[  309.577938][    T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  309.647667][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.655627][    T8] usb 1-1: USB disconnect, device number 24
[  309.692515][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.750093][ T8265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.784712][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.867110][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.917035][ T8265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.055198][ T7012] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  310.189133][ T8265] hsr_slave_0: entered promiscuous mode
[  310.216892][ T7012] usb 4-1: Using ep0 maxpacket: 16
[  310.230043][ T8265] hsr_slave_1: entered promiscuous mode
[  310.258450][ T7012] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.295302][ T7012] usb 4-1: config 0 interface 0 altsetting 37 has an invalid descriptor for endpoint zero, skipping
[  310.350274][ T7012] usb 4-1: config 0 interface 0 altsetting 37 has 3 endpoint descriptors, different from the interface descriptor's value: 1
[  310.384729][ T7012] usb 4-1: config 0 interface 0 has no altsetting 0
[  310.405586][ T7012] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  310.414868][ T7012] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  310.442020][ T7012] usb 4-1: Manufacturer: syz
[  310.496109][ T7012] usb 4-1: config 0 descriptor??
[  310.906068][ T5239] Bluetooth: hci2: command 0x0419 tx timeout
[  311.493373][ T8265] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  311.507924][ T8265] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  311.520215][ T8265] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  311.552298][ T8265] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  311.798306][ T8265] 8021q: adding VLAN 0 to HW filter on device bond0
[  311.874389][ T8265] 8021q: adding VLAN 0 to HW filter on device team0
[  311.901619][ T2530] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.908767][ T2530] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.942583][ T2530] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.949775][ T2530] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.475534][   T47] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  312.509538][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  312.520983][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  312.530771][   T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  312.579485][ T7012] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  312.594948][ T7012] usb 4-1: USB disconnect, device number 31
[  312.615584][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  312.626517][   T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  312.642107][   T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  312.653867][   T47] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  312.663013][   T47] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.674803][   T47] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  312.684040][   T47] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.739468][   T47] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  312.754349][   T47] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  312.768513][   T47] usb 3-1: Product: syz
[  312.772740][   T47] usb 3-1: Manufacturer: syz
[  312.793172][   T47] cdc_wdm 3-1:1.0: skipping garbage
[  312.814538][   T47] cdc_wdm 3-1:1.0: skipping garbage
[  312.823908][   T47] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  312.837925][   T47] cdc_wdm 3-1:1.0: Unknown control protocol
[  312.888102][ T8265] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.987049][   T54] Bluetooth: hci2: command 0x0419 tx timeout
[  313.038700][ T2582] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.677500][ T8428] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  313.683592][ T8428] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  313.689612][ T8428] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  314.066330][ T8428] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  314.393794][ T2582] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.667671][ T2582] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.951662][ T2582] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.390410][ T2582] bridge_slave_1: left allmulticast mode
[  315.465773][ T2582] bridge_slave_1: left promiscuous mode
[  315.471653][ T2582] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.506461][ T2582] bridge_slave_0: left allmulticast mode
[  315.512171][ T2582] bridge_slave_0: left promiscuous mode
[  315.536033][ T2582] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.797047][   T54] Bluetooth: hci5: command 0x041b tx timeout
[  315.803951][   T54] Bluetooth: hci2: command 0x0419 tx timeout
[  316.914867][  T942] usb 3-1: USB disconnect, device number 18
[  317.178606][ T2582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  317.189940][ T2582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  317.200584][ T2582] bond0 (unregistering): Released all slaves
[  317.215985][    T8] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  317.298101][ T8265] veth0_vlan: entered promiscuous mode
[  317.316988][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[  317.323405][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[  317.393510][    T8] usb 4-1: Using ep0 maxpacket: 32
[  317.430328][    T8] usb 4-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7
[  317.564446][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.574109][    T8] usb 4-1: Product: syz
[  317.578735][    T8] usb 4-1: Manufacturer: syz
[  317.584364][    T8] usb 4-1: SerialNumber: syz
[  317.603713][    T8] usb 4-1: config 0 descriptor??
[  317.618204][    T8] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  317.836257][ T8265] veth1_vlan: entered promiscuous mode
[  317.866585][ T5239] Bluetooth: hci5: command 0x041b tx timeout
[  318.673382][ T8411] chnl_net:caif_netlink_parms(): no params data found
[  318.906670][ T8265] veth0_macvtap: entered promiscuous mode
[  318.953164][   T47] usb 4-1: USB disconnect, device number 32
[  319.000265][ T2582] hsr_slave_0: left promiscuous mode
[  319.021774][ T2582] hsr_slave_1: left promiscuous mode
[  319.042389][ T2582] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.064817][ T2582] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.074934][ T2582] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  319.088429][ T2582] batman_adv: batadv0: Removing interface: batadv_slave_1
[  319.127120][ T2582] veth1_macvtap: left promiscuous mode
[  319.132791][ T2582] veth0_macvtap: left promiscuous mode
[  319.138866][ T2582] veth1_vlan: left promiscuous mode
[  319.144534][ T2582] veth0_vlan: left promiscuous mode
[  319.957568][ T5239] Bluetooth: hci5: command 0x041b tx timeout
[  321.077482][   T29] kauditd_printk_skb: 1768 callbacks suppressed
[  321.077502][   T29] audit: type=1326 audit(1726737101.512:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.286342][   T29] audit: type=1326 audit(1726737101.532:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.372445][ T7012] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  321.379889][   T29] audit: type=1326 audit(1726737101.562:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.525472][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  321.541537][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  321.551363][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  321.570307][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  321.585428][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  321.601323][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  321.757371][   T29] audit: type=1326 audit(1726737101.562:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.886165][   T29] audit: type=1326 audit(1726737101.562:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.909274][   T29] audit: type=1326 audit(1726737101.562:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.918313][ T7012] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  321.930819][   T29] audit: type=1326 audit(1726737101.562:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.930858][   T29] audit: type=1326 audit(1726737101.562:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  321.982762][   T29] audit: type=1326 audit(1726737101.562:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  322.006287][   T29] audit: type=1326 audit(1726737101.562:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8513 comm="syz.2.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  322.028123][   T54] Bluetooth: hci5: command 0x041b tx timeout
[  322.044922][ T7012] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  322.055525][ T7012] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  322.065022][ T2582] team0 (unregistering): Port device team_slave_1 removed
[  322.072611][ T7012] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.108071][ T7012] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  322.117620][ T7012] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  322.132063][ T2582] team0 (unregistering): Port device team_slave_0 removed
[  322.136123][ T7012] usb 4-1: Product: syz
[  322.143501][ T7012] usb 4-1: Manufacturer: syz
[  322.172325][ T7012] cdc_wdm 4-1:1.0: skipping garbage
[  322.180756][ T7012] cdc_wdm 4-1:1.0: skipping garbage
[  322.209026][ T7012] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  322.215085][ T7012] cdc_wdm 4-1:1.0: Unknown control protocol
[  322.839682][   T47] usb 4-1: USB disconnect, device number 33
[  322.864117][ T8411] bridge0: port 1(bridge_slave_0) entered blocking state
[  322.864464][ T8524] lo speed is unknown, defaulting to 1000
[  322.879671][ T8411] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.887385][ T8411] bridge_slave_0: entered allmulticast mode
[  322.894064][ T8411] bridge_slave_0: entered promiscuous mode
[  322.903278][ T8411] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.918468][ T8411] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.925742][ T8411] bridge_slave_1: entered allmulticast mode
[  322.933003][ T8411] bridge_slave_1: entered promiscuous mode
[  322.958253][ T8265] veth1_macvtap: entered promiscuous mode
[  322.987509][ T8524] lo speed is unknown, defaulting to 1000
[  322.995104][ T8524] lo speed is unknown, defaulting to 1000
[  323.007381][ T8524] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  323.052696][ T8524] lo speed is unknown, defaulting to 1000
[  323.060166][ T8524] lo speed is unknown, defaulting to 1000
[  323.064126][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.085191][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.095226][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.105897][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.116221][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.127783][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.140093][ T8265] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.150257][ T8411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  323.161981][ T8411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  323.171139][ T8524] lo speed is unknown, defaulting to 1000
[  323.198670][ T8411] team0: Port device team_slave_0 added
[  323.236966][ T8524] lo speed is unknown, defaulting to 1000
[  323.238321][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.254270][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.264329][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.274970][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.284899][ T8265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.295443][ T8265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.306912][ T8265] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.325201][ T8411] team0: Port device team_slave_1 added
[  323.331399][ T8524] lo speed is unknown, defaulting to 1000
[  323.360311][ T8265] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  323.369429][ T8265] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  323.378546][ T8265] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.388237][ T8265] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  323.402562][ T8524] lo speed is unknown, defaulting to 1000
[  323.477845][ T8411] batman_adv: batadv0: Adding interface: batadv_slave_0
[  323.494999][ T8411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.522502][ T8411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  323.598456][ T8411] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.609606][ T8411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.647848][ T8411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.706184][   T54] Bluetooth: hci3: command tx timeout
[  323.870922][ T8411] hsr_slave_0: entered promiscuous mode
[  323.891876][ T8411] hsr_slave_1: entered promiscuous mode
[  323.911889][ T8411] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  323.933149][ T8411] Cannot create hsr debugfs directory
[  324.103736][ T8522] chnl_net:caif_netlink_parms(): no params data found
[  324.110889][   T54] Bluetooth: hci5: command 0x041b tx timeout
[  324.146693][ T2508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.171702][ T2508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.250131][ T2582] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.313484][ T2508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.316150][ T8522] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.322730][ T2508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.334657][ T8522] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.344188][ T8522] bridge_slave_0: entered allmulticast mode
[  324.351947][ T8522] bridge_slave_0: entered promiscuous mode
[  324.404407][ T2582] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.425585][ T8522] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.433187][ T8522] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.440893][ T8522] bridge_slave_1: entered allmulticast mode
[  324.451436][ T8522] bridge_slave_1: entered promiscuous mode
[  324.519966][ T2582] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.810245][ T8522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.858409][ T8575] Cannot find del_set index 29 as target
[  324.992663][    T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  325.006108][ T2582] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.698914][ T8522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  325.987352][   T54] Bluetooth: hci3: command tx timeout
[  326.206680][   T54] Bluetooth: hci5: command 0x041b tx timeout
[  326.735592][    T9] usb 3-1: Using ep0 maxpacket: 32
[  326.738027][ T8522] team0: Port device team_slave_0 added
[  326.743897][    T9] usb 3-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7
[  326.756597][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.765011][    T9] usb 3-1: Product: syz
[  326.769475][    T9] usb 3-1: Manufacturer: syz
[  326.774323][    T9] usb 3-1: SerialNumber: syz
[  326.781763][    T9] usb 3-1: config 0 descriptor??
[  326.789730][    T9] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  326.799621][ T8522] team0: Port device team_slave_1 added
[  326.872975][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_0
[  326.878307][ T8596] FAULT_INJECTION: forcing a failure.
[  326.878307][ T8596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.882591][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  326.897895][ T8596] CPU: 1 UID: 0 PID: 8596 Comm: syz.3.762 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  326.920411][ T8522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  326.929145][ T8596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  326.929161][ T8596] Call Trace:
[  326.929169][ T8596]  <TASK>
[  326.929178][ T8596]  dump_stack_lvl+0x241/0x360
[  326.956480][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_1
[  326.960586][ T8596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.972655][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  326.972684][ T8522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  326.998514][ T8596]  ? __pfx__printk+0x10/0x10
[  326.998549][ T8596]  ? snprintf+0xda/0x120
[  326.998570][ T8596]  should_fail_ex+0x3b0/0x4e0
[  326.998598][ T8596]  _copy_to_user+0x2f/0xb0
[  326.998621][ T8596]  simple_read_from_buffer+0xca/0x150
[  326.998642][ T8596]  proc_fail_nth_read+0x1e9/0x250
[  326.998662][ T8596]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  326.998683][ T8596]  ? rw_verify_area+0x55e/0x6f0
[  326.998699][ T8596]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  326.998718][ T8596]  vfs_read+0x201/0xbc0
[  326.998736][ T8596]  ? __pfx_lock_release+0x10/0x10
[  326.998765][ T8596]  ? __pfx_vfs_read+0x10/0x10
[  326.998787][ T8596]  ? __fget_files+0x3f3/0x470
[  326.998816][ T8596]  ? __fdget_pos+0x24e/0x320
[  326.998840][ T8596]  ksys_read+0x1a0/0x2c0
[  326.998861][ T8596]  ? __pfx_ksys_read+0x10/0x10
[  326.998881][ T8596]  ? do_syscall_64+0x100/0x230
[  326.998909][ T8596]  ? do_syscall_64+0xb6/0x230
[  327.095112][ T8596]  do_syscall_64+0xf3/0x230
[  327.099620][ T8596]  ? clear_bhb_loop+0x35/0x90
[  327.104291][ T8596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.110175][ T8596] RIP: 0033:0x7f4dfd17c93c
[  327.114585][ T8596] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  327.134187][ T8596] RSP: 002b:00007f4dfdef2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  327.142619][ T8596] RAX: ffffffffffffffda RBX: 00007f4dfd335f80 RCX: 00007f4dfd17c93c
[  327.150579][ T8596] RDX: 000000000000000f RSI: 00007f4dfdef20a0 RDI: 0000000000000014
[  327.158559][ T8596] RBP: 00007f4dfdef2090 R08: 0000000000000000 R09: 0000000000000000
[  327.166536][ T8596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.174491][ T8596] R13: 0000000000000000 R14: 00007f4dfd335f80 R15: 00007ffc9a010698
[  327.182480][ T8596]  </TASK>
[  327.210772][ T8411] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  327.230256][ T8411] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  327.293618][ T8411] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  327.314479][ T8522] hsr_slave_0: entered promiscuous mode
[  327.320549][   T47] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  327.334238][ T8522] hsr_slave_1: entered promiscuous mode
[  327.343958][ T8522] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  327.351853][ T8522] Cannot create hsr debugfs directory
[  327.431734][ T2582] bridge_slave_1: left allmulticast mode
[  327.440348][ T2582] bridge_slave_1: left promiscuous mode
[  327.451248][ T2582] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.471237][ T2582] bridge_slave_0: left allmulticast mode
[  327.480232][ T2582] bridge_slave_0: left promiscuous mode
[  327.493057][   T47] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  327.504457][   T47] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.514970][ T2582] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.539197][   T47] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  327.585721][   T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.625016][   T47] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  327.652877][   T47] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  327.676826][   T47] usb 2-1: Product: syz
[  327.681026][   T47] usb 2-1: Manufacturer: syz
[  327.727748][   T47] cdc_wdm 2-1:1.0: skipping garbage
[  327.733003][   T47] cdc_wdm 2-1:1.0: skipping garbage
[  327.788082][   T47] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  327.794514][   T47] cdc_wdm 2-1:1.0: Unknown control protocol
[  328.033494][   T54] Bluetooth: hci3: command tx timeout
[  328.185641][   T47] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  328.448826][ T2582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  328.524748][ T2582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  328.587397][ T2582] bond0 (unregistering): Released all slaves
[  328.645092][ T8411] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  328.848608][   T25] usb 3-1: USB disconnect, device number 19
[  330.025287][ T2582] hsr_slave_0: left promiscuous mode
[  330.098569][ T2582] hsr_slave_1: left promiscuous mode
[  330.107398][   T54] Bluetooth: hci3: command tx timeout
[  330.175888][ T2582] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  330.184229][ T2582] batman_adv: batadv0: Removing interface: batadv_slave_0
[  330.349091][ T2582] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  330.445127][ T2582] batman_adv: batadv0: Removing interface: batadv_slave_1
[  330.628057][ T2582] veth1_macvtap: left promiscuous mode
[  330.633626][ T2582] veth0_macvtap: left promiscuous mode
[  330.731879][ T2582] veth1_vlan: left promiscuous mode
[  330.805150][ T2582] veth0_vlan: left promiscuous mode
[  331.326344][    T9] usb 2-1: USB disconnect, device number 22
[  331.637601][ T8618] FAULT_INJECTION: forcing a failure.
[  331.637601][ T8618] name failslab, interval 1, probability 0, space 0, times 0
[  331.651863][ T8618] CPU: 0 UID: 0 PID: 8618 Comm: syz.2.766 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  331.662154][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  331.672230][ T8618] Call Trace:
[  331.675532][ T8618]  <TASK>
[  331.678482][ T8618]  dump_stack_lvl+0x241/0x360
[  331.683195][ T8618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.688430][ T8618]  ? __pfx__printk+0x10/0x10
[  331.693057][ T8618]  ? ref_tracker_alloc+0x332/0x490
[  331.698206][ T8618]  should_fail_ex+0x3b0/0x4e0
[  331.702917][ T8618]  ? skb_clone+0x20c/0x390
[  331.707359][ T8618]  should_failslab+0xac/0x100
[  331.712167][ T8618]  ? skb_clone+0x20c/0x390
[  331.716612][ T8618]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  331.722010][ T8618]  skb_clone+0x20c/0x390
[  331.726282][ T8618]  __netlink_deliver_tap+0x3cc/0x7c0
[  331.731605][ T8618]  ? netlink_deliver_tap+0x2e/0x1b0
[  331.736827][ T8618]  netlink_deliver_tap+0x19d/0x1b0
[  331.741969][ T8618]  netlink_unicast+0x7c4/0x990
[  331.746777][ T8618]  ? __pfx_netlink_unicast+0x10/0x10
[  331.752084][ T8618]  ? __virt_addr_valid+0x183/0x530
[  331.757220][ T8618]  ? __check_object_size+0x49c/0x900
[  331.762543][ T8618]  netlink_sendmsg+0x8e4/0xcb0
[  331.767333][ T8618]  ? irqentry_exit+0x63/0x90
[  331.771961][ T8618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  331.777270][ T8618]  ? tomoyo_socket_sendmsg+0x16/0x30
[  331.782585][ T8618]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  331.788082][ T8618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  331.793391][ T8618]  __sock_sendmsg+0x221/0x270
[  331.798105][ T8618]  sock_sendmsg+0x134/0x200
[  331.802649][ T8618]  ? __pfx_sock_sendmsg+0x10/0x10
[  331.807717][ T8618]  ? iov_iter_bvec+0x4e/0x180
[  331.812459][ T8618]  splice_to_socket+0xa10/0x10b0
[  331.817449][ T8618]  ? __pfx_splice_to_socket+0x10/0x10
[  331.822877][ T8618]  ? __lock_acquire+0x1384/0x2050
[  331.827953][ T8618]  ? bpf_lsm_file_permission+0x9/0x10
[  331.833352][ T8618]  ? security_file_permission+0x74/0x280
[  331.839020][ T8618]  ? rw_verify_area+0x1c3/0x6f0
[  331.843900][ T8618]  ? __pfx_splice_to_socket+0x10/0x10
[  331.849293][ T8618]  do_splice+0xd68/0x18e0
[  331.853652][ T8618]  ? __pfx_lock_release+0x10/0x10
[  331.858701][ T8618]  ? vfs_write+0x7bf/0xc90
[  331.863145][ T8618]  ? __mutex_unlock_slowpath+0x21d/0x750
[  331.868809][ T8618]  ? pipe_clear_nowait+0x196/0x220
[  331.873951][ T8618]  ? __pfx_do_splice+0x10/0x10
[  331.878745][ T8618]  __se_sys_splice+0x331/0x4a0
[  331.883533][ T8618]  ? irqentry_exit+0x63/0x90
[  331.888157][ T8618]  ? __pfx___se_sys_splice+0x10/0x10
[  331.893467][ T8618]  ? __x64_sys_splice+0x21/0xf0
[  331.898351][ T8618]  do_syscall_64+0xf3/0x230
[  331.902880][ T8618]  ? clear_bhb_loop+0x35/0x90
[  331.907584][ T8618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.913503][ T8618] RIP: 0033:0x7fdd2757def9
[  331.917935][ T8618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.937562][ T8618] RSP: 002b:00007fdd283c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  331.945997][ T8618] RAX: ffffffffffffffda RBX: 00007fdd27736130 RCX: 00007fdd2757def9
[  331.953986][ T8618] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003
[  331.961975][ T8618] RBP: 00007fdd283c4090 R08: 000000000004ffe2 R09: 0000000000000000
[  331.969963][ T8618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.977952][ T8618] R13: 0000000000000001 R14: 00007fdd27736130 R15: 00007ffc6e9e6978
[  331.985960][ T8618]  </TASK>
[  333.141306][   T29] kauditd_printk_skb: 53 callbacks suppressed
[  333.141347][   T29] audit: type=1326 audit(1726737113.574:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8635 comm="syz.1.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808777def9 code=0x7ffc0000
[  333.202856][   T29] audit: type=1326 audit(1726737113.634:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8635 comm="syz.1.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808777def9 code=0x7ffc0000
[  333.232372][   T29] audit: type=1326 audit(1726737113.634:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8635 comm="syz.1.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f808777def9 code=0x7ffc0000
[  333.275908][   T29] audit: type=1326 audit(1726737113.634:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8635 comm="syz.1.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808777def9 code=0x7ffc0000
[  333.347267][   T29] audit: type=1326 audit(1726737113.634:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8635 comm="syz.1.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808777def9 code=0x7ffc0000
[  333.945347][ T2582] team0 (unregistering): Port device team_slave_1 removed
[  333.999858][ T2582] team0 (unregistering): Port device team_slave_0 removed
[  334.518188][   T29] audit: type=1326 audit(1726737114.954:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  334.597328][   T29] audit: type=1326 audit(1726737114.984:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  334.644365][   T29] audit: type=1326 audit(1726737114.984:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  334.684368][   T29] audit: type=1326 audit(1726737114.984:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  334.716911][   T29] audit: type=1326 audit(1726737114.984:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2757def9 code=0x7ffc0000
[  334.717887][ T8656] FAULT_INJECTION: forcing a failure.
[  334.717887][ T8656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.775951][ T8656] CPU: 1 UID: 0 PID: 8656 Comm: syz.2.781 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  334.786243][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  334.796406][ T8656] Call Trace:
[  334.799694][ T8656]  <TASK>
[  334.802616][ T8656]  dump_stack_lvl+0x241/0x360
[  334.807289][ T8656]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.812492][ T8656]  ? __pfx__printk+0x10/0x10
[  334.817084][ T8656]  ? __pfx_lock_release+0x10/0x10
[  334.822103][ T8656]  should_fail_ex+0x3b0/0x4e0
[  334.826771][ T8656]  _copy_from_user+0x2f/0xe0
[  334.831351][ T8656]  vmemdup_user+0x149/0x1c0
[  334.835847][ T8656]  path_setxattr+0x1cb/0x4d0
[  334.840443][ T8656]  ? __mutex_unlock_slowpath+0x21d/0x750
[  334.846178][ T8656]  ? __pfx_path_setxattr+0x10/0x10
[  334.851297][ T8656]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  334.857280][ T8656]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  334.863598][ T8656]  ? do_syscall_64+0x100/0x230
[  334.868354][ T8656]  __x64_sys_lsetxattr+0xb8/0xd0
[  334.873281][ T8656]  do_syscall_64+0xf3/0x230
[  334.877773][ T8656]  ? clear_bhb_loop+0x35/0x90
[  334.882795][ T8656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.888676][ T8656] RIP: 0033:0x7fdd2757def9
[  334.893093][ T8656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.912702][ T8656] RSP: 002b:00007fdd283e5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  334.921103][ T8656] RAX: ffffffffffffffda RBX: 00007fdd27736058 RCX: 00007fdd2757def9
[  334.929060][ T8656] RDX: 00000000200000c0 RSI: 0000000020003380 RDI: 0000000020003340
[  334.937018][ T8656] RBP: 00007fdd283e5090 R08: 0000000000000000 R09: 0000000000000000
[  334.944976][ T8656] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001
[  334.952930][ T8656] R13: 0000000000000000 R14: 00007fdd27736058 R15: 00007ffc6e9e6978
[  334.960904][ T8656]  </TASK>
[  335.189019][ T8411] 8021q: adding VLAN 0 to HW filter on device bond0
[  335.338284][ T8411] 8021q: adding VLAN 0 to HW filter on device team0
[  335.449893][ T3038] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.457057][ T3038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.519344][ T3038] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.526529][ T3038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  335.634841][   T47] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  335.789298][   T47] usb 3-1: Using ep0 maxpacket: 32
[  335.806005][   T47] usb 3-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7
[  335.826913][ T8522] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  335.836661][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.854953][ T8522] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  335.869100][   T47] usb 3-1: Product: syz
[  335.883412][   T47] usb 3-1: Manufacturer: syz
[  335.891027][ T8522] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  335.897471][   T47] usb 3-1: SerialNumber: syz
[  335.907300][ T8522] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  335.943733][   T47] usb 3-1: config 0 descriptor??
[  335.975277][   T47] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  336.227031][ T8522] 8021q: adding VLAN 0 to HW filter on device bond0
[  336.240989][ T7012] usb 3-1: USB disconnect, device number 20
[  336.249672][ T8411] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.262560][ T8522] 8021q: adding VLAN 0 to HW filter on device team0
[  336.296933][ T2561] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.304029][ T2561] bridge0: port 1(bridge_slave_0) entered forwarding state
[  336.341932][ T2561] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.344602][   T47] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  336.349050][ T2561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.382500][ T8522] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  336.396440][ T8522] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  336.587709][   T47] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  336.619874][   T47] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  336.660533][   T47] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  336.697827][   T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.752080][   T47] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  336.788869][   T47] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  336.828357][   T47] usb 2-1: Product: syz
[  336.855800][   T47] usb 2-1: Manufacturer: syz
[  336.902746][   T47] cdc_wdm 2-1:1.0: skipping garbage
[  336.913443][   T47] cdc_wdm 2-1:1.0: skipping garbage
[  336.935078][ T8411] veth0_vlan: entered promiscuous mode
[  336.965029][   T47] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  336.970922][ T8522] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.970956][   T47] cdc_wdm 2-1:1.0: Unknown control protocol
[  336.993245][ T8411] veth1_vlan: entered promiscuous mode
[  337.032710][ T8708] FAULT_INJECTION: forcing a failure.
[  337.032710][ T8708] name failslab, interval 1, probability 0, space 0, times 0
[  337.052450][ T8708] CPU: 1 UID: 0 PID: 8708 Comm: syz.3.777 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  337.062738][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  337.072817][ T8708] Call Trace:
[  337.076125][ T8708]  <TASK>
[  337.079077][ T8708]  dump_stack_lvl+0x241/0x360
[  337.083785][ T8708]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.085538][ T8411] veth0_macvtap: entered promiscuous mode
[  337.088992][ T8708]  ? __pfx__printk+0x10/0x10
[  337.099297][ T8708]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  337.105283][ T8708]  ? __pfx___might_resched+0x10/0x10
[  337.110578][ T8708]  should_fail_ex+0x3b0/0x4e0
[  337.115258][ T8708]  should_failslab+0xac/0x100
[  337.119946][ T8708]  ? __alloc_skb+0x1c3/0x440
[  337.124538][ T8708]  kmem_cache_alloc_node_noprof+0x71/0x320
[  337.130344][ T8708]  __alloc_skb+0x1c3/0x440
[  337.134761][ T8708]  ? __pfx___alloc_skb+0x10/0x10
[  337.139697][ T8708]  ? netlink_autobind+0xd6/0x2f0
[  337.144631][ T8708]  ? netlink_autobind+0x2b0/0x2f0
[  337.149677][ T8708]  netlink_sendmsg+0x638/0xcb0
[  337.154458][ T8708]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.159763][ T8708]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.165049][ T8708]  __sock_sendmsg+0x221/0x270
[  337.169723][ T8708]  ____sys_sendmsg+0x52a/0x7e0
[  337.174483][ T8708]  ? __pfx_____sys_sendmsg+0x10/0x10
[  337.179766][ T8708]  __sys_sendmmsg+0x3ac/0x730
[  337.184438][ T8708]  ? __pfx___sys_sendmmsg+0x10/0x10
[  337.189648][ T8708]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  337.195534][ T8708]  ? ksys_write+0x23e/0x2c0
[  337.200030][ T8708]  ? __pfx_lock_release+0x10/0x10
[  337.205058][ T8708]  ? vfs_write+0x7bf/0xc90
[  337.209470][ T8708]  ? __mutex_unlock_slowpath+0x21d/0x750
[  337.215099][ T8708]  ? __pfx_vfs_write+0x10/0x10
[  337.219879][ T8708]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  337.225856][ T8708]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  337.232187][ T8708]  ? do_syscall_64+0x100/0x230
[  337.236968][ T8708]  __x64_sys_sendmmsg+0xa0/0xb0
[  337.241813][ T8708]  do_syscall_64+0xf3/0x230
[  337.246311][ T8708]  ? clear_bhb_loop+0x35/0x90
[  337.251032][ T8708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.256936][ T8708] RIP: 0033:0x7f4dfd17def9
[  337.261355][ T8708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.280961][ T8708] RSP: 002b:00007f4dfdef2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  337.289387][ T8708] RAX: ffffffffffffffda RBX: 00007f4dfd335f80 RCX: 00007f4dfd17def9
[  337.297352][ T8708] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  337.305315][ T8708] RBP: 00007f4dfdef2090 R08: 0000000000000000 R09: 0000000000000000
[  337.313280][ T8708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  337.321279][ T8708] R13: 0000000000000000 R14: 00007f4dfd335f80 R15: 00007ffc9a010698
[  337.329264][ T8708]  </TASK>
[  337.349854][ T8411] veth1_macvtap: entered promiscuous mode
[  337.378493][ T8522] veth0_vlan: entered promiscuous mode
[  337.391836][ T8522] veth1_vlan: entered promiscuous mode
[  337.644757][ T8411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  442.681498][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  442.688510][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8713/1:b..l P8411/1:b..l P5230/1:b..l P4677/1:b..l
[  442.700390][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=35997, q=634 ncpus=2)
[  442.708131][    C1] task:udevd           state:R  running task     stack:21664 pid:4677  tgid:4677  ppid:1      flags:0x00000002
[  442.721150][    C1] Call Trace:
[  442.724449][    C1]  <TASK>
[  442.727394][    C1]  __schedule+0x17ae/0x4a10
[  442.731937][    C1]  ? __pfx___schedule+0x10/0x10
[  442.736809][    C1]  ? fast_dput+0x1e1/0x420
[  442.741256][    C1]  ? preempt_schedule+0xe1/0xf0
[  442.746125][    C1]  preempt_schedule_common+0x84/0xd0
[  442.751431][    C1]  preempt_schedule+0xe1/0xf0
[  442.756117][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  442.761500][    C1]  ? do_raw_spin_lock+0x14f/0x370
[  442.766547][    C1]  preempt_schedule_thunk+0x1a/0x30
[  442.771761][    C1]  _raw_spin_unlock+0x3e/0x50
[  442.776447][    C1]  fast_dput+0x1e1/0x420
[  442.780703][    C1]  ? dput+0x7a/0x2b0
[  442.784610][    C1]  ? dput+0x37/0x2b0
[  442.788517][    C1]  dput+0xe8/0x2b0
[  442.792254][    C1]  step_into+0x355/0x1080
[  442.796608][    C1]  ? __d_lookup+0x706/0x7b0
[  442.801124][    C1]  ? __pfx_step_into+0x10/0x10
[  442.805909][    C1]  ? lookup_fast+0xb5/0x4a0
[  442.810427][    C1]  ? bpf_lsm_inode_permission+0x9/0x10
[  442.816071][    C1]  ? security_inode_permission+0xbc/0x320
[  442.821805][    C1]  link_path_walk+0x7b7/0xea0
[  442.826521][    C1]  path_openat+0x266/0x3590
[  442.831046][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  442.836439][    C1]  ? __lock_acquire+0x1384/0x2050
[  442.841487][    C1]  ? __pfx_path_openat+0x10/0x10
[  442.846449][    C1]  do_filp_open+0x235/0x490
[  442.850966][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  442.856020][    C1]  ? _raw_spin_unlock+0x28/0x50
[  442.860889][    C1]  ? alloc_fd+0x5a1/0x640
[  442.865323][    C1]  do_sys_openat2+0x13e/0x1d0
[  442.870014][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  442.875244][    C1]  ? bpf_trace_run2+0x1fc/0x540
[  442.880107][    C1]  ? bpf_trace_run2+0x36e/0x540
[  442.884972][    C1]  __x64_sys_openat+0x247/0x2a0
[  442.889849][    C1]  ? __pfx___x64_sys_openat+0x10/0x10
[  442.895242][    C1]  ? rcu_is_watching+0x15/0xb0
[  442.900019][    C1]  ? trace_sys_enter+0x1f/0xd0
[  442.904805][    C1]  do_syscall_64+0xf3/0x230
[  442.909322][    C1]  ? clear_bhb_loop+0x35/0x90
[  442.914019][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.919934][    C1] RIP: 0033:0x7f8cdcd9f9a4
[  442.924362][    C1] RSP: 002b:00007ffdb799f5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  442.932790][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8cdcd9f9a4
[  442.940771][    C1] RDX: 0000000000080141 RSI: 00005584befa80d8 RDI: 00000000ffffff9c
[  442.948750][    C1] RBP: 00005584befa80d8 R08: 00000000ffffffff R09: 0000000000000000
[  442.956731][    C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141
[  442.964710][    C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff
[  442.972717][    C1]  </TASK>
[  442.975743][    C1] task:syz-executor    state:R  running task     stack:20888 pid:5230  tgid:5230  ppid:5217   flags:0x00004000
[  442.987489][    C1] Call Trace:
[  442.990770][    C1]  <TASK>
[  442.993710][    C1]  __schedule+0x17ae/0x4a10
[  442.998242][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  443.004248][    C1]  ? __pfx___schedule+0x10/0x10
[  443.009117][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  443.014331][    C1]  ? copy_pmd_range+0x7a7a/0x8500
[  443.019376][    C1]  ? preempt_schedule+0xe1/0xf0
[  443.024240][    C1]  preempt_schedule_common+0x84/0xd0
[  443.029537][    C1]  preempt_schedule+0xe1/0xf0
[  443.034225][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  443.039608][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  443.045515][    C1]  ? __page_table_check_ptes_set+0x30f/0x410
[  443.051518][    C1]  ? copy_pmd_range+0x7a7a/0x8500
[  443.056555][    C1]  preempt_schedule_thunk+0x1a/0x30
[  443.061769][    C1]  _raw_spin_unlock+0x3e/0x50
[  443.066454][    C1]  copy_pmd_range+0x7ad5/0x8500
[  443.071322][    C1]  ? preempt_count_add+0x93/0x190
[  443.076360][    C1]  ? 0xffffffffa00038c0
[  443.080536][    C1]  ? __pfx_copy_pmd_range+0x10/0x10
[  443.085748][    C1]  ? look_up_lock_class+0x77/0x170
[  443.090875][    C1]  ? register_lock_class+0x102/0x980
[  443.096179][    C1]  ? __pfx_register_lock_class+0x10/0x10
[  443.101832][    C1]  ? mark_lock+0x9a/0x360
[  443.106172][    C1]  ? __lock_acquire+0x1384/0x2050
[  443.111236][    C1]  copy_page_range+0x99f/0xe90
[  443.116032][    C1]  ? __pfx_copy_page_range+0x10/0x10
[  443.121332][    C1]  ? __pfx_up_write+0x10/0x10
[  443.126026][    C1]  ? __asan_memset+0x23/0x50
[  443.130624][    C1]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[  443.137395][    C1]  ? vma_interval_tree_insert_after+0x259/0x2b0
[  443.143655][    C1]  copy_mm+0x11e2/0x1f30
[  443.147932][    C1]  ? __pfx_copy_mm+0x10/0x10
[  443.152545][    C1]  ? __init_rwsem+0x122/0x160
[  443.157234][    C1]  ? copy_signal+0x52a/0x650
[  443.161856][    C1]  copy_process+0x1854/0x3d80
[  443.166582][    C1]  ? copy_process+0xa03/0x3d80
[  443.171372][    C1]  ? __pfx_copy_process+0x10/0x10
[  443.176434][    C1]  kernel_clone+0x223/0x880
[  443.181056][    C1]  ? __pfx_kernel_clone+0x10/0x10
[  443.186121][    C1]  __x64_sys_clone+0x258/0x2a0
[  443.190918][    C1]  ? __pfx___x64_sys_clone+0x10/0x10
[  443.196223][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  443.202230][    C1]  ? exc_page_fault+0x590/0x8c0
[  443.207095][    C1]  ? do_syscall_64+0xb6/0x230
[  443.211788][    C1]  do_syscall_64+0xf3/0x230
[  443.216324][    C1]  ? clear_bhb_loop+0x35/0x90
[  443.221036][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.226955][    C1] RIP: 0033:0x7f4dfd174753
[  443.231387][    C1] RSP: 002b:00007ffc9a010928 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  443.239813][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4dfd174753
[  443.247797][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  443.255782][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  443.263766][    C1] R10: 00005555824ae7d0 R11: 0000000000000246 R12: 0000000000000000
[  443.271764][    C1] R13: 00000000000525a3 R14: 0000000000052434 R15: 00007ffc9a010ab0
[  443.279773][    C1]  </TASK>
[  443.282807][    C1] task:syz-executor    state:R  running task     stack:20208 pid:8411  tgid:8411  ppid:8400   flags:0x00004002
[  443.294567][    C1] Call Trace:
[  443.297854][    C1]  <TASK>
[  443.300796][    C1]  __schedule+0x17ae/0x4a10
[  443.305335][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  443.311336][    C1]  ? __pfx___schedule+0x10/0x10
[  443.316216][    C1]  ? __pfx___console_unlock+0x10/0x10
[  443.321606][    C1]  ? __pfx_prb_read_valid+0x10/0x10
[  443.326819][    C1]  ? preempt_schedule+0xe1/0xf0
[  443.331687][    C1]  preempt_schedule_common+0x84/0xd0
[  443.336990][    C1]  preempt_schedule+0xe1/0xf0
[  443.341697][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  443.347081][    C1]  ? console_unlock+0x2fc/0x3b0
[  443.352088][    C1]  ? __pfx_console_unlock+0x10/0x10
[  443.357317][    C1]  preempt_schedule_thunk+0x1a/0x30
[  443.362533][    C1]  ? vprintk_emit+0x7ae/0xa10
[  443.367226][    C1]  ? vprintk_emit+0x847/0xa10
[  443.371922][    C1]  vprintk_emit+0x84c/0xa10
[  443.376447][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  443.381503][    C1]  _printk+0xd5/0x120
[  443.385504][    C1]  ? batadv_check_known_mac_addr+0x237/0x410
[  443.391508][    C1]  ? __pfx__printk+0x10/0x10
[  443.396119][    C1]  ? batadv_hardif_get_by_netdev+0x49b/0x4e0
[  443.402118][    C1]  ? batadv_hardif_get_by_netdev+0x7f/0x4e0
[  443.408031][    C1]  batadv_check_known_mac_addr+0x2b1/0x410
[  443.413853][    C1]  ? batadv_check_known_mac_addr+0x24/0x410
[  443.419769][    C1]  batadv_hard_if_event+0x3a5/0x1620
[  443.425077][    C1]  ? smc_pnet_netdev_event+0x38f/0x690
[  443.430553][    C1]  ? lockdep_rtnl_is_held+0x26/0x40
[  443.435773][    C1]  notifier_call_chain+0x19f/0x3e0
[  443.440905][    C1]  dev_set_mac_address+0x3d9/0x510
[  443.446042][    C1]  ? __pfx_dev_set_mac_address+0x10/0x10
[  443.451693][    C1]  ? down_write+0x18c/0x220
[  443.456208][    C1]  ? do_setlink+0x7ff/0x41f0
[  443.460810][    C1]  ? do_setlink+0x7ff/0x41f0
[  443.465411][    C1]  ? do_setlink+0x7ff/0x41f0
[  443.470012][    C1]  ? do_setlink+0x7ff/0x41f0
[  443.474614][    C1]  ? trace_kmalloc+0x1f/0xd0
[  443.479226][    C1]  dev_set_mac_address_user+0x31/0x50
[  443.484611][    C1]  do_setlink+0x8b6/0x41f0
[  443.489048][    C1]  ? stack_trace_save+0x118/0x1d0
[  443.494089][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  443.499481][    C1]  ? __pfx_do_setlink+0x10/0x10
[  443.504353][    C1]  ? __nla_validate_parse+0x26ce/0x3090
[  443.509908][    C1]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  443.515468][    C1]  ? rtnl_newlink+0xf2/0x20a0
[  443.520172][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  443.525931][    C1]  ? validate_linkmsg+0x71e/0x900
[  443.530988][    C1]  rtnl_newlink+0x180d/0x20a0
[  443.535708][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.540747][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  443.545973][    C1]  ? __mutex_lock+0x9a5/0xd70
[  443.550672][    C1]  ? __mutex_lock+0x527/0xd70
[  443.555384][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.560420][    C1]  rtnetlink_rcv_msg+0x73f/0xcf0
[  443.565371][    C1]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  443.570499][    C1]  ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70
[  443.577103][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.582590][    C1]  netlink_rcv_skb+0x1e3/0x430
[  443.587368][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.592845][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  443.598169][    C1]  ? __rcu_read_unlock+0xa1/0x110
[  443.603209][    C1]  netlink_unicast+0x7f6/0x990
[  443.607992][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  443.613291][    C1]  ? __virt_addr_valid+0x183/0x530
[  443.618414][    C1]  ? __check_object_size+0x49c/0x900
[  443.623718][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  443.628597][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.633908][    C1]  ? __might_fault+0xaa/0x120
[  443.638615][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.643916][    C1]  __sock_sendmsg+0x221/0x270
[  443.648616][    C1]  __sys_sendto+0x398/0x4f0
[  443.653148][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  443.658221][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  443.664223][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  443.670573][    C1]  __x64_sys_sendto+0xde/0x100
[  443.675356][    C1]  do_syscall_64+0xf3/0x230
[  443.679874][    C1]  ? clear_bhb_loop+0x35/0x90
[  443.684573][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.690480][    C1] RIP: 0033:0x7f212117fd8c
[  443.694907][    C1] RSP: 002b:00007ffd228da300 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  443.703345][    C1] RAX: ffffffffffffffda RBX: 00007f2121e64620 RCX: 00007f212117fd8c
[  443.711324][    C1] RDX: 000000000000002c RSI: 00007f2121e64670 RDI: 0000000000000003
[  443.719301][    C1] RBP: 0000000000000000 R08: 00007ffd228da354 R09: 000000000000000c
[  443.727281][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  443.735269][    C1] R13: 0000000000000000 R14: 00007f2121e64670 R15: 0000000000000000
[  443.743268][    C1]  </TASK>
[  443.746297][    C1] task:rm              state:R  running task     stack:24992 pid:8713  tgid:8713  ppid:8686   flags:0x00000000
[  443.758053][    C1] Call Trace:
[  443.761340][    C1]  <TASK>
[  443.764284][    C1]  __schedule+0x17ae/0x4a10
[  443.768825][    C1]  ? __pfx___schedule+0x10/0x10
[  443.773778][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  443.779782][    C1]  ? preempt_schedule_irq+0xf0/0x1c0
[  443.785084][    C1]  preempt_schedule_irq+0xfb/0x1c0
[  443.790210][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  443.795965][    C1]  irqentry_exit+0x5e/0x90
[  443.800398][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  443.806391][    C1] RIP: 0010:lock_acquire+0x264/0x550
[  443.811701][    C1] Code: 2b 00 74 08 4c 89 f7 e8 0a 56 88 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  443.831319][    C1] RSP: 0018:ffffc90003ca7ce0 EFLAGS: 00000206
[  443.837405][    C1] RAX: 0000000000000001 RBX: 1ffff92000794fa8 RCX: af2fd8a314874800
[  443.845390][    C1] RDX: dffffc0000000000 RSI: ffffffff8c0aea80 RDI: ffffffff8c5fea80
[  443.853375][    C1] RBP: ffffc90003ca7e28 R08: ffffffff94211887 R09: 1ffffffff2842310
[  443.861359][    C1] R10: dffffc0000000000 R11: fffffbfff2842311 R12: 1ffff92000794fa4
[  443.869341][    C1] R13: dffffc0000000000 R14: ffffc90003ca7d40 R15: 0000000000000246
[  443.877344][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  443.882398][    C1]  ? vm_mmap_pgoff+0x2ca/0x3d0
[  443.887189][    C1]  __fget_files+0x4a/0x470
[  443.891619][    C1]  ? __fget_files+0x29/0x470
[  443.896221][    C1]  ? __fget_files+0x29/0x470
[  443.900826][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  443.907174][    C1]  ksys_mmap_pgoff+0x23b/0x720
[  443.911953][    C1]  ? __x64_sys_mmap+0x7f/0x140
[  443.916738][    C1]  do_syscall_64+0xf3/0x230
[  443.921258][    C1]  ? clear_bhb_loop+0x35/0x90
[  443.925952][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.931858][    C1] RIP: 0033:0x7f20451bcb74
[  443.936288][    C1] RSP: 002b:00007ffef5bc10a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  443.944718][    C1] RAX: ffffffffffffffda RBX: 00007ffef5bc1120 RCX: 00007f20451bcb74
[  443.952704][    C1] RDX: 0000000000000001 RSI: 0000000000028000 RDI: 00007f204516d000
[  443.960689][    C1] RBP: 00007ffef5bc1410 R08: 0000000000000003 R09: 0000000000097000
[  443.968670][    C1] R10: 0000000000000812 R11: 0000000000000246 R12: 00007f20451990c0
[  443.976653][    C1] R13: 00007ffef5bc1498 R14: 0000000000096066 R15: 0000000000000000
[  443.984653][    C1]  </TASK>
[  443.987682][    C1] rcu: rcu_preempt kthread starved for 10628 jiffies! g35997 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  443.998886][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  444.008866][    C1] rcu: RCU grace-period kthread stack dump:
[  444.014765][    C1] task:rcu_preempt     state:R  running task     stack:25552 pid:17    tgid:17    ppid:2      flags:0x00004000
[  444.026516][    C1] Call Trace:
[  444.029804][    C1]  <TASK>
[  444.032747][    C1]  __schedule+0x17ae/0x4a10
[  444.037287][    C1]  ? __pfx___schedule+0x10/0x10
[  444.042162][    C1]  ? __pfx_lock_release+0x10/0x10
[  444.047205][    C1]  ? __asan_memset+0x23/0x50
[  444.051815][    C1]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  444.057652][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  444.064025][    C1]  ? schedule+0x90/0x320
[  444.068297][    C1]  schedule+0x14b/0x320
[  444.072471][    C1]  schedule_timeout+0x1be/0x310
[  444.077353][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  444.082754][    C1]  ? __pfx_process_timeout+0x10/0x10
[  444.088059][    C1]  ? prepare_to_swait_event+0x32e/0x350
[  444.093649][    C1]  rcu_gp_fqs_loop+0x2df/0x1330
[  444.098527][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  444.103749][    C1]  ? rcu_gp_init+0x1256/0x1630
[  444.108534][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  444.113491][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  444.119658][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  444.124975][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  444.130904][    C1]  ? finish_swait+0xd4/0x1e0
[  444.135518][    C1]  rcu_gp_kthread+0xa7/0x3b0
[  444.140143][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  444.145376][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  444.151292][    C1]  ? __kthread_parkme+0x169/0x1d0
[  444.156339][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  444.161561][    C1]  kthread+0x2f0/0x390
[  444.165644][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  444.170862][    C1]  ? __pfx_kthread+0x10/0x10
[  444.175472][    C1]  ret_from_fork+0x4b/0x80
[  444.179945][    C1]  ? __pfx_kthread+0x10/0x10
[  444.184563][    C1]  ret_from_fork_asm+0x1a/0x30
[  444.189379][    C1]  </TASK>
[  444.192418][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  444.198759][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0-syzkaller-05319-g4a39ac5b7d62 #0
[  444.208758][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  444.218833][    C1] RIP: 0010:acpi_safe_halt+0x21/0x30
[  444.224137][    C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 80 d6 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 25 f9 b3 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
[  444.243762][    C1] RSP: 0018:ffffc900001a7d08 EFLAGS: 00000246
[  444.249872][    C1] RAX: ffff88801d6f8000 RBX: ffff8881412e7864 RCX: 0000000000daa599
[  444.257868][    C1] RDX: 0000000000000001 RSI: ffff8881412e7800 RDI: ffff8881412e7864
[  444.265854][    C1] RBP: 000000000003a878 R08: ffff8880b8937e9b R09: 1ffff11017126fd3
[  444.273848][    C1] R10: dffffc0000000000 R11: ffffffff8bb5ac70 R12: ffff8881482e9000
[  444.281838][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f10b6a0
[  444.289823][    C1] FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
[  444.298768][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  444.305364][    C1] CR2: 000000110c28f8cf CR3: 0000000062fb0000 CR4: 00000000003526f0
[  444.313367][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  444.321366][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  444.329353][    C1] Call Trace:
[  444.332641][    C1]  <IRQ>
[  444.335496][    C1]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[  444.341859][    C1]  ? print_other_cpu_stall+0x1475/0x15b0
[  444.347523][    C1]  ? notifier_call_chain+0x19f/0x3e0
[  444.352840][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[  444.358667][    C1]  ? timekeeping_advance+0x7ce/0xa90
[  444.363964][    C1]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[  444.370192][    C1]  ? rcu_sched_clock_irq+0xa1a/0x10d0
[  444.375552][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  444.381183][    C1]  ? hrtimer_run_queues+0x16c/0x460
[  444.386382][    C1]  ? update_process_times+0x1ce/0x230
[  444.391742][    C1]  ? tick_nohz_handler+0x37c/0x500
[  444.396857][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  444.402337][    C1]  ? __hrtimer_run_queues+0x551/0xd50
[  444.407771][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[  444.413776][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  444.419511][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[  444.425597][    C1]  ? hrtimer_interrupt+0x396/0x990
[  444.430741][    C1]  ? __sysvec_apic_timer_interrupt+0x110/0x3f0
[  444.436907][    C1]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[  444.442728][    C1]  </IRQ>
[  444.445666][    C1]  <TASK>
[  444.448609][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  444.454789][    C1]  ? __pfx_acpi_idle_enter+0x10/0x10
[  444.460094][    C1]  ? acpi_safe_halt+0x21/0x30
[  444.464781][    C1]  acpi_idle_enter+0xe4/0x140
[  444.469467][    C1]  cpuidle_enter_state+0x109/0x470
[  444.474595][    C1]  ? __pfx_menu_select+0x10/0x10
[  444.479545][    C1]  cpuidle_enter+0x5d/0xa0
[  444.483975][    C1]  do_idle+0x375/0x5d0
[  444.488069][    C1]  ? __pfx_do_idle+0x10/0x10
[  444.492679][    C1]  ? do_idle+0x5a3/0x5d0
[  444.496939][    C1]  cpu_startup_entry+0x42/0x60
[  444.501715][    C1]  start_secondary+0x102/0x110
[  444.506497][    C1]  common_startup_64+0x13e/0x147
[  444.511459][    C1]  </TASK>