last executing test programs:

15.376477196s ago: executing program 2 (id=2296):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000023b7007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lstat(0x0, &(0x7f00000086c0))

13.618769612s ago: executing program 2 (id=2299):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x800)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000440)={0x1, 0x3}, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$SO_TIMESTAMP(r3, 0x1, 0x4d, 0x0, &(0x7f0000000080))
socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_PIE_ON(r4, 0x7005)
ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x722)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000380)={"1b00", 0x0, 0x5, 0x2, 0x800, 0x0, "f759e10000001000000000fc6300", '\x00', "0300", "e859ad13", ['\x00\n\x00', "c2fed6000000006906528640", "000000ff0000000000000020", "f77d000000017c4f00"]})
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x5c, 0x0, 0x2, 0x101, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x20, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x1d}}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x5c}}, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='configfs\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
getdents(r5, 0x0, 0x66)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xb6, 0xc0, 0xc0, [{{0x9, 0x4, 0x0, 0x80, 0x1, 0x7, 0x1, 0x3, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3c, 0x6, 0x4}}}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0xd, 0x8, 0x19, 0xff, 0x3}, 0x2c, &(0x7f0000000100)={0x5, 0xf, 0x2c, 0x2, [@ptm_cap={0x3}, @ssp_cap={0x24, 0x10, 0xa, 0x4, 0x6, 0x3, 0xf00, 0x4000, [0xff0000, 0xc0, 0x3f, 0x3ff0, 0xcf, 0x3f00]}]}, 0x4, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x429}}, {0x7a, &(0x7f0000000240)=@string={0x7a, 0x3, "ddbdb786f9a393e832abe1dc7ae62d718422900589a8821375ec38d6b00c0b45edbd1e71f67baae0cd2f00c2a66ac96f82f2d6993fc2a6acb52745ea7960f4099d5e974ff4bc082699898e4e6c83e01401939532f05021225b051da0bb7a13740725158d1db0096817c3e45ba74d36f1487cd0e9bd8abb20"}}, {0x8a, &(0x7f00000002c0)=@string={0x8a, 0x3, "f04ceffc54632c9a8d5e4a347be1fba12222fd52f7eebde0f7dc4384644a9cfd55f0d5861c36555828235d5b34ec0e646e31614099258f9230ed86779667c84541027400802500cf31436faacf13e592a1fc5f72f1a94e0027a0e4531ad4871100e8cbc9ce3b086227d38a16135bf3fe0dd9e4a5b655ab189d159fc2662d0c067e4fa48a5f3e33c3"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x41f}}]})

10.545095741s ago: executing program 3 (id=2306):
semget$private(0x0, 0x5, 0x0)
r0 = socket$inet(0x2, 0x6, 0x0)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[], 0x22)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r4=>r3}, './file1\x00'})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r4, 0x0, 0x30, 0x1d, &(0x7f00000002c0)="90ab2fa747dc5499533a7f0507f97972ca35024b30c33baeb2c51169a466102d331b253949716e0f03d1c1f078dd7e1a", &(0x7f0000000340)=""/29, 0x7, 0x0, 0x0, 0x0, &(0x7f0000000380), &(0x7f0000000480), 0x2, 0x0, 0xb26a}, 0x50)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r5, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "c5003f00"})
socket$netlink(0x10, 0x3, 0x13)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@RTM_GETMDB={0x18, 0x56, 0x400, 0x70bd2c, 0x25dfdbff, {0x7, r6}, [""]}, 0x18}, 0x1, 0x0, 0x0, 0x5}, 0x0)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback=0xac141436}, 0x10)

10.462089176s ago: executing program 2 (id=2307):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ab553fec6abeb558dfe27d0400001008", 0x10)
accept$alg(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffd0, &(0x7f0000000180)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0)
preadv2(r2, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x7fe4d2ddf000, 0x11)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f00000002c0)=0x4000000)
close(0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18080000000000000000000000711f00851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000007900250100000000180000000000000000000000000000009500000000000000d50a00000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$cgroup(r4, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/drivers\x00', 0x0, 0x0)
openat$cgroup_ro(r5, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

9.478552297s ago: executing program 3 (id=2310):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='htcp\x00', 0x5)
sendmmsg$inet(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)="1e", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000040)}}], 0x1, 0x20000810)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

8.694161767s ago: executing program 2 (id=2311):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fchdir(0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r6=>0x0})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r7, 0xc0185879, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], <r8=>0x0, 0x3b, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xe4, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r9}, 0x10)
lchown(0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000640)={0x0, <r10=>0x0})
r11 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3fe2c7e93366796c7224a0c2c0213af2eff010000e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb000013000000000000000000a46aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5324812d992a4f8dc6fcba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b683f60f2744419a2f238f173d0000003cf4fbd775d9c04dac60ff00a629b3b2000000000000000000001d004e41ff9b4d00e07ff771cea08bea2fa81fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14e519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb433678060ac0e201e401fb1711d41f45d90a1e19795c995ffdd7055ee872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b045ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cfca78205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00000000000000000000000000000000000000000000009d6ccaab1c17bbfdd16cbf3bb706537fe8cfed4272e665566d6ae239a97a1f6d00df0d03a22818be6aba095303e587b2b4520b2c5959d6581b7fe36733eb690b3fad4da9652edab3e76432c4212a38119d64465532c7abdc6f71439ec93bae9cb88349c1e0ba02e7d9d4e636acaae12c3853f388940cf59b056d8318d4cc52182acaa0de24a14600000000000000000000000000006efb26dd3e1d58b159c3828e1cb39cd81410a4d4acb14dbee7207fecf684463e333aa565db09e51caa690171b4c12f5e8f057a6ccb616989b6e4de92ea167928e3957dc9270e0ad2c0178888c9e7366bdf23cc5cd96a41540b6ade1b35c533a5d3022ae4318d66d9f3cced9e13a7f5b0e366edaedaa1d5492a7d189afd83ccca0d732d04f75b9bbb56a12ad943dac925c2f2ab663b5b44e33629c272358097e2d9719b23e9928a15914450bf2508f2c83e13e7ba667fc385bf5b64b774d92b61b1dae0c97dbe12454e2f4219be49888ce974720127c9c1db2238"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r11, 0xfffff000, 0xe, 0x0, &(0x7f0000000880)="61df712bc884fed5722780b686dd", 0x0, 0x8000, 0x0, 0xfffffffffffffeca, 0x0, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x28)
prlimit64(r10, 0x2, &(0x7f00000006c0)={0x8, 0xfff}, &(0x7f0000000700))

8.635914867s ago: executing program 4 (id=2313):
syz_open_dev$usbfs(&(0x7f0000000080), 0x73, 0x101301)
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x0, &(0x7f0000000000)="890704", 0x3)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r3, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000240)={0x14, 0x1000000})

6.71241929s ago: executing program 0 (id=2315):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7f, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7ef, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x9f)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r1, 0x0, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000061c0)={0x2020}, 0x2020)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
fcntl$setstatus(r5, 0x4, 0xcfb45b99770bb43a)
fcntl$setown(r5, 0x4, 0x0)
fcntl$setstatus(r4, 0x4, 0x2c00)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
mount(&(0x7f0000000040), &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0xcc16, 0x0)

6.710851828s ago: executing program 2 (id=2316):
socket$inet6(0xa, 0x80002, 0x88)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa79ff030486dd601b8b97004d88c19e9ace000000000000"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_clone(0xa1043800, 0x0, 0xfffffffffffffe9f, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f00000001c0)={@val={0xa}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @multicast1}, {0x0, 0x4305, 0x18, 0x0, @wg=@data}}}}}}, 0x3e)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB="0500000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000340), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r1, 0x0, 0x0)
syz_clone3(&(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x27)
mknodat$loop(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x400, 0x1)
name_to_handle_at(r7, &(0x7f0000000600)='./file0\x00', 0x0, 0x0, 0x0)

6.638981246s ago: executing program 3 (id=2317):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
sched_setaffinity(0x0, 0x26, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$inet6(0xa, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
fcntl$setsig(r1, 0xa, 0x21)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
listen(r2, 0x0)
r3 = fsopen(&(0x7f0000000040)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
open(0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x2, &(0x7f0000000040)='source', &(0x7f0000000080)='./bus\x00', r1)
mknodat$loop(r1, &(0x7f0000002600)='./bus\x00', 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r6, &(0x7f00000021c0), 0x5b, 0x40, 0x0)

6.638214595s ago: executing program 1 (id=2318):
socket$igmp(0x2, 0x3, 0x2)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c9, &(0x7f0000000100))
r4 = syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f00000006c0)={0x80, 0x6, 0x303, 0x3, 0x0, 0x0, 0x0})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r6 = open(0x0, 0x10000, 0x0)
renameat2(r6, &(0x7f00000004c0)='./bus\x00', r5, 0x0, 0x0)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x4000000c, 0xb, 0x2200, 0x0})
r7 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x189202)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="800000"])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r8 = openat$sndseq(0xffffff9c, &(0x7f0000000040), 0x101100)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r8, 0xc04c5349, &(0x7f0000000080)={0x9dc, 0x7, 0x9})

5.646408163s ago: executing program 1 (id=2319):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4b65cb8da2791066, 0x4007, @fd_index=0x7, 0x9, 0x0, 0x0, 0x19})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5423, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
modify_ldt$write(0x1, &(0x7f0000000000), 0x10)
modify_ldt$write2(0x11, &(0x7f0000000300)={0xf, 0x20000800, 0x4000, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000001700), 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000006800e97800100000000000000a0000000000000008000500", @ANYRES32=r4, @ANYBLOB="f5e28fd6b9898dfa5d8591d8ec68a731b2f040"], 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x2c, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r4, @ANYBLOB="0002"], 0x20}}, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r5 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x0, 0x2, 0x0, 0x10}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0x0)

5.58687427s ago: executing program 4 (id=2320):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x8}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001340)={r1, 0xe0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

5.450116291s ago: executing program 4 (id=2321):
r0 = socket$inet(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
socket$inet(0x2, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r7, 0x84, 0x18, &(0x7f00000001c0)={r8}, 0x8)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000080)=0x8001, 0x4)

5.230577303s ago: executing program 2 (id=2322):
unshare(0x20020400)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x282182, 0x0)
close(r5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="1e0308003c5ca601288763"], 0xffdd)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400})
close(r2)
recvmsg(r0, &(0x7f00000026c0)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x18, 0x3a, 0x0, @private2, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}, 0x0)
ioperm(0x0, 0x7, 0x40000000000006)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8002, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000001740)={r6, 0x0, 0x0}, 0x20)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_INFO_BUFS(r7, 0xc0106418, &(0x7f0000000040)={0x4, 0x7, 0x4236, 0x0, 0x10, 0x9b9c})
syz_usb_connect$hid(0x6, 0x36, &(0x7f00000012c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0xf30, 0x111, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x10, 0x7, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x1, 0x2, 0x5, {0x9, 0x21, 0xb4, 0x4, 0x1, {0x22, 0x78f}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x5, 0x1}}}}}]}}]}}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r7)
sendmsg$TIPC_NL_PUBL_GET(r8, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r9, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x36a3}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x40010)

4.43721428s ago: executing program 4 (id=2323):
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
close(r0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r2, 0x5b03, 0x0)
write$char_usb(r2, 0x0, 0x0)

4.35436048s ago: executing program 3 (id=2324):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x26, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$inet6(0xa, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = open(0x0, 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x8000003d)
fcntl$setsig(r2, 0xa, 0x21)
listen(0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
open(0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x2, &(0x7f0000000040)='source', 0x0, r2)
mknodat$loop(r2, &(0x7f0000002600)='./bus\x00', 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r6, &(0x7f00000021c0), 0x5b, 0x40, 0x0)

4.254569173s ago: executing program 0 (id=2325):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000001980)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="140000002d000b03d25a806f8c6394f90824fc60", 0x14}], 0x1}, 0x24040000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000780)={0x1, @vbi={0xfffffff5, 0x4, 0xffffffff, 0x35606183, [0x7, 0x19], [0x2, 0x3ff], 0x2}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000ee00000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000))
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x16, &(0x7f0000000140)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x3, 0x300)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="148b050000f9"], 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000010)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000440)={'gretap0\x00', &(0x7f0000000500)={'gre0\x00', <r9=>0x0, 0x8000, 0x7800, 0x0, 0x0, {{0x64, 0x4, 0x2, 0x3, 0x190, 0x66, 0x0, 0xf, 0x4, 0x0, @loopback, @broadcast, {[@noop, @cipso={0x86, 0x6b, 0x2, [{0x1, 0x11, "190960a2bce63a6fe8857ebeca598a"}, {0x2, 0xffffffffffffffdf, "9fbd51d46b9a8e767abfb88242"}, {0x0, 0x10, "e685b041e2f1aa410eeb47ee62af"}, {0x2, 0x11, "3ff00a7be800ce6f2cfc062940a4e5"}, {0x0, 0xe, "483e7e0504b417a3189e8bf8"}, {0x6, 0x10, "35326e62b6c72bd75091510ccb4a"}, {0x0, 0x6, "29eca2a6"}]}, @lsrr={0x83, 0x1f, 0x59, [@remote, @multicast1, @dev={0xac, 0x14, 0x14, 0xb}, @private=0xa010100, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @lsrr={0x83, 0x1b, 0x8, [@remote, @dev={0xac, 0x14, 0x14, 0x11}, @remote, @multicast2, @dev={0xac, 0x14, 0x14, 0xb2}, @multicast1]}, @timestamp_addr={0x44, 0x44, 0x25, 0x1, 0xf, [{@rand_addr=0x64010101, 0x3}, {@private=0x8d9, 0xa8}, {@local, 0x3}, {@broadcast, 0x4dc}, {@remote, 0xfffffffd}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xd}, {@broadcast, 0x4}, {@rand_addr=0x64010101, 0x20}]}, @end, @rr={0x7, 0x1b, 0xf2, [@private=0xa010100, @empty, @local, @remote, @multicast1, @remote]}, @cipso={0x86, 0x61, 0x1, [{0x1, 0x8, "1f452907a6b8"}, {0x5, 0xd, "5a5108029f540c6dbc1224"}, {0x7, 0x10, "574a629c102051401fe7e6816c50"}, {0x6, 0xd, "96fc905063bf88d36e6e70"}, {0x7, 0xd, "6e1704df6f76cf9ba930b2"}, {0x0, 0x7, "1af78a087c"}, {0x0, 0xf, "508456a21a950a2b3ffd9ee00c"}, {0x2, 0x6, "79af9360"}]}, @rr={0x7, 0x13, 0x83, [@multicast1, @empty, @rand_addr=0x64010102, @broadcast]}]}}}}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r7, r9, 0x25, 0x15, @void}, 0x10)

4.087594228s ago: executing program 1 (id=2326):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fchdir(0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r6=>0x0})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r7, 0xc0185879, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], <r8=>0x0, 0x3b, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xe4, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r9}, 0x10)
lchown(0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000640)={0x0, <r10=>0x0})
r11 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3fe2c7e93366796c7224a0c2c0213af2eff010000e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb000013000000000000000000a46aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5324812d992a4f8dc6fcba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b683f60f2744419a2f238f173d0000003cf4fbd775d9c04dac60ff00a629b3b2000000000000000000001d004e41ff9b4d00e07ff771cea08bea2fa81fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14e519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb433678060ac0e201e401fb1711d41f45d90a1e19795c995ffdd7055ee872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b045ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cfca78205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00000000000000000000000000000000000000000000009d6ccaab1c17bbfdd16cbf3bb706537fe8cfed4272e665566d6ae239a97a1f6d00df0d03a22818be6aba095303e587b2b4520b2c5959d6581b7fe36733eb690b3fad4da9652edab3e76432c4212a38119d64465532c7abdc6f71439ec93bae9cb88349c1e0ba02e7d9d4e636acaae12c3853f388940cf59b056d8318d4cc52182acaa0de24a14600000000000000000000000000006efb26dd3e1d58b159c3828e1cb39cd81410a4d4acb14dbee7207fecf684463e333aa565db09e51caa690171b4c12f5e8f057a6ccb616989b6e4de92ea167928e3957dc9270e0ad2c0178888c9e7366bdf23cc5cd96a41540b6ade1b35c533a5d3022ae4318d66d9f3cced9e13a7f5b0e366edaedaa1d5492a7d189afd83ccca0d732d04f75b9bbb56a12ad943dac925c2f2ab663b5b44e33629c272358097e2d9719b23e9928a15914450bf2508f2c83e13e7ba667fc385bf5b64b774d92b61b1dae0c97dbe12454e2f4219be49888ce974720127c9c1db2238"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r11, 0xfffff000, 0xe, 0x0, &(0x7f0000000880)="61df712bc884fed5722780b686dd", 0x0, 0x8000, 0x0, 0xfffffffffffffeca, 0x0, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x28)
prlimit64(r10, 0x2, &(0x7f00000006c0)={0x8, 0xfff}, &(0x7f0000000700))

3.173371984s ago: executing program 0 (id=2327):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0x43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x4b, [0x0, 0x0, 0x0, 0x2b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8fca], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0xa90d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x1, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r3, &(0x7f0000001400)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}], 0x1}}], 0x1, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
socket$inet(0x2, 0x80001, 0x84)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b03d25a806c8c6f94f90624fc601000127a0a000600093582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1}, 0x0)

1.860298142s ago: executing program 1 (id=2328):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
r2 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e60, 0x0, @empty}, 0x1c)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e60, 0x0, @empty}, 0x1c)
close(r1)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x304}, "8e44c05dfd57e5b3", "591f44ef0756020a9e1d86882c0348a6", "a29f817c", "51eb071129f5da07"}, 0x28)
setsockopt$inet6_tcp_int(r0, 0x11a, 0x2, &(0x7f0000000080)=0x1641e14e, 0x0)

1.273983289s ago: executing program 0 (id=2329):
socket$igmp(0x2, 0x3, 0x2)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c9, &(0x7f0000000100))
r4 = syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f00000006c0)={0x80, 0x6, 0x303, 0x3, 0x0, 0x0, 0x0})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r6 = open(0x0, 0x10000, 0x0)
renameat2(r6, &(0x7f00000004c0)='./bus\x00', r5, 0x0, 0x0)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x4000000c, 0xb, 0x2200, 0x0})
r7 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x189202)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="800000"])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r8 = openat$sndseq(0xffffff9c, &(0x7f0000000040), 0x101100)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r8, 0xc04c5349, &(0x7f0000000080)={0x9dc, 0x7, 0x9})

1.098862671s ago: executing program 4 (id=2330):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x13, &(0x7f0000000300)=ANY=[], 0x0, 0xffff0001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newqdisc={0xfffffd7c, 0x14, 0x0, 0x0, 0x0, {0x2}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x4c}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r6 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r6, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(r6, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000040)='\v', 0x1}], 0x1}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000a00)={[0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x78469555c77fef7b})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r7 = fcntl$dupfd(r2, 0x0, r2)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r2, 0x3b87, &(0x7f0000000180)={0x18})

1.098000508s ago: executing program 3 (id=2331):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x8}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001340)={r1, 0xe0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

282.711076ms ago: executing program 3 (id=2332):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xffffffffffffff04, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
getrandom(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000100), 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYRES16=r2], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x1, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r7, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$binfmt_elf64(r6, &(0x7f00000004c0)=ANY=[], 0x100000530)

223.709409ms ago: executing program 1 (id=2333):
socket(0x10, 0x80002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x2801, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a0000000200", 0x6)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000040)={0xa}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000080), 0x1)
syz_emit_ethernet(0x4a, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000540)={'syztnl0\x00', <r1=>0x0, 0x8000, 0x1, 0xfffffff7, 0xfffffffd, {{0x15, 0x4, 0x2, 0x9, 0x54, 0x64, 0x0, 0xf7, 0x4, 0x0, @rand_addr=0x64010101, @remote, {[@ssrr={0x89, 0xb, 0xcb, [@dev={0xac, 0x14, 0x14, 0x30}, @rand_addr=0x64010102]}, @cipso={0x86, 0x32, 0x3, [{0x6, 0xa, "b7e3561fe0ef92f1"}, {0x1, 0x3, "18"}, {0x5, 0xd, "9a3d102780f4a8b270572b"}, {0x1, 0xb, "5e4a502263995579c5"}, {0x0, 0x7, "1ed1b9122d"}]}]}}}}})
bind$packet(r0, &(0x7f0000000240)={0x11, 0x10, r1, 0x1, 0x1f, 0x6, @local}, 0x14)
chdir(&(0x7f00000001c0)='./bus\x00')
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')

220.670455ms ago: executing program 0 (id=2334):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000007b80)={0xa, 0x1, 0x0, @loopback}, 0x1c)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b04002800018007000100637400001c0002800800014000000002080002400000001005000300000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a00"/128], 0x80}}, 0x0)

96.142476ms ago: executing program 4 (id=2335):
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
ioprio_set$pid(0x2, 0x0, 0x0)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x16d27e, 0x0)
sendfile(r4, r4, 0x0, 0x8800000)
sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001900)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="eeffffff0a000200aaaaaaaaaa1b"], 0x28}}, 0x0)
write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCPKT(r5, 0x5420, &(0x7f00000000c0)=0x20)
ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "c96c8fe9124f9ba1"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r6=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x3, r6, 0x3, &(0x7f0000000100))
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0)

15.013054ms ago: executing program 0 (id=2336):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x4b65cb8da2791066, 0x4007, @fd_index=0x7, 0x9, 0x0, 0x0, 0x19})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5423, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
modify_ldt$write(0x1, &(0x7f0000000000), 0x10)
modify_ldt$write2(0x11, &(0x7f0000000300)={0xf, 0x20000800, 0x4000, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000001700), 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000006800e97800100000000000000a0000000000000008000500", @ANYRES32=r4, @ANYBLOB="f5e28fd6b9898dfa5d8591d8ec68a731b2f040"], 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x2c, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r4, @ANYBLOB="0002"], 0x20}}, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r5 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x0, 0x2, 0x0, 0x10}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0x0)

0s ago: executing program 1 (id=2337):
statx(0xffffffffffffffff, 0x0, 0x1000, 0x0, &(0x7f0000001900))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0)
splice(r4, 0x0, r1, 0x0, 0x7f, 0xe)
write(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2)
mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x3, &(0x7f0000000040)=0x9, 0x4, 0x0) (fail_nth: 3)

kernel console output (not intermixed with test programs):

030a37def9
[  935.899683][T13027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  935.899698][T13027] RSP: 002b:00007f030b0b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  935.899720][T13027] RAX: ffffffffffffffda RBX: 00007f030a535f80 RCX: 00007f030a37def9
[  935.899733][T13027] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000007
[  935.899745][T13027] RBP: 00007f030b0b1090 R08: 0000000000000000 R09: 0000000000000000
[  935.899758][T13027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  935.899769][T13027] R13: 0000000000000000 R14: 00007f030a535f80 R15: 00007fff25338a08
[  935.899798][T13027]  </TASK>
[  935.994791][    C1] vkms_vblank_simulate: vblank timer overrun
[  936.447879][ T5270] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  937.149804][ T5270] usb 2-1: Using ep0 maxpacket: 32
[  937.643215][ T5270] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  937.654859][ T5270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.677345][ T5270] usb 2-1: Product: syz
[  937.687238][ T5270] usb 2-1: Manufacturer: syz
[  937.701956][ T5270] usb 2-1: SerialNumber: syz
[  937.713538][ T5270] usb 2-1: config 0 descriptor??
[  937.729236][ T5270] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  938.581231][T13043] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  938.602357][T13043] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  938.623173][T13043] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  938.650931][ T5270] gspca_ov534_9: reg_w failed -110
[  938.674714][T13043] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  938.994907][T13056] netlink: 'syz.0.1899': attribute type 21 has an invalid length.
[  939.002913][T13056] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1899'.
[  939.012327][T13056] netlink: 'syz.0.1899': attribute type 5 has an invalid length.
[  939.020219][T13056] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1899'.
[  939.737521][ T5231] Bluetooth: hci4: command 0x0405 tx timeout
[  940.094001][ T5270] gspca_ov534_9: Unknown sensor 0000
[  940.094442][ T5270] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  941.419725][ T8594] Bluetooth: hci2: command 0x0405 tx timeout
[  941.426656][T12386] Bluetooth: hci0: command 0x0405 tx timeout
[  941.432836][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[  941.684067][ T5270] usb 2-1: USB disconnect, device number 37
[  941.778854][T11340] libceph: connect (1)[c::]:6789 error -101
[  941.790030][T11340] libceph: mon0 (1)[c::]:6789 connect error
[  941.790169][T13079] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  941.809174][ T5231] Bluetooth: hci1: Invalid handle: 0x8d09 > 0x0eff
[  941.860437][   T29] audit: type=1326 audit(1726488123.828:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.0.1905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f030a37def9 code=0x0
[  942.058599][ T5270] libceph: connect (1)[c::]:6789 error -101
[  942.063215][ T9644] libceph: connect (1)[c::]:6789 error -101
[  942.072881][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[  942.076322][ T5270] libceph: mon0 (1)[c::]:6789 connect error
[  942.183715][   T29] audit: type=1326 audit(1726488124.148:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13089 comm="syz.1.1909" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[  942.204701][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.351547][ T9644] libceph: connect (1)[c::]:6789 error -101
[  942.359038][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[  942.371328][T13081] ceph: No mds server is up or the cluster is laggy
[  942.857542][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  943.059297][ T5271] libceph: connect (1)[c::]:6789 error -101
[  943.065378][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[  943.127563][T13094] ceph: No mds server is up or the cluster is laggy
[  944.814979][T13121] netlink: 'syz.1.1916': attribute type 21 has an invalid length.
[  944.823209][T13121] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1916'.
[  944.832643][T13121] netlink: 'syz.1.1916': attribute type 5 has an invalid length.
[  944.840603][T13121] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1916'.
[  945.533130][T13133] IPVS: set_ctl: invalid protocol: 60 172.30.0.2:0
[  945.539828][T10095] IPVS: starting estimator thread 0...
[  946.571981][T13128] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  946.587299][T13135] IPVS: using max 19 ests per chain, 45600 per kthread
[  946.605218][T13140] pim6reg: tun_chr_ioctl cmd 1074025673
[  946.614575][T13140] pim6reg: tun_chr_ioctl cmd 1074025677
[  946.634190][T13140] pim6reg: linktype set to 769
[  946.682565][T13141] pim6reg: tun_chr_ioctl cmd 1074025677
[  946.709846][T13141] pim6reg: linktype set to 769
[  946.764438][T13144] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1923'.
[  946.902239][ T9644] libceph: connect (1)[c::]:6789 error -101
[  946.920305][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[  947.021975][T13160] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1927'.
[  947.031704][T13160] 0�X���: renamed from caif0
[  947.181007][T13160] 0�X���: entered allmulticast mode
[  947.186246][T13160] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  947.208895][ T9644] libceph: connect (1)[c::]:6789 error -101
[  947.267474][T13166] No buffer was provided with the request
[  947.957479][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[  948.134718][   T29] audit: type=1326 audit(1726488130.098:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13145 comm="syz.1.1924" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[  948.233777][T13149] ceph: No mds server is up or the cluster is laggy
[  948.971714][T13169] mkiss: ax0: crc mode is auto.
[  948.984773][T13175] netlink: 'syz.4.1932': attribute type 21 has an invalid length.
[  948.992669][T13175] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1932'.
[  949.002810][T13175] netlink: 'syz.4.1932': attribute type 5 has an invalid length.
[  949.010662][T13175] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1932'.
[  949.219411][T13183] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1930'.
[  952.071208][T13219] binder: 13218:13219 ioctl c018620c 0 returned -14
[  952.953788][T13227] fuse: Bad value for 'fd'
[  953.284097][T13238] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1944'.
[  953.413745][ T5218] libceph: connect (1)[c::]:6789 error -101
[  953.446585][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  954.279328][ T5218] libceph: connect (1)[c::]:6789 error -101
[  954.285461][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  954.447697][   T29] audit: type=1326 audit(1726488136.418:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13236 comm="syz.1.1943" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[  954.547982][ T5218] libceph: connect (1)[c::]:6789 error -101
[  954.556527][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  954.659730][T13239] ceph: No mds server is up or the cluster is laggy
[  954.855616][T13257] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  954.866977][T10095] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  955.067384][T11340] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  955.077788][T10095] usb 4-1: too many configurations: 164, using maximum allowed: 8
[  955.106044][T10095] usb 4-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  955.127243][T10095] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.148142][T10095] usb 4-1: config 0 descriptor??
[  955.282180][T11340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  955.307291][T11340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  955.317079][T11340] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  955.366505][ T9644] usb 4-1: USB disconnect, device number 40
[  955.367237][T11340] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  955.395910][T11340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.418380][T11340] usb 5-1: config 0 descriptor??
[  955.547251][T10095] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  955.781958][T10095] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  955.797245][T10095] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  955.814483][T10095] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  955.825839][T10095] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  955.846382][T10095] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  955.861797][T10095] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.873927][T10095] usb 2-1: config 0 descriptor??
[  955.880966][T13263] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  956.029105][ T5362] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  956.251195][ T5362] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  956.276273][ T5362] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  957.054711][T11340] usbhid 5-1:0.0: can't add hid device: -71
[  957.197844][T10095] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  957.205297][T10095] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  957.212973][T11340] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  957.220811][ T5362] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  957.251398][T11340] usb 5-1: USB disconnect, device number 33
[  957.257493][ T5362] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  957.275168][T10095] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  957.318089][T10095] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  958.010631][ T5362] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  958.550208][ T5231] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  960.617410][T10095] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  960.626149][T10095] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving
[  960.640600][ T5362] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  960.669729][ T5362] usb 3-1: config 0 descriptor??
[  960.676554][ T5362] usb 3-1: can't set config #0, error -71
[  960.690972][T10095] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  960.724643][ T5362] usb 3-1: USB disconnect, device number 35
[  960.786536][T10095] usb 2-1: USB disconnect, device number 38
[  961.043560][T13292] No buffer was provided with the request
[  962.302470][ T5218] libceph: connect (1)[c::]:6789 error -101
[  962.313128][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  962.319652][ T5218] libceph: connect (1)[c::]:6789 error -101
[  962.327030][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  962.601313][ T5218] libceph: connect (1)[c::]:6789 error -101
[  962.608581][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  962.995004][   T29] audit: type=1326 audit(1726488144.958:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13295 comm="syz.2.1959" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x0
[  963.169502][ T5218] libceph: connect (1)[c::]:6789 error -101
[  963.175591][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[  963.300274][T13315] No buffer was provided with the request
[  964.102190][T13300] ceph: No mds server is up or the cluster is laggy
[  964.186849][T13317] cgroup: name respecified
[  964.241731][ T8594] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  964.253465][ T8594] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  964.261742][ T8594] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  964.272911][ T8594] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  964.328458][ T8594] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  964.347377][ T8594] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  964.697537][ T9644] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  965.540554][ T9644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.586716][ T9644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  965.636109][ T9644] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  965.707357][ T9644] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  965.744436][ T9644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.783448][ T9644] usb 4-1: config 0 descriptor??
[  965.947533][ T5362] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  966.175607][ T5362] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  966.190767][ T5362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  966.205412][ T5362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  966.216905][ T5362] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  966.230366][ T5362] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  966.251218][ T5362] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.345767][ T5362] usb 2-1: config 0 descriptor??
[  966.458480][ T8594] Bluetooth: hci3: command tx timeout
[  966.468397][T13340] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  966.873010][T13318] chnl_net:caif_netlink_parms(): no params data found
[  966.994902][ T9644] usbhid 4-1:0.0: can't add hid device: -71
[  967.006899][ T9644] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  967.025881][ T5362] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  967.046374][ T5362] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  967.055203][ T9644] usb 4-1: USB disconnect, device number 41
[  967.101299][ T5362] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  967.127536][ T5362] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  967.134996][ T5362] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  967.188238][ T5362] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving
[  967.223547][ T5362] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  967.366570][T13318] bridge0: port 1(bridge_slave_0) entered blocking state
[  967.396873][T13318] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.450232][T13318] bridge_slave_0: entered allmulticast mode
[  968.750528][ T8594] Bluetooth: hci3: command tx timeout
[  968.783973][T13318] bridge_slave_0: entered promiscuous mode
[  970.837439][ T8594] Bluetooth: hci3: command tx timeout
[  970.866238][   T25] usb 2-1: USB disconnect, device number 39
[  971.075910][T13318] bridge0: port 2(bridge_slave_1) entered blocking state
[  971.108752][T13318] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.118259][T13318] bridge_slave_1: entered allmulticast mode
[  971.125045][T13318] bridge_slave_1: entered promiscuous mode
[  971.187084][   T29] audit: type=1326 audit(1726488153.148:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13368 comm="syz.4.1973" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177357def9 code=0x0
[  971.315862][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  971.394296][T13318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  971.445120][T13387] ceph: No mds server is up or the cluster is laggy
[  971.460674][T13408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1979'.
[  971.472393][T13408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1979'.
[  971.490925][T13318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  971.500148][   T25] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  971.624229][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  971.677657][   T25] usb 3-1: device descriptor read/64, error -71
[  971.717146][T13318] team0: Port device team_slave_0 added
[  971.772522][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  971.813518][T13318] team0: Port device team_slave_1 added
[  971.820033][ T5271] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  971.977451][   T25] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  972.140217][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  972.150305][ T5271] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  972.211054][T13318] batman_adv: batadv0: Adding interface: batadv_slave_0
[  972.256717][ T5271] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  972.257373][   T25] usb 3-1: device descriptor read/64, error -71
[  972.279427][ T5271] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  972.292207][T13318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  972.292239][T13318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  972.294665][T13318] batman_adv: batadv0: Adding interface: batadv_slave_1
[  972.346715][ T5271] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  972.348474][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'.
[  972.362027][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.374531][ T5271] usb 2-1: Product: syz
[  972.374611][T13318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  972.374639][T13318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  972.382622][T13415] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1981'.
[  972.405443][    C0] vkms_vblank_simulate: vblank timer overrun
[  972.440919][ T5271] usb 2-1: Manufacturer: syz
[  972.455631][ T5271] usb 2-1: SerialNumber: syz
[  972.460660][   T25] usb usb3-port1: attempt power cycle
[  972.476307][ T5271] usb 2-1: config 0 descriptor??
[  972.524519][ T5271] kvaser_usb 2-1:0.0: Cannot get usb endpoint(s)
[  972.618358][ T5519] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.630463][T13415] netlink: 'syz.3.1981': attribute type 10 has an invalid length.
[  972.646038][T13415] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.687786][T13415] bridge0: port 1(bridge_slave_0) entered blocking state
[  972.694892][T13415] bridge0: port 1(bridge_slave_0) entered forwarding state
[  972.711657][T13415] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  972.836309][T13318] hsr_slave_0: entered promiscuous mode
[  972.845992][T13318] hsr_slave_1: entered promiscuous mode
[  972.860077][ T8594] Bluetooth: hci3: command tx timeout
[  972.867376][   T25] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  972.883220][T13318] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  972.895799][T13318] Cannot create hsr debugfs directory
[  972.912945][   T25] usb 3-1: device descriptor read/8, error -71
[  972.993721][ T1108] bridge_slave_1: left allmulticast mode
[  973.012379][ T1108] bridge_slave_1: left promiscuous mode
[  973.026705][ T1108] bridge0: port 2(bridge_slave_1) entered disabled state
[  973.046607][ T1108] bridge_slave_0: left allmulticast mode
[  973.056508][ T1108] bridge0: port 1(bridge_slave_0) entered disabled state
[  973.192611][   T25] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  973.238278][   T25] usb 3-1: device descriptor read/8, error -71
[  973.377809][   T25] usb usb3-port1: unable to enumerate USB device
[  973.455546][T13423] FAULT_INJECTION: forcing a failure.
[  973.455546][T13423] name failslab, interval 1, probability 0, space 0, times 0
[  973.490489][T13423] CPU: 1 UID: 0 PID: 13423 Comm: syz.3.1983 Not tainted 6.11.0-syzkaller #0
[  973.499222][T13423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  973.509290][T13423] Call Trace:
[  973.512557][T13423]  <TASK>
[  973.515472][T13423]  dump_stack_lvl+0x241/0x360
[  973.520143][T13423]  ? __pfx_dump_stack_lvl+0x10/0x10
[  973.525325][T13423]  ? __pfx__printk+0x10/0x10
[  973.529921][T13423]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  973.535386][T13423]  ? __pfx___might_resched+0x10/0x10
[  973.540678][T13423]  should_fail_ex+0x3b0/0x4e0
[  973.545349][T13423]  should_failslab+0xac/0x100
[  973.550029][T13423]  ? ip_set_create+0x330/0x1900
[  973.554892][T13423]  __kmalloc_cache_noprof+0x6c/0x2c0
[  973.560189][T13423]  ip_set_create+0x330/0x1900
[  973.564855][T13423]  ? trace_raw_output_contention_end+0x4a/0xd0
[  973.571011][T13423]  ? __pfx_ip_set_create+0x10/0x10
[  973.576124][T13423]  ? trace_contention_end+0x3c/0x120
[  973.581417][T13423]  ? nfnetlink_rcv_msg+0x225/0x1180
[  973.586600][T13423]  nfnetlink_rcv_msg+0xbec/0x1180
[  973.591611][T13423]  ? kernel_text_address+0xa7/0xe0
[  973.596705][T13423]  ? nfnetlink_rcv_msg+0x225/0x1180
[  973.601901][T13423]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  973.607360][T13423]  ? netlink_deliver_tap+0x19d/0x1b0
[  973.612644][T13423]  ? netlink_unicast+0x7c4/0x990
[  973.617576][T13423]  ? netlink_sendmsg+0x8e4/0xcb0
[  973.622495][T13423]  ? __sock_sendmsg+0x221/0x270
[  973.627326][T13423]  ? ____sys_sendmsg+0x525/0x7d0
[  973.632242][T13423]  ? __sys_sendmsg+0x2b0/0x3a0
[  973.636986][T13423]  ? do_syscall_64+0xf3/0x230
[  973.641679][T13423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.647755][T13423]  netlink_rcv_skb+0x1e3/0x430
[  973.652512][T13423]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  973.657958][T13423]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  973.663238][T13423]  ? safesetid_security_capable+0xb2/0x1d0
[  973.669030][T13423]  ? bpf_lsm_capable+0x9/0x10
[  973.673705][T13423]  ? security_capable+0x90/0xb0
[  973.678831][T13423]  nfnetlink_rcv+0x297/0x2ad0
[  973.683496][T13423]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  973.689205][T13423]  ? __dev_queue_xmit+0x2da/0x3e90
[  973.694434][T13423]  ? __dev_queue_xmit+0x1763/0x3e90
[  973.699625][T13423]  ? kasan_save_track+0x51/0x80
[  973.704467][T13423]  ? do_syscall_64+0xf3/0x230
[  973.709139][T13423]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  973.714237][T13423]  ? __dev_queue_xmit+0x2da/0x3e90
[  973.719347][T13423]  ? __pfx___dev_queue_xmit+0x10/0x10
[  973.724741][T13423]  ? ref_tracker_free+0x643/0x7e0
[  973.729756][T13423]  ? __asan_memcpy+0x40/0x70
[  973.734353][T13423]  ? __pfx_ref_tracker_free+0x10/0x10
[  973.739756][T13423]  ? netlink_deliver_tap+0x2e/0x1b0
[  973.744965][T13423]  ? skb_clone+0x240/0x390
[  973.749376][T13423]  ? __pfx_lock_release+0x10/0x10
[  973.754397][T13423]  ? __netlink_deliver_tap+0x77e/0x7c0
[  973.759935][T13423]  ? netlink_deliver_tap+0x2e/0x1b0
[  973.765640][T13423]  netlink_unicast+0x7f6/0x990
[  973.770402][T13423]  ? __pfx_netlink_unicast+0x10/0x10
[  973.775685][T13423]  ? __virt_addr_valid+0x183/0x530
[  973.780826][T13423]  ? __check_object_size+0x49c/0x900
[  973.786117][T13423]  ? bpf_lsm_netlink_send+0x9/0x10
[  973.791217][T13423]  netlink_sendmsg+0x8e4/0xcb0
[  973.796149][T13423]  ? __pfx_netlink_sendmsg+0x10/0x10
[  973.801420][T13423]  ? __import_iovec+0x536/0x820
[  973.806271][T13423]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  973.811542][T13423]  ? security_socket_sendmsg+0x87/0xb0
[  973.817033][T13423]  ? __pfx_netlink_sendmsg+0x10/0x10
[  973.822309][T13423]  __sock_sendmsg+0x221/0x270
[  973.826974][T13423]  ____sys_sendmsg+0x525/0x7d0
[  973.831837][T13423]  ? __pfx_____sys_sendmsg+0x10/0x10
[  973.837122][T13423]  __sys_sendmsg+0x2b0/0x3a0
[  973.841702][T13423]  ? __pfx___sys_sendmsg+0x10/0x10
[  973.846799][T13423]  ? vfs_write+0x7c4/0xc90
[  973.851341][T13423]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  973.857657][T13423]  ? do_syscall_64+0x100/0x230
[  973.862432][T13423]  ? do_syscall_64+0xb6/0x230
[  973.867089][T13423]  do_syscall_64+0xf3/0x230
[  973.871597][T13423]  ? clear_bhb_loop+0x35/0x90
[  973.876260][T13423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.882143][T13423] RIP: 0033:0x7f580637def9
[  973.886571][T13423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  973.906162][T13423] RSP: 002b:00007f580717a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  973.914563][T13423] RAX: ffffffffffffffda RBX: 00007f5806535f80 RCX: 00007f580637def9
[  973.922519][T13423] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[  973.932410][T13423] RBP: 00007f580717a090 R08: 0000000000000000 R09: 0000000000000000
[  973.940375][T13423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  973.948341][T13423] R13: 0000000000000000 R14: 00007f5806535f80 R15: 00007ffe9998a798
[  973.956423][T13423]  </TASK>
[  974.259020][ T5271] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  974.415518][ T1108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  974.426171][ T5362] usb 2-1: USB disconnect, device number 40
[  974.434501][ T1108] bond_slave_0: left promiscuous mode
[  974.449409][ T5271] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  974.461511][ T5271] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  974.504170][ T5271] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  974.529994][ T5271] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  974.567353][ T9644] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  974.662155][ T1108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  974.688524][ T5271] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  974.690050][ T1108] bond_slave_1: left promiscuous mode
[  974.707877][ T5271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.708846][ T1108] bond0 (unregistering): Released all slaves
[  974.785705][T13436] No buffer was provided with the request
[  975.379795][ T5271] usb 5-1: config 0 descriptor??
[  975.405813][T13425] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  975.508680][ T9644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  975.524188][ T9644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  975.534322][ T9644] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  975.548753][ T9644] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  975.558115][ T9644] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.609463][ T9644] usb 3-1: config 0 descriptor??
[  975.682105][T13440] FAULT_INJECTION: forcing a failure.
[  975.682105][T13440] name failslab, interval 1, probability 0, space 0, times 0
[  975.695269][T13440] CPU: 0 UID: 0 PID: 13440 Comm: syz.1.1988 Not tainted 6.11.0-syzkaller #0
[  975.703973][T13440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  975.714137][T13440] Call Trace:
[  975.717435][T13440]  <TASK>
[  975.720383][T13440]  dump_stack_lvl+0x241/0x360
[  975.725094][T13440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  975.730318][T13440]  ? __pfx__printk+0x10/0x10
[  975.734939][T13440]  should_fail_ex+0x3b0/0x4e0
[  975.739670][T13440]  ? skb_clone+0x20c/0x390
[  975.744113][T13440]  should_failslab+0xac/0x100
[  975.748902][T13440]  ? skb_clone+0x20c/0x390
[  975.753429][T13440]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  975.758833][T13440]  skb_clone+0x20c/0x390
[  975.763096][T13440]  ? dev_queue_xmit_nit+0x220/0xc10
[  975.768317][T13440]  dev_queue_xmit_nit+0x419/0xc10
[  975.773361][T13440]  ? dev_queue_xmit_nit+0x2b/0xc10
[  975.778500][T13440]  ? validate_xmit_skb+0x9f9/0x1120
[  975.783725][T13440]  dev_hard_start_xmit+0x15f/0x7e0
[  975.788866][T13440]  ? __pfx_validate_xmit_skb+0x10/0x10
[  975.794458][T13440]  __dev_queue_xmit+0x1b63/0x3e90
[  975.799598][T13440]  ? kasan_save_track+0x51/0x80
[  975.804474][T13440]  ? do_syscall_64+0xf3/0x230
[  975.809180][T13440]  ? __dev_queue_xmit+0x2da/0x3e90
[  975.814322][T13440]  ? __pfx___dev_queue_xmit+0x10/0x10
[  975.819735][T13440]  ? __copy_skb_header+0x437/0x5b0
[  975.824870][T13440]  ? __asan_memcpy+0x40/0x70
[  975.829480][T13440]  ? __copy_skb_header+0x437/0x5b0
[  975.834621][T13440]  ? __skb_clone+0x454/0x6c0
[  975.839244][T13440]  ? skb_clone+0x240/0x390
[  975.843684][T13440]  __netlink_deliver_tap+0x54d/0x7c0
[  975.846585][ T5271] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0
[  975.848985][T13440]  ? netlink_deliver_tap+0x2e/0x1b0
[  975.849023][T13440]  netlink_deliver_tap+0x19d/0x1b0
[  975.849045][T13440]  netlink_unicast+0x7c4/0x990
[  975.849079][T13440]  ? __pfx_netlink_unicast+0x10/0x10
[  975.849102][T13440]  ? __virt_addr_valid+0x183/0x530
[  975.849123][T13440]  ? __check_object_size+0x49c/0x900
[  975.849144][T13440]  ? bpf_lsm_netlink_send+0x9/0x10
[  975.849170][T13440]  netlink_sendmsg+0x8e4/0xcb0
[  975.849203][T13440]  ? __pfx_netlink_sendmsg+0x10/0x10
[  975.849226][T13440]  ? __import_iovec+0x536/0x820
[  975.849248][T13440]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  975.849270][T13440]  ? security_socket_sendmsg+0x87/0xb0
[  975.849293][T13440]  ? __pfx_netlink_sendmsg+0x10/0x10
[  975.849311][T13440]  __sock_sendmsg+0x221/0x270
[  975.849336][T13440]  ____sys_sendmsg+0x525/0x7d0
[  975.849366][T13440]  ? __pfx_____sys_sendmsg+0x10/0x10
[  975.876054][ T5271] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0
[  975.877132][T13440]  __sys_sendmsg+0x2b0/0x3a0
[  975.877167][T13440]  ? __pfx___sys_sendmsg+0x10/0x10
[  975.877187][T13440]  ? vfs_write+0x7c4/0xc90
[  975.877252][T13440]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  975.877279][T13440]  ? do_syscall_64+0x100/0x230
[  975.877303][T13440]  ? do_syscall_64+0xb6/0x230
[  975.877327][T13440]  do_syscall_64+0xf3/0x230
[  975.877348][T13440]  ? clear_bhb_loop+0x35/0x90
[  975.877374][T13440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  975.877396][T13440] RIP: 0033:0x7f5adc37def9
[  975.877416][T13440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  975.877432][T13440] RSP: 002b:00007f5adbdff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  975.877455][T13440] RAX: ffffffffffffffda RBX: 00007f5adc535f80 RCX: 00007f5adc37def9
[  975.877470][T13440] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  975.877502][T13440] RBP: 00007f5adbdff090 R08: 0000000000000000 R09: 0000000000000000
[  975.877514][T13440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  975.895989][ T5271] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0
[  975.897736][T13440] R13: 0000000000000000 R14: 00007f5adc535f80 R15: 00007ffd38c6ec08
[  975.897771][T13440]  </TASK>
[  975.897861][    C0] vkms_vblank_simulate: vblank timer overrun
[  975.974916][T13440] netlink: 'syz.1.1988': attribute type 9 has an invalid length.
[  976.096944][T13440] netlink: 134660 bytes leftover after parsing attributes in process `syz.1.1988'.
[  978.533793][ T9644] usbhid 3-1:0.0: can't add hid device: -71
[  978.542223][ T9644] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  978.553382][ T9644] usb 3-1: USB disconnect, device number 40
[  978.560906][ T5271] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0
[  978.569554][ T5271] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0
[  978.584232][ T5271] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving
[  978.643386][ T5271] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  978.753327][ T5271] usb 5-1: USB disconnect, device number 34
[  978.786930][ T1108] hsr_slave_0: left promiscuous mode
[  978.851632][ T1108] hsr_slave_1: left promiscuous mode
[  979.026316][ T1108] batman_adv: batadv0: Removing interface: batadv_slave_0
[  979.058893][ T1108] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  979.849403][ T1108] batman_adv: batadv0: Removing interface: batadv_slave_1
[  979.980523][T13478] FAULT_INJECTION: forcing a failure.
[  979.980523][T13478] name failslab, interval 1, probability 0, space 0, times 0
[  980.014012][ T1108] veth1_macvtap: left promiscuous mode
[  980.036336][ T1108] veth0_macvtap: left promiscuous mode
[  980.071683][ T5271] libceph: connect (1)[c::]:6789 error -101
[  980.077962][ T1108] veth1_vlan: left promiscuous mode
[  980.091713][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[  980.098557][T13478] CPU: 0 UID: 0 PID: 13478 Comm: syz.4.1993 Not tainted 6.11.0-syzkaller #0
[  980.107354][T13478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  980.117417][T13478] Call Trace:
[  980.120719][T13478]  <TASK>
[  980.123640][T13478]  dump_stack_lvl+0x241/0x360
[  980.128318][T13478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  980.133529][T13478]  ? __pfx__printk+0x10/0x10
[  980.138110][T13478]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  980.143681][T13478]  ? __pfx___might_resched+0x10/0x10
[  980.148967][T13478]  should_fail_ex+0x3b0/0x4e0
[  980.153653][T13478]  ? security_file_alloc+0x28/0x130
[  980.158839][T13478]  should_failslab+0xac/0x100
[  980.163507][T13478]  ? security_file_alloc+0x28/0x130
[  980.168701][T13478]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  980.174064][T13478]  security_file_alloc+0x28/0x130
[  980.179078][T13478]  init_file+0x99/0x200
[  980.183230][T13478]  alloc_empty_file+0xb8/0x1d0
[  980.187983][T13478]  alloc_file_pseudo+0x1da/0x290
[  980.192918][T13478]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  980.198362][T13478]  ? __local_bh_enable_ip+0x168/0x200
[  980.203815][T13478]  ? bpf_link_prime+0x7a/0x240
[  980.208570][T13478]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  980.214299][T13478]  anon_inode_getfile+0xc8/0x180
[  980.219233][T13478]  bpf_link_prime+0xff/0x240
[  980.223810][T13478]  bpf_raw_tp_link_attach+0x3c4/0x6e0
[  980.229176][T13478]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  980.235077][T13478]  bpf_raw_tracepoint_open+0x1c2/0x240
[  980.240526][T13478]  __sys_bpf+0x3c0/0x810
[  980.244756][T13478]  ? __pfx___sys_bpf+0x10/0x10
[  980.249510][T13478]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  980.255480][T13478]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  980.261795][T13478]  ? do_syscall_64+0x100/0x230
[  980.266543][T13478]  __x64_sys_bpf+0x7c/0x90
[  980.270968][T13478]  do_syscall_64+0xf3/0x230
[  980.275475][T13478]  ? clear_bhb_loop+0x35/0x90
[  980.280140][T13478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.286020][T13478] RIP: 0033:0x7f177357def9
[  980.290516][T13478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  980.310113][T13478] RSP: 002b:00007f1774306038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  980.318517][T13478] RAX: ffffffffffffffda RBX: 00007f1773735f80 RCX: 00007f177357def9
[  980.326563][T13478] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000011
[  980.334524][T13478] RBP: 00007f1774306090 R08: 0000000000000000 R09: 0000000000000000
[  980.342484][T13478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  980.350441][T13478] R13: 0000000000000000 R14: 00007f1773735f80 R15: 00007ffdd06c6d68
[  980.358412][T13478]  </TASK>
[  980.361544][    C0] vkms_vblank_simulate: vblank timer overrun
[  980.369201][ T1108] veth0_vlan: left promiscuous mode
[  980.405332][ T5271] libceph: connect (1)[c::]:6789 error -101
[  980.421467][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[  980.552174][   T29] audit: type=1326 audit(1726488162.518:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13465 comm="syz.2.1992" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x0
[  980.698586][ T5271] libceph: connect (1)[c::]:6789 error -101
[  980.704919][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[  980.868244][T13479] ceph: No mds server is up or the cluster is laggy
[  982.981268][ T5362] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  982.996243][ T1108] team0 (unregistering): Port device team_slave_1 removed
[  983.046794][ T1108] team0 (unregistering): Port device team_slave_0 removed
[  983.201780][ T5362] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  983.213436][ T5362] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  983.224833][ T5362] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  983.236080][ T5362] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  983.258852][ T5362] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  983.268041][ T5362] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.283552][ T5362] usb 4-1: config 0 descriptor??
[  983.292056][T13503] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  983.654727][T13505] netlink: 'syz.2.2000': attribute type 21 has an invalid length.
[  983.663006][T13505] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2000'.
[  983.672515][T13505] netlink: 'syz.2.2000': attribute type 5 has an invalid length.
[  983.680338][T13505] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2000'.
[  983.762454][ T5362] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0
[  983.777261][ T5362] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0
[  983.784707][ T5362] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0
[  983.830246][ T5362] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0
[  983.842176][ T5362] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0
[  983.866332][ T5362] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving
[  983.920625][ T5362] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  984.189901][T13513] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  988.094497][ T5271] usb 4-1: USB disconnect, device number 42
[  988.124087][T13318] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  988.246053][T13318] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  988.333330][T13318] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  988.362166][T13318] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  988.617711][ T5270] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  988.918709][ T5270] usb 2-1: Using ep0 maxpacket: 32
[  989.010441][ T5270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  989.196069][T13318] 8021q: adding VLAN 0 to HW filter on device bond0
[  989.261955][ T5270] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  989.298223][T13318] 8021q: adding VLAN 0 to HW filter on device team0
[  989.305264][ T5270] usb 2-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00
[  989.332521][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.339661][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  989.357504][ T5270] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.389168][ T5270] usb 2-1: config 0 descriptor??
[  989.434004][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.441240][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  989.590265][T13318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  990.390219][T13528] program syz.1.2006 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  990.415539][ T5270] hid_mf 0003:0079:1801.0025: hidraw0: USB HID v0.00 Device [HID 0079:1801] on usb-dummy_hcd.1-1/input0
[  990.432678][T13528] netlink: 'syz.1.2006': attribute type 9 has an invalid length.
[  990.446062][T13558] netlink: 'syz.2.2011': attribute type 21 has an invalid length.
[  990.453956][T13558] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2011'.
[  990.463151][T13558] netlink: 'syz.2.2011': attribute type 5 has an invalid length.
[  990.472354][T13558] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2011'.
[  990.472524][T13528] netlink: 134660 bytes leftover after parsing attributes in process `syz.1.2006'.
[  990.613474][ T5270] hid_mf 0003:0079:1801.0025: Force feedback for HJZ Mayflash game controller adapters by Marcel Hasler <mahasler@gmail.com>
[  990.699357][ T5270] usb 2-1: USB disconnect, device number 41
[  991.277379][ T9644] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  991.722922][ T9644] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  991.742159][ T9644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  991.771628][ T9644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  991.802632][ T9644] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  991.834506][ T9644] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  991.861327][ T9644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  991.997591][T13318] 8021q: adding VLAN 0 to HW filter on device batadv0
[  992.099768][ T9644] usb 5-1: config 0 descriptor??
[  992.107492][T13569] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  992.188028][ T5270] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  992.824089][T13318] veth0_vlan: entered promiscuous mode
[  992.900554][T13318] veth1_vlan: entered promiscuous mode
[  992.990887][ T5270] usb 4-1: not running at top speed; connect to a high speed hub
[  993.005560][ T9644] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  993.022659][ T9644] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  993.023918][ T5270] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  993.050142][ T9644] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  993.083520][ T9644] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  993.085583][T13318] veth0_macvtap: entered promiscuous mode
[  993.109591][ T5270] usb 4-1: config 1 has no interface number 1
[  993.115771][ T5270] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  993.116854][ T9644] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  993.141053][ T5270] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 132, changing to 4
[  993.162344][T13318] veth1_macvtap: entered promiscuous mode
[  993.177801][ T9644] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving
[  993.183528][ T5270] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  993.198315][ T5270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  993.323569][ T5270] usb 4-1: Product: syz
[  993.335661][ T5270] usb 4-1: Manufacturer: syz
[  993.340809][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  993.340974][ T5270] usb 4-1: SerialNumber: syz
[  993.350065][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  993.372053][ T9644] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  993.379211][T13318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  996.764759][ T5362] usb 5-1: USB disconnect, device number 35
[  996.783449][T13318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  996.804421][T13318] batman_adv: batadv0: Interface activated: batadv_slave_0
[  996.885704][T13318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  996.907932][ T5270] usb 4-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  996.943176][T13318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  996.953569][ T5270] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  996.973453][T13318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  997.015560][T13318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  997.048079][ T5270] usb 4-1: USB disconnect, device number 43
[  997.067064][T13318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  997.086790][T13318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  997.102398][T13610] tmpfs: Unknown parameter 'hugeZalwaC�l'
[  997.112388][T13380] udevd[13380]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  997.128372][T13318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  997.128395][T13318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  997.129928][T13318] batman_adv: batadv0: Interface activated: batadv_slave_1
[  997.179919][T13318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  997.205988][T13318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  997.219968][T13318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  997.230046][T13318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  997.323409][T13612] input: syz0 as /devices/virtual/input/input31
[  997.440571][T13612] netlink: 'syz.1.2023': attribute type 1 has an invalid length.
[  997.462597][T13612] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2023'.
[  997.485411][ T8553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  997.504120][ T8553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  997.694671][ T8553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  997.757502][ T8553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  999.027844][ T9644] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[  999.305280][ T9644] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  999.317468][ T9644] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  999.326979][ T9644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.551896][T13643] FAULT_INJECTION: forcing a failure.
[  999.551896][T13643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  999.565126][T13643] CPU: 1 UID: 0 PID: 13643 Comm: syz.2.2031 Not tainted 6.11.0-syzkaller #0
[  999.573852][T13643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  999.583905][T13643] Call Trace:
[  999.587362][T13643]  <TASK>
[  999.590290][T13643]  dump_stack_lvl+0x241/0x360
[  999.594964][T13643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  999.600172][T13643]  ? __pfx__printk+0x10/0x10
[  999.604762][T13643]  ? __pfx_lock_release+0x10/0x10
[  999.609780][T13643]  ? vfs_write+0x7c4/0xc90
[  999.614193][T13643]  should_fail_ex+0x3b0/0x4e0
[  999.618866][T13643]  _copy_from_user+0x2f/0xe0
[  999.623473][T13643]  get_timespec64+0x97/0x280
[  999.628142][T13643]  ? __pfx_get_timespec64+0x10/0x10
[  999.633356][T13643]  __x64_sys_recvmmsg+0x140/0x250
[  999.638384][T13643]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  999.643934][T13643]  ? do_syscall_64+0x100/0x230
[  999.648698][T13643]  ? do_syscall_64+0xb6/0x230
[  999.653462][T13643]  do_syscall_64+0xf3/0x230
[  999.657964][T13643]  ? clear_bhb_loop+0x35/0x90
[  999.662639][T13643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  999.668526][T13643] RIP: 0033:0x7f825ef7def9
[  999.672932][T13643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  999.692538][T13643] RSP: 002b:00007f825fd82038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  999.700950][T13643] RAX: ffffffffffffffda RBX: 00007f825f135f80 RCX: 00007f825ef7def9
[  999.708910][T13643] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003
[  999.716879][T13643] RBP: 00007f825fd82090 R08: 0000000020003700 R09: 0000000000000000
[  999.724876][T13643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  999.732838][T13643] R13: 0000000000000000 R14: 00007f825f135f80 R15: 00007ffd977840d8
[  999.740815][T13643]  </TASK>
[  999.743955][    C1] vkms_vblank_simulate: vblank timer overrun
[  999.845190][T13637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  999.899180][T13637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  999.937428][ T9644] usb 5-1: string descriptor 0 read error: -71
[  999.965392][ T9644] hub 5-1:32.0: bad descriptor, ignoring hub
[  999.985579][ T9644] hub 5-1:32.0: probe with driver hub failed with error -5
[ 1000.274178][T13654] netlink: 'syz.2.2036': attribute type 3 has an invalid length.
[ 1000.361088][T13655] netlink: 'syz.2.2036': attribute type 9 has an invalid length.
[ 1000.368960][T13655] netlink: 95380 bytes leftover after parsing attributes in process `syz.2.2036'.
[ 1000.880839][ T9644] usb 5-1: USB disconnect, device number 36
[ 1002.514081][T13684] FAULT_INJECTION: forcing a failure.
[ 1002.514081][T13684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1002.528434][T13684] CPU: 0 UID: 0 PID: 13684 Comm: syz.0.2043 Not tainted 6.11.0-syzkaller #0
[ 1002.537142][T13684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1002.547210][T13684] Call Trace:
[ 1002.550500][T13684]  <TASK>
[ 1002.553456][T13684]  dump_stack_lvl+0x241/0x360
[ 1002.558127][T13684]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1002.563311][T13684]  ? __pfx__printk+0x10/0x10
[ 1002.567909][T13684]  ? snprintf+0xda/0x120
[ 1002.572174][T13684]  should_fail_ex+0x3b0/0x4e0
[ 1002.576867][T13684]  _copy_to_user+0x2f/0xb0
[ 1002.581300][T13684]  simple_read_from_buffer+0xca/0x150
[ 1002.586694][T13684]  proc_fail_nth_read+0x1ec/0x260
[ 1002.591737][T13684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.597304][T13684]  ? rw_verify_area+0x520/0x6b0
[ 1002.602168][T13684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.607743][T13684]  vfs_read+0x204/0xbc0
[ 1002.611914][T13684]  ? __pfx_lock_release+0x10/0x10
[ 1002.616962][T13684]  ? __pfx_vfs_read+0x10/0x10
[ 1002.621659][T13684]  ? __fget_files+0x29/0x470
[ 1002.626259][T13684]  ? __fget_files+0x3f6/0x470
[ 1002.630968][T13684]  ksys_read+0x1a0/0x2c0
[ 1002.635241][T13684]  ? __pfx_ksys_read+0x10/0x10
[ 1002.640047][T13684]  ? do_syscall_64+0x100/0x230
[ 1002.644836][T13684]  ? do_syscall_64+0xb6/0x230
[ 1002.649702][T13684]  do_syscall_64+0xf3/0x230
[ 1002.654232][T13684]  ? clear_bhb_loop+0x35/0x90
[ 1002.658930][T13684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.664835][T13684] RIP: 0033:0x7f59e5f7c93c
[ 1002.669262][T13684] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1002.688877][T13684] RSP: 002b:00007f59e6d70030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1002.697295][T13684] RAX: ffffffffffffffda RBX: 00007f59e6135f80 RCX: 00007f59e5f7c93c
[ 1002.705269][T13684] RDX: 000000000000000f RSI: 00007f59e6d700a0 RDI: 0000000000000003
[ 1002.713262][T13684] RBP: 00007f59e6d70090 R08: 0000000000000000 R09: 0000000000000000
[ 1002.721234][T13684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1002.729211][T13684] R13: 0000000000000001 R14: 00007f59e6135f80 R15: 00007ffe572e7348
[ 1002.737208][T13684]  </TASK>
[ 1007.008044][T13695] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1007.014146][T13695] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1007.033585][T13695] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1007.040150][T13695] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1007.048870][T13695] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1007.054819][T13695] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1007.100629][T13695] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1008.337353][   T29] audit: type=1326 audit(1726488190.268:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.2051" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177357def9 code=0x0
[ 1008.869933][ T8594] Bluetooth: hci4: command 0x0405 tx timeout
[ 1009.175767][ T8594] Bluetooth: hci3: command 0x0405 tx timeout
[ 1009.289676][ T5231] Bluetooth: hci0: command 0x0405 tx timeout
[ 1009.295751][ T5231] Bluetooth: hci2: command 0x0405 tx timeout
[ 1009.301914][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1009.638779][T13720] ceph: No mds server is up or the cluster is laggy
[ 1010.306577][T13759] IPVS: set_ctl: invalid protocol: 60 172.30.0.3:0
[ 1011.427320][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1011.437602][T13777] No buffer was provided with the request
[ 1011.717408][T13766] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1011.723483][T13766] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1011.729931][T13766] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1011.735934][T13766] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1011.742026][T13766] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1012.091705][   T29] audit: type=1326 audit(1726488194.048:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13782 comm="syz.3.2068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f580637def9 code=0x0
[ 1013.237608][ T9580] Bluetooth: hci4: command 0x0405 tx timeout
[ 1013.427833][T13784] ceph: No mds server is up or the cluster is laggy
[ 1013.827508][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1013.837285][ T5231] Bluetooth: hci0: command 0x0405 tx timeout
[ 1013.843340][ T5231] Bluetooth: hci2: command 0x0405 tx timeout
[ 1013.851433][ T8594] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1016.537598][T12386] Bluetooth: hci3: command 0x0405 tx timeout
[ 1018.893238][T13826] No buffer was provided with the request
[ 1019.660492][T13846] program syz.4.2084 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1019.701805][T13825] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1019.708444][T13825] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1019.714466][T13825] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1019.721717][T13825] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1019.728923][T13825] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1020.745287][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1020.757794][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1020.780991][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1020.789186][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.088169][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1021.104679][ T5231] Bluetooth: hci4: command 0x0405 tx timeout
[ 1021.114063][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.549254][   T29] audit: type=1326 audit(1726488203.488:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13854 comm="syz.1.2085" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[ 1021.757928][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1021.764473][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.867393][ T5231] Bluetooth: hci3: command 0x0405 tx timeout
[ 1021.873580][ T5231] Bluetooth: hci2: command 0x0405 tx timeout
[ 1021.882242][ T5231] Bluetooth: hci0: command 0x0405 tx timeout
[ 1021.889668][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1021.906315][T13886] No buffer was provided with the request
[ 1022.465103][T13863] ceph: No mds server is up or the cluster is laggy
[ 1023.048657][T13899] netlink: 'syz.1.2096': attribute type 4 has an invalid length.
[ 1023.056612][T13899] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2096'.
[ 1023.685378][T13899] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2096'.
[ 1023.893938][T13907] program syz.2.2097 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1024.672805][T13899] bond0: entered promiscuous mode
[ 1024.699809][T13899] bond_slave_0: entered promiscuous mode
[ 1024.988895][T13899] bond_slave_1: entered promiscuous mode
[ 1025.107523][ T5231] Bluetooth: hci3: command 0x0405 tx timeout
[ 1025.444101][T13893] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1025.450264][T13893] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1025.456407][T13893] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1025.462576][T13893] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1025.468753][T13893] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1026.721750][ T5231] Bluetooth: hci4: command 0x0405 tx timeout
[ 1027.211210][T13933] No buffer was provided with the request
[ 1027.937931][T13937] No buffer was provided with the request
[ 1029.012156][T12386] Bluetooth: hci3: command 0x0405 tx timeout
[ 1029.018891][T12386] Bluetooth: hci2: command 0x0405 tx timeout
[ 1029.025017][T12386] Bluetooth: hci0: command 0x0405 tx timeout
[ 1029.031392][T12386] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1030.183288][T13942] usb usb8: usbfs: process 13942 (syz.3.2108) did not claim interface 0 before use
[ 1030.318168][T13950] program syz.1.2109 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1031.134973][T13961] netlink: 'syz.2.2111': attribute type 9 has an invalid length.
[ 1031.180691][T13961] netlink: 134660 bytes leftover after parsing attributes in process `syz.2.2111'.
[ 1033.960674][T13982] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1033.990032][T13982] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1033.997645][T13982] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1034.004964][T13982] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1034.007092][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1034.018386][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1034.044895][T14000] IPVS: set_ctl: invalid protocol: 60 172.30.0.1:0
[ 1034.082945][T13982] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1034.549589][ T9644] libceph: connect (1)[c::]:6789 error -101
[ 1034.549738][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[ 1034.636471][   T29] audit: type=1326 audit(1726488216.598:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13994 comm="syz.1.2119" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[ 1034.650271][ T5271] IPVS: starting estimator thread 0...
[ 1035.110414][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1035.489696][T13997] ceph: No mds server is up or the cluster is laggy
[ 1035.503128][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1035.518072][T14006] IPVS: using max 33 ests per chain, 79200 per kthread
[ 1035.818048][T12386] Bluetooth: hci4: command 0x0405 tx timeout
[ 1035.941131][T14019] program syz.1.2125 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1036.157871][T12386] Bluetooth: hci2: command 0x0405 tx timeout
[ 1036.158024][T12386] Bluetooth: hci0: command 0x0405 tx timeout
[ 1036.159289][T12386] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1036.159389][T12386] Bluetooth: hci3: command 0x0405 tx timeout
[ 1036.828231][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1036.828369][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1036.837949][ T5271] libceph: connect (1)[c::]:6789 error -101
[ 1036.838037][ T5271] libceph: mon0 (1)[c::]:6789 connect error
[ 1037.101879][ T9644] libceph: connect (1)[c::]:6789 error -101
[ 1037.102024][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[ 1037.518097][   T29] audit: type=1326 audit(1726488219.488:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14022 comm="syz.2.2127" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x0
[ 1037.595048][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2128'.
[ 1037.607516][   T25] libceph: connect (1)[c::]:6789 error -101
[ 1037.607605][   T25] libceph: mon0 (1)[c::]:6789 connect error
[ 1037.705206][T14027] ceph: No mds server is up or the cluster is laggy
[ 1038.127308][   T25] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1038.687727][   T25] usb 5-1: Using ep0 maxpacket: 32
[ 1038.689417][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1038.689450][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1038.689481][   T25] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1038.689496][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1038.690908][   T25] usb 5-1: config 0 descriptor??
[ 1038.706294][   T25] hub 5-1:0.0: USB hub found
[ 1038.962019][   T25] hub 5-1:0.0: 1 port detected
[ 1040.297376][   T25] hub 5-1:0.0: activate --> -90
[ 1040.488961][T14074] program syz.2.2138 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1041.472445][T14086] FAULT_INJECTION: forcing a failure.
[ 1041.472445][T14086] name failslab, interval 1, probability 0, space 0, times 0
[ 1041.502683][T14087] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2143'.
[ 1041.531936][T14086] CPU: 1 UID: 0 PID: 14086 Comm: syz.1.2144 Not tainted 6.11.0-syzkaller #0
[ 1041.540661][T14086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1041.550732][T14086] Call Trace:
[ 1041.554007][T14086]  <TASK>
[ 1041.556928][T14086]  dump_stack_lvl+0x241/0x360
[ 1041.561608][T14086]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1041.566822][T14086]  ? __pfx__printk+0x10/0x10
[ 1041.571402][T14086]  ? __asan_memset+0x23/0x50
[ 1041.575977][T14086]  ? lockdep_init_map_type+0xa1/0x910
[ 1041.581345][T14086]  should_fail_ex+0x3b0/0x4e0
[ 1041.586013][T14086]  ? slab_build_skb+0x52/0x450
[ 1041.590764][T14086]  should_failslab+0xac/0x100
[ 1041.595444][T14086]  ? slab_build_skb+0x52/0x450
[ 1041.600215][T14086]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 1041.605850][T14086]  slab_build_skb+0x52/0x450
[ 1041.610440][T14086]  ? sock_init_data_uid+0x5cd/0x830
[ 1041.615621][T14086]  bpf_prog_test_run_skb+0x3e7/0x1820
[ 1041.620981][T14086]  ? __pfx_lock_release+0x10/0x10
[ 1041.626087][T14086]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1041.631900][T14086]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1041.637736][T14086]  bpf_prog_test_run+0x33a/0x3b0
[ 1041.642672][T14086]  __sys_bpf+0x48d/0x810
[ 1041.646909][T14086]  ? __pfx___sys_bpf+0x10/0x10
[ 1041.651679][T14086]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1041.657659][T14086]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1041.663993][T14086]  ? do_syscall_64+0x100/0x230
[ 1041.668753][T14086]  __x64_sys_bpf+0x7c/0x90
[ 1041.673165][T14086]  do_syscall_64+0xf3/0x230
[ 1041.677674][T14086]  ? clear_bhb_loop+0x35/0x90
[ 1041.682368][T14086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.688273][T14086] RIP: 0033:0x7f5adc37def9
[ 1041.692719][T14086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1041.712319][T14086] RSP: 002b:00007f5adbdff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1041.720724][T14086] RAX: ffffffffffffffda RBX: 00007f5adc535f80 RCX: 00007f5adc37def9
[ 1041.728687][T14086] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a
[ 1041.736643][T14086] RBP: 00007f5adbdff090 R08: 0000000000000000 R09: 0000000000000000
[ 1041.744600][T14086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1041.752555][T14086] R13: 0000000000000000 R14: 00007f5adc535f80 R15: 00007ffd38c6ec08
[ 1041.760535][T14086]  </TASK>
[ 1041.766742][T14087] openvswitch: netlink: VXLAN extension 1024 out of range max 1
[ 1041.786176][T14078] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1041.802727][T14078] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1041.822410][T14078] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1041.854934][T14078] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1041.863669][T14078] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1042.115309][   T25] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[ 1042.137345][   T25] usb 5-1-port1: config error
[ 1042.884120][   T25] usb 5-1-port1: cannot disable (err = -71)
[ 1042.967302][   T25] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[ 1043.005958][   T25] usb 5-1-port1: connect-debounce failed
[ 1043.019725][ T9644] usb 5-1: USB disconnect, device number 37
[ 1043.582339][ T8594] Bluetooth: hci4: command 0x0405 tx timeout
[ 1043.896907][ T8594] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1043.907345][ T8594] Bluetooth: hci3: command 0x0405 tx timeout
[ 1043.907523][T12386] Bluetooth: hci2: command 0x0405 tx timeout
[ 1043.913372][ T8594] Bluetooth: hci0: command 0x0405 tx timeout
[ 1044.128108][   T29] audit: type=1326 audit(1726488226.098:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14115 comm="syz.4.2152" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177357def9 code=0x0
[ 1044.286831][T14130] program syz.0.2153 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1045.084064][T14118] ceph: No mds server is up or the cluster is laggy
[ 1045.160551][   T29] audit: type=1326 audit(1726488227.128:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1045.584629][   T29] audit: type=1326 audit(1726488227.218:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1045.777394][   T29] audit: type=1326 audit(1726488227.258:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1045.799536][   T29] audit: type=1326 audit(1726488227.318:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1046.410296][ T5270] usb 3-1: new low-speed USB device number 41 using dummy_hcd
[ 1046.744596][   T29] audit: type=1326 audit(1726488227.368:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1046.865373][   T29] audit: type=1326 audit(1726488227.368:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1047.432607][ T5270] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1047.441310][   T29] audit: type=1326 audit(1726488227.368:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1047.475159][ T5270] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[ 1047.519082][ T5270] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1047.559750][   T29] audit: type=1326 audit(1726488227.368:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1047.587473][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1047.598794][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1047.660802][ T5270] usb 3-1: string descriptor 0 read error: -22
[ 1047.683033][ T5270] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[ 1047.704727][ T5270] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1047.748328][ T5270] usb 3-1: config 0 descriptor??
[ 1047.778475][ T5270] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1047.784735][ T5270] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1047.814655][ T5270] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input34
[ 1047.910431][ T5270] input: failed to attach handler mousedev to device input34, error: -5
[ 1048.027061][   T29] kauditd_printk_skb: 39 callbacks suppressed
[ 1048.027080][   T29] audit: type=1326 audit(1726488229.968:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1049.740472][   T29] audit: type=1326 audit(1726488229.988:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1050.586346][ T5270] libceph: connect (1)[c::]:6789 error -101
[ 1050.593151][ T5270] libceph: mon0 (1)[c::]:6789 connect error
[ 1050.616602][   T29] audit: type=1326 audit(1726488231.678:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1050.695404][ T9893] usb 3-1: USB disconnect, device number 41
[ 1050.713265][   T29] audit: type=1326 audit(1726488231.678:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1050.819123][   T29] audit: type=1326 audit(1726488231.688:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14132 comm="syz.2.2155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f825ef7def9 code=0x7ffc0000
[ 1050.917632][ T5270] libceph: connect (1)[c::]:6789 error -101
[ 1050.924162][ T5270] libceph: mon0 (1)[c::]:6789 connect error
[ 1050.959606][T14176] FAULT_INJECTION: forcing a failure.
[ 1050.959606][T14176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1050.959739][   T29] audit: type=1326 audit(1726488232.768:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14150 comm="syz.0.2160" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59e5f7def9 code=0x0
[ 1051.272203][T14176] CPU: 1 UID: 0 PID: 14176 Comm: syz.1.2163 Not tainted 6.11.0-syzkaller #0
[ 1051.280938][T14176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1051.290994][T14176] Call Trace:
[ 1051.294267][T14176]  <TASK>
[ 1051.297196][T14176]  dump_stack_lvl+0x241/0x360
[ 1051.301883][T14176]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1051.307066][T14176]  ? __pfx__printk+0x10/0x10
[ 1051.311647][T14176]  ? __pfx_lock_release+0x10/0x10
[ 1051.316680][T14176]  should_fail_ex+0x3b0/0x4e0
[ 1051.321378][T14176]  _copy_from_user+0x2f/0xe0
[ 1051.325975][T14176]  get_timespec64+0x97/0x280
[ 1051.330575][T14176]  ? __pfx_get_timespec64+0x10/0x10
[ 1051.335773][T14176]  ? io_alloc_async_data+0x7a/0x120
[ 1051.340973][T14176]  ? __kmalloc_noprof+0x21a/0x400
[ 1051.346005][T14176]  __io_timeout_prep+0x358/0x6f0
[ 1051.350948][T14176]  io_submit_sqes+0x9c4/0x1bf0
[ 1051.355822][T14176]  __se_sys_io_uring_enter+0x2ce/0x2670
[ 1051.361364][T14176]  ? vfs_write+0x7c4/0xc90
[ 1051.365781][T14176]  ? __pfx_vfs_write+0x10/0x10
[ 1051.370659][T14176]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1051.376646][T14176]  ? __fget_files+0x3f6/0x470
[ 1051.381329][T14176]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1051.387308][T14176]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1051.393630][T14176]  ? do_syscall_64+0x100/0x230
[ 1051.398394][T14176]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1051.403943][T14176]  do_syscall_64+0xf3/0x230
[ 1051.408449][T14176]  ? clear_bhb_loop+0x35/0x90
[ 1051.413124][T14176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1051.419103][T14176] RIP: 0033:0x7f5adc37def9
[ 1051.423511][T14176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1051.443110][T14176] RSP: 002b:00007f5adbdde038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1051.451554][T14176] RAX: ffffffffffffffda RBX: 00007f5adc536058 RCX: 00007f5adc37def9
[ 1051.459530][T14176] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000009
[ 1051.467508][T14176] RBP: 00007f5adbdde090 R08: 0000000000000000 R09: 0000000000000000
[ 1051.475492][T14176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1051.483566][T14176] R13: 0000000000000000 R14: 00007f5adc536058 R15: 00007ffd38c6ec08
[ 1051.491750][T14176]  </TASK>
[ 1051.724129][ T9893] libceph: connect (1)[c::]:6789 error -101
[ 1051.730234][ T9893] libceph: mon0 (1)[c::]:6789 connect error
[ 1051.888627][T14151] ceph: No mds server is up or the cluster is laggy
[ 1053.327372][   T29] audit: type=1326 audit(1726488235.278:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14179 comm="syz.3.2166" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f580637def9 code=0x0
[ 1053.703550][T14180] ceph: No mds server is up or the cluster is laggy
[ 1054.798600][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.805143][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.162754][ T5218] libceph: connect (1)[c::]:6789 error -101
[ 1055.200800][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[ 1055.228150][ T9644] libceph: connect (1)[c::]:6789 error -101
[ 1055.241574][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[ 1055.392861][   T29] audit: type=1326 audit(1726488237.358:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14201 comm="syz.1.2170" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[ 1055.694913][ T5218] libceph: connect (1)[c::]:6789 error -101
[ 1055.723890][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[ 1056.491608][T14204] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1056.510567][T14204] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1056.526501][T14204] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1056.539241][T14205] ceph: No mds server is up or the cluster is laggy
[ 1056.548516][T14204] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1056.621725][T14204] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1056.831348][T14220] overlayfs: disabling nfs_export due to verity=require
[ 1056.879755][T14220] overlayfs: missing 'lowerdir'
[ 1057.217407][ T5218] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1057.498820][ T8594] Bluetooth: hci4: command 0x0405 tx timeout
[ 1059.535361][ T8594] Bluetooth: hci0: command 0x0405 tx timeout
[ 1059.535413][ T5231] Bluetooth: hci2: command 0x0405 tx timeout
[ 1059.541451][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1059.832744][T12386] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1069.242872][T12386] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1069.254546][T12386] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1069.263158][T12386] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1069.279471][T12386] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1069.291201][T12386] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1069.298711][T12386] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1069.477458][T12386] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1069.508064][T12386] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1069.542714][T12386] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1069.552802][T12386] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1069.565518][T12386] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1069.573965][T12386] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1070.707101][T14278] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1070.708071][T10086] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.347262][ T9580] Bluetooth: hci4: command tx timeout
[ 1071.747390][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1073.547692][ T5231] Bluetooth: hci5: command tx timeout
[ 1073.807761][T14276] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1073.813804][T14276] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1073.821822][T14276] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1073.827873][T14276] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1073.833789][T14276] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1073.860130][T14276] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1073.880798][T14276] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1073.886749][T14276] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1073.893925][T14276] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1074.534980][T14293] No buffer was provided with the request
[ 1074.614520][T14295] misc userio: The device must be registered before sending interrupts
[ 1074.822173][T10086] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.457437][T10086] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.739103][T10086] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.828237][T14313] No buffer was provided with the request
[ 1075.897543][ T9580] Bluetooth: hci4: command 0x040f tx timeout
[ 1075.903857][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1075.910610][ T5231] Bluetooth: hci0: command 0x0405 tx timeout
[ 1075.910684][ T8594] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1075.916761][T12386] Bluetooth: hci5: command 0x041b tx timeout
[ 1076.438254][T14266] chnl_net:caif_netlink_parms(): no params data found
[ 1076.488988][T10086] bridge_slave_1: left allmulticast mode
[ 1076.502737][T10086] bridge_slave_1: left promiscuous mode
[ 1076.522669][T10086] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1076.583680][T10086] bridge_slave_0: left allmulticast mode
[ 1076.601435][T10086] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1077.978456][T12386] Bluetooth: hci5: command 0x041b tx timeout
[ 1077.978469][ T8594] Bluetooth: hci4: command 0x040f tx timeout
[ 1080.310020][ T8594] Bluetooth: hci5: command 0x041b tx timeout
[ 1080.429021][T12386] Bluetooth: hci4: command 0x040f tx timeout
[ 1080.773358][T10086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1080.789326][T10086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1080.800818][T10086] bond0 (unregistering): Released all slaves
[ 1080.823827][T14329] netlink: 'syz.0.2199': attribute type 21 has an invalid length.
[ 1080.831906][T14329] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2199'.
[ 1080.841123][T14329] netlink: 'syz.0.2199': attribute type 5 has an invalid length.
[ 1080.848889][T14329] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2199'.
[ 1080.903637][T14261] chnl_net:caif_netlink_parms(): no params data found
[ 1081.186258][T14266] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1081.197086][T14266] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1081.208130][T14266] bridge_slave_0: entered allmulticast mode
[ 1081.215701][T14266] bridge_slave_0: entered promiscuous mode
[ 1081.264109][T14266] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1081.276052][T14266] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1081.286784][T14266] bridge_slave_1: entered allmulticast mode
[ 1081.299452][T14266] bridge_slave_1: entered promiscuous mode
[ 1081.412070][T14261] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1081.427311][T14261] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1081.435294][T14261] bridge_slave_0: entered allmulticast mode
[ 1081.484639][T14261] bridge_slave_0: entered promiscuous mode
[ 1081.515762][T14346] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1081.524325][T14346] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1081.532780][T14346] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1081.541396][T14346] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1081.550163][T14346] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1081.589454][T14266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1081.623533][T14266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1081.809947][T14261] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1081.841255][T14261] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1081.871177][T14261] bridge_slave_1: entered allmulticast mode
[ 1081.893464][T14261] bridge_slave_1: entered promiscuous mode
[ 1082.077498][T10086] hsr_slave_0: left promiscuous mode
[ 1082.123570][T10086] hsr_slave_1: left promiscuous mode
[ 1082.181760][T10086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1082.194559][T10086] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1082.254359][T14385] No buffer was provided with the request
[ 1082.295017][T10086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1082.335044][T14387] misc userio: The device must be registered before sending interrupts
[ 1082.907382][T10086] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1082.973873][T10086] veth1_macvtap: left promiscuous mode
[ 1082.997103][T10086] veth0_macvtap: left promiscuous mode
[ 1083.003563][T10086] veth1_vlan: left promiscuous mode
[ 1083.008981][T10086] veth0_vlan: left promiscuous mode
[ 1083.018719][T12386] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1083.209243][T14393] IPVS: set_ctl: invalid protocol: 60 172.30.0.2:0
[ 1083.627814][T12386] Bluetooth: hci5: command 0x041b tx timeout
[ 1083.634186][ T8594] Bluetooth: hci4: command 0x040f tx timeout
[ 1083.640658][T12386] Bluetooth: hci3: command 0x0405 tx timeout
[ 1083.647150][ T8594] Bluetooth: hci0: command 0x0405 tx timeout
[ 1085.221145][T10086] team0 (unregistering): Port device team_slave_1 removed
[ 1085.278624][T10086] team0 (unregistering): Port device team_slave_0 removed
[ 1085.661247][ T8594] Bluetooth: hci4: command 0x040f tx timeout
[ 1085.667387][T12386] Bluetooth: hci5: command 0x041b tx timeout
[ 1085.934662][T14373] FAULT_INJECTION: forcing a failure.
[ 1085.934662][T14373] name failslab, interval 1, probability 0, space 0, times 0
[ 1085.951750][T14373] CPU: 0 UID: 0 PID: 14373 Comm: syz.3.2203 Not tainted 6.11.0-syzkaller #0
[ 1085.960455][T14373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1085.970514][T14373] Call Trace:
[ 1085.973796][T14373]  <TASK>
[ 1085.976721][T14373]  dump_stack_lvl+0x241/0x360
[ 1085.981404][T14373]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1085.986602][T14373]  ? __pfx__printk+0x10/0x10
[ 1085.991193][T14373]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[ 1085.997177][T14373]  ? __pfx___might_resched+0x10/0x10
[ 1086.002469][T14373]  should_fail_ex+0x3b0/0x4e0
[ 1086.007154][T14373]  should_failslab+0xac/0x100
[ 1086.011851][T14373]  ? __alloc_skb+0x1c3/0x440
[ 1086.016439][T14373]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 1086.022274][T14373]  __alloc_skb+0x1c3/0x440
[ 1086.026690][T14373]  ? __pfx___alloc_skb+0x10/0x10
[ 1086.031627][T14373]  ? netlink_ack_tlv_len+0x6e/0x200
[ 1086.036818][T14373]  netlink_ack+0x13f/0xa30
[ 1086.041232][T14373]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1086.046694][T14373]  netlink_rcv_skb+0x262/0x430
[ 1086.051447][T14373]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1086.056916][T14373]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1086.062220][T14373]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1086.067418][T14373]  netlink_unicast+0x7f6/0x990
[ 1086.072194][T14373]  ? __pfx_netlink_unicast+0x10/0x10
[ 1086.077481][T14373]  ? __virt_addr_valid+0x183/0x530
[ 1086.082587][T14373]  ? __check_object_size+0x49c/0x900
[ 1086.087867][T14373]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1086.092978][T14373]  netlink_sendmsg+0x8e4/0xcb0
[ 1086.097748][T14373]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1086.103024][T14373]  ? __import_iovec+0x536/0x820
[ 1086.107870][T14373]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1086.113334][T14373]  ? security_socket_sendmsg+0x87/0xb0
[ 1086.118791][T14373]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1086.124069][T14373]  __sock_sendmsg+0x221/0x270
[ 1086.128746][T14373]  ____sys_sendmsg+0x525/0x7d0
[ 1086.133514][T14373]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1086.138808][T14373]  __sys_sendmmsg+0x3b2/0x740
[ 1086.143485][T14373]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1086.148708][T14373]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1086.154609][T14373]  ? ksys_write+0x23e/0x2c0
[ 1086.159108][T14373]  ? __pfx_lock_release+0x10/0x10
[ 1086.164128][T14373]  ? vfs_write+0x7c4/0xc90
[ 1086.168546][T14373]  ? __mutex_unlock_slowpath+0x21d/0x750
[ 1086.174256][T14373]  ? __pfx_vfs_write+0x10/0x10
[ 1086.179037][T14373]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1086.185019][T14373]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1086.191358][T14373]  ? do_syscall_64+0x100/0x230
[ 1086.196114][T14373]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1086.200960][T14373]  do_syscall_64+0xf3/0x230
[ 1086.205453][T14373]  ? clear_bhb_loop+0x35/0x90
[ 1086.210126][T14373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.216011][T14373] RIP: 0033:0x7f580637def9
[ 1086.220423][T14373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1086.240019][T14373] RSP: 002b:00007f580717a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1086.248426][T14373] RAX: ffffffffffffffda RBX: 00007f5806535f80 RCX: 00007f580637def9
[ 1086.256389][T14373] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005
[ 1086.264347][T14373] RBP: 00007f580717a090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.272310][T14373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1086.280268][T14373] R13: 0000000000000000 R14: 00007f5806535f80 R15: 00007ffe9998a798
[ 1086.288244][T14373]  </TASK>
[ 1086.407968][T14408] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1086.414005][T14408] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1086.420911][T14408] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1086.426882][T14408] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1086.433017][T14408] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1086.876360][T14261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1086.988790][T14261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1087.035689][T14266] team0: Port device team_slave_0 added
[ 1087.084083][T14266] team0: Port device team_slave_1 added
[ 1087.140989][T14261] team0: Port device team_slave_0 added
[ 1087.211467][T14266] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1087.218736][T14266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.260444][T14266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.296002][T14261] team0: Port device team_slave_1 added
[ 1087.303427][T14266] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1087.311005][T14266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.337139][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1087.356684][T14266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1087.495832][T14261] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1087.511581][T14261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.537554][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1087.547377][ T5271] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1087.582720][T14261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.616950][T10086] IPVS: stop unused estimator thread 0...
[ 1087.664331][T14261] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1087.692921][T14261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.703789][ T5362] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1087.733792][T14261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1087.758185][ T5271] usb 2-1: Using ep0 maxpacket: 8
[ 1087.760145][T14266] hsr_slave_0: entered promiscuous mode
[ 1087.765438][ T5271] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1087.784917][ T5271] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1087.804688][ T5271] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1087.815115][ T5271] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1087.842221][T14435] No buffer was provided with the request
[ 1087.935821][T14436] misc userio: The device must be registered before sending interrupts
[ 1087.977957][ T5362] usb 4-1: Using ep0 maxpacket: 8
[ 1088.021520][ T5362] usb 4-1: config 13 has an invalid interface number: 114 but max is 3
[ 1088.064668][ T5362] usb 4-1: config 13 has an invalid interface number: 96 but max is 3
[ 1088.086279][ T5362] usb 4-1: config 13 has an invalid interface number: 43 but max is 3
[ 1088.139242][ T5362] usb 4-1: config 13 has an invalid interface number: 65 but max is 3
[ 1088.176257][T14266] hsr_slave_1: entered promiscuous mode
[ 1088.190263][ T5362] usb 4-1: config 13 has an invalid interface number: 84 but max is 3
[ 1088.417351][ T5271] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1088.438271][ T5271] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1088.466321][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1088.477622][ T9580] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1088.483757][ T9580] Bluetooth: hci5: command 0x041b tx timeout
[ 1088.490751][T12386] Bluetooth: hci4: command 0x040f tx timeout
[ 1088.496787][T12386] Bluetooth: hci3: command 0x0405 tx timeout
[ 1088.503818][T12386] Bluetooth: hci0: command 0x0405 tx timeout
[ 1088.544001][ T5362] usb 4-1: config 13 has 5 interfaces, different from the descriptor's value: 4
[ 1088.553163][ T5362] usb 4-1: config 13 has no interface number 0
[ 1088.557616][ T5271] usbtmc 2-1:16.0: bulk endpoints not found
[ 1088.559366][ T5362] usb 4-1: config 13 has no interface number 1
[ 1088.572623][ T5362] usb 4-1: config 13 has no interface number 2
[ 1088.579215][ T5362] usb 4-1: config 13 has no interface number 3
[ 1088.585441][ T5362] usb 4-1: config 13 has no interface number 4
[ 1088.591733][ T5362] usb 4-1: config 13 interface 96 altsetting 183 endpoint 0xC has invalid maxpacket 1023, setting to 64
[ 1088.602944][ T5362] usb 4-1: config 13 interface 96 altsetting 183 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[ 1088.614119][ T5362] usb 4-1: config 13 interface 96 altsetting 183 bulk endpoint 0x7 has invalid maxpacket 64
[ 1088.624526][ T5362] usb 4-1: config 13 interface 96 altsetting 183 has a duplicate endpoint with address 0x2, skipping
[ 1088.635537][ T5362] usb 4-1: config 13 interface 96 altsetting 183 has an invalid descriptor for endpoint zero, skipping
[ 1088.687765][ T5362] usb 4-1: config 13 interface 96 altsetting 183 has a duplicate endpoint with address 0x2, skipping
[ 1088.698779][T14441] IPVS: set_ctl: invalid protocol: 60 172.30.0.1:0
[ 1088.713286][ T5362] usb 4-1: config 13 interface 96 altsetting 183 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[ 1088.724803][ T5362] usb 4-1: config 13 interface 96 altsetting 183 has a duplicate endpoint with address 0x2, skipping
[ 1088.742720][ T5362] usb 4-1: config 13 interface 96 altsetting 183 endpoint 0xE has invalid maxpacket 1024, setting to 64
[ 1088.754451][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0x4, skipping
[ 1088.790107][T14261] hsr_slave_0: entered promiscuous mode
[ 1088.802571][ T5362] usb 4-1: config 13 interface 43 altsetting 8 endpoint 0xB has invalid maxpacket 512, setting to 64
[ 1089.018194][T14261] hsr_slave_1: entered promiscuous mode
[ 1089.027524][T14261] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1089.031000][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0xD, skipping
[ 1089.046719][T14261] Cannot create hsr debugfs directory
[ 1089.048297][ T5362] usb 4-1: config 13 interface 43 altsetting 8 endpoint 0x6 has an invalid bInterval 48, changing to 7
[ 1089.072734][ T5362] usb 4-1: config 13 interface 43 altsetting 8 endpoint 0xF has invalid wMaxPacketSize 0
[ 1089.088712][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0x3, skipping
[ 1089.104292][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[ 1089.118313][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has an endpoint descriptor with address 0x46, changing to 0x6
[ 1089.152540][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0x6, skipping
[ 1089.163666][ T5362] usb 4-1: config 13 interface 43 altsetting 8 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[ 1089.178511][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has a duplicate endpoint with address 0x2, skipping
[ 1089.193227][ T5362] usb 4-1: config 13 interface 43 altsetting 8 has 11 endpoint descriptors, different from the interface descriptor's value: 15
[ 1089.208140][ T5362] usb 4-1: too many endpoints for config 13 interface 65 altsetting 216: 61, using maximum allowed: 30
[ 1089.221758][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has a duplicate endpoint with address 0x7, skipping
[ 1089.234109][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has a duplicate endpoint with address 0xC, skipping
[ 1089.253501][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has a duplicate endpoint with address 0x2, skipping
[ 1089.268286][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has a duplicate endpoint with address 0x3, skipping
[ 1089.287303][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has a duplicate endpoint with address 0xC, skipping
[ 1089.303071][ T5362] usb 4-1: config 13 interface 65 altsetting 216 has 5 endpoint descriptors, different from the interface descriptor's value: 61
[ 1089.316702][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0x4, skipping
[ 1089.331381][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0xF, skipping
[ 1089.343783][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[ 1089.358905][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0x8C, skipping
[ 1089.374205][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0xE, skipping
[ 1089.388748][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0x5, skipping
[ 1089.424409][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[ 1089.435812][ T5362] usb 4-1: config 13 interface 84 altsetting 129 has a duplicate endpoint with address 0xE, skipping
[ 1089.451132][ T5362] usb 4-1: config 13 interface 114 has no altsetting 0
[ 1089.458552][ T5362] usb 4-1: config 13 interface 96 has no altsetting 0
[ 1089.465704][ T5362] usb 4-1: config 13 interface 43 has no altsetting 0
[ 1089.477362][ T5362] usb 4-1: config 13 interface 65 has no altsetting 0
[ 1089.484388][ T5362] usb 4-1: config 13 interface 84 has no altsetting 0
[ 1089.520501][ T5362] usb 4-1: Dual-Role OTG device on HNP port
[ 1089.536800][ T5362] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=11.28
[ 1089.546077][ T5362] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1089.567217][ T5362] usb 4-1: Product: ࠬ
[ 1089.571537][ T5362] usb 4-1: Manufacturer: 〉
[ 1089.583878][ T5362] usb 4-1: SerialNumber: ဇ㳞襜捪폓ꡕꮢᆈ꫎艮꾇轲羛둁猩驛དྷᦻ߿␩ǧ苴㉽Ꙣ㴅솈屙뇟ﰜ঩ἆ貔颮럜鐸຿最匳濏譣賈傿낊⬴鱉賠緛吻馊綹鐚섀釠鱒Ⳑ꿬ꇵꊇ椨屑谌㔧Ї⠊纒畆굞呯孄딥쥰雝窜㸿䔕囶䧛蚎晤鞀伞䲦䇗⚸잘侻ｰH分퓰玶଩ﶎ┟絚⡥骰
[ 1089.616068][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1089.703380][T14261] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1089.817051][T14261] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1089.917666][ T5362] usb 4-1: USB disconnect, device number 44
[ 1089.934262][T14261] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1090.059209][T14261] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1090.303209][T14261] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1090.319687][T14261] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1090.336001][T14261] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1090.397018][T14261] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1090.538285][ T9580] Bluetooth: hci5: command 0x041b tx timeout
[ 1091.100730][   T29] audit: type=1326 audit(1726488273.068:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14470 comm="syz.3.2220" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f580637def9 code=0x0
[ 1091.245567][T11340] usb 2-1: USB disconnect, device number 43
[ 1091.345941][T14474] ceph: No mds server is up or the cluster is laggy
[ 1091.389903][T14477] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1091.416565][T14477] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1091.456447][T14477] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1091.461529][T14261] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1091.499793][T14477] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1091.544132][T10382] libceph: connect (1)[c::]:6789 error -101
[ 1091.555662][T14477] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1091.562325][T10382] libceph: mon0 (1)[c::]:6789 connect error
[ 1091.657836][   T29] audit: type=1326 audit(1726488273.618:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14483 comm="syz.1.2222" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[ 1091.705202][T14261] 8021q: adding VLAN 0 to HW filter on device team0
[ 1091.732005][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1091.739213][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1091.778399][T14266] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1091.813428][T14266] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1091.827707][T10382] libceph: connect (1)[c::]:6789 error -101
[ 1091.834032][T10382] libceph: mon0 (1)[c::]:6789 connect error
[ 1091.857381][T14266] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1091.895788][T14266] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1091.917900][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1091.925121][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1092.205276][T14486] ceph: No mds server is up or the cluster is laggy
[ 1092.230083][T14266] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1092.331341][T14266] 8021q: adding VLAN 0 to HW filter on device team0
[ 1092.835789][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1092.843040][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1093.188813][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1093.195977][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1093.420716][ T9580] Bluetooth: hci0: command 0x0405 tx timeout
[ 1093.426912][T12386] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1093.497566][T10382] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1093.505340][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1093.577786][ T9580] Bluetooth: hci5: command 0x041b tx timeout
[ 1093.584874][ T9580] Bluetooth: hci4: command 0x040f tx timeout
[ 1093.585766][T14261] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1094.324436][T10382] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1094.440695][T10382] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1094.477260][T10382] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1094.541316][T10382] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1094.581010][T10382] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.622551][T10382] usb 2-1: config 0 descriptor??
[ 1094.855891][T14266] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1098.158922][T10382] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving
[ 1098.171197][T10382] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1098.256982][T14266] veth0_vlan: entered promiscuous mode
[ 1098.298808][T10095] usb 2-1: USB disconnect, device number 44
[ 1098.326377][T14266] veth1_vlan: entered promiscuous mode
[ 1102.061305][T14266] veth0_macvtap: entered promiscuous mode
[ 1102.114194][T14266] veth1_macvtap: entered promiscuous mode
[ 1102.409822][T14266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1102.446638][T14266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1102.481391][T14266] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1102.543700][T14261] veth0_vlan: entered promiscuous mode
[ 1102.556745][T14266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1102.571406][T14266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1102.585965][T14266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1102.729658][T14266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1102.740731][T14266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1102.755665][T14266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1102.766210][T14266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1102.798425][T14266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1102.951581][T14266] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1103.451542][T14266] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1103.471623][T14266] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1103.486735][T14266] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1103.497131][T14266] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1103.529054][T14571] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1103.544725][T14571] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1103.550144][T14261] veth1_vlan: entered promiscuous mode
[ 1103.551883][T14571] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1103.573631][T14571] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1103.582573][T14571] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1104.777628][ T9580] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1105.290003][T14261] veth0_macvtap: entered promiscuous mode
[ 1105.383142][T14261] veth1_macvtap: entered promiscuous mode
[ 1105.577941][ T9580] Bluetooth: hci4: command 0x040f tx timeout
[ 1105.584008][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1105.590281][T12386] Bluetooth: hci0: command 0x0405 tx timeout
[ 1105.649910][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1105.657384][ T9580] Bluetooth: hci5: command 0x041b tx timeout
[ 1105.699547][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.710829][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1105.721461][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.733214][T14261] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1105.747604][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1105.755542][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1105.790060][T14607] IPVS: set_ctl: invalid protocol: 60 172.30.0.4:0
[ 1105.804050][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.814663][T14298] IPVS: starting estimator thread 0...
[ 1105.844496][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.863921][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.879932][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.900314][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.911120][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.921705][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.933828][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.933952][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.934003][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.935773][T14261] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1105.945494][T14608] IPVS: using max 33 ests per chain, 79200 per kthread
[ 1106.002197][T14261] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.053862][T14261] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.056029][T14261] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.107314][T14261] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.286030][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.345168][ T5519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.375484][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1106.398225][ T5519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1106.531465][ T5519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.583225][ T5519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1107.308736][T14634] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1109.941904][T14652] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1109.949034][T14652] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1109.955690][T14652] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1109.965064][T14652] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1109.973885][T14652] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1110.839374][ T5362] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1111.117443][ T5362] usb 3-1: Using ep0 maxpacket: 8
[ 1111.143028][ T5362] usb 3-1: config 0 has an invalid interface number: 186 but max is 0
[ 1111.193076][ T5362] usb 3-1: config 0 has no interface number 0
[ 1111.220522][   T29] audit: type=1326 audit(1726488293.178:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14678 comm="syz.0.2251" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f59e5f74ea7 code=0x0
[ 1111.251115][ T5362] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1111.308967][ T5362] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1111.346041][ T5362] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 108, changing to 10
[ 1111.373609][ T5362] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8949, setting to 1024
[ 1111.404995][ T5362] usb 3-1: config 0 interface 186 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1111.456690][ T5362] usb 3-1: string descriptor 0 read error: -71
[ 1111.490276][ T5362] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1111.497309][   T54] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1111.517863][ T5362] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1111.589226][ T5362] usb 3-1: config 0 descriptor??
[ 1111.635055][ T5362] usb 3-1: can't set config #0, error -71
[ 1111.668281][ T5362] usb 3-1: USB disconnect, device number 42
[ 1111.819516][T14689] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1112.057523][   T54] Bluetooth: hci5: command 0x041b tx timeout
[ 1112.057856][ T9580] Bluetooth: hci0: command 0x0405 tx timeout
[ 1112.063703][   T54] Bluetooth: hci3: command 0x0405 tx timeout
[ 1112.069853][T12386] Bluetooth: hci4: command 0x040f tx timeout
[ 1112.222263][T14700] FAULT_INJECTION: forcing a failure.
[ 1112.222263][T14700] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.247659][T14700] CPU: 0 UID: 0 PID: 14700 Comm: syz.0.2253 Not tainted 6.11.0-syzkaller #0
[ 1112.256378][T14700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1112.266450][T14700] Call Trace:
[ 1112.269753][T14700]  <TASK>
[ 1112.272745][T14700]  dump_stack_lvl+0x241/0x360
[ 1112.277461][T14700]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1112.282994][T14700]  ? __pfx__printk+0x10/0x10
[ 1112.287577][T14700]  ? __pfx_lock_release+0x10/0x10
[ 1112.292610][T14700]  should_fail_ex+0x3b0/0x4e0
[ 1112.297279][T14700]  _copy_from_iter+0x1f6/0x1960
[ 1112.302118][T14700]  ? __virt_addr_valid+0x183/0x530
[ 1112.307217][T14700]  ? __pfx_lock_release+0x10/0x10
[ 1112.312246][T14700]  ? __alloc_skb+0x28f/0x440
[ 1112.316817][T14700]  ? __pfx__copy_from_iter+0x10/0x10
[ 1112.322180][T14700]  ? __virt_addr_valid+0x183/0x530
[ 1112.327292][T14700]  ? __virt_addr_valid+0x183/0x530
[ 1112.332392][T14700]  ? __virt_addr_valid+0x45f/0x530
[ 1112.337497][T14700]  ? __check_object_size+0x49c/0x900
[ 1112.342780][T14700]  netlink_sendmsg+0x73d/0xcb0
[ 1112.347543][T14700]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1112.352821][T14700]  ? __import_iovec+0x536/0x820
[ 1112.357671][T14700]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1112.362952][T14700]  ? security_socket_sendmsg+0x87/0xb0
[ 1112.368403][T14700]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1112.373709][T14700]  __sock_sendmsg+0x221/0x270
[ 1112.378409][T14700]  ____sys_sendmsg+0x525/0x7d0
[ 1112.383195][T14700]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1112.388508][T14700]  __sys_sendmsg+0x2b0/0x3a0
[ 1112.393102][T14700]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1112.398209][T14700]  ? vfs_write+0x7c4/0xc90
[ 1112.402653][T14700]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1112.408983][T14700]  ? do_syscall_64+0x100/0x230
[ 1112.413741][T14700]  ? do_syscall_64+0xb6/0x230
[ 1112.418409][T14700]  do_syscall_64+0xf3/0x230
[ 1112.422902][T14700]  ? clear_bhb_loop+0x35/0x90
[ 1112.427594][T14700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.433494][T14700] RIP: 0033:0x7f59e5f7def9
[ 1112.437901][T14700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.457604][T14700] RSP: 002b:00007f59e6d4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1112.466629][T14700] RAX: ffffffffffffffda RBX: 00007f59e6136058 RCX: 00007f59e5f7def9
[ 1112.474595][T14700] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 000000000000000d
[ 1112.482557][T14700] RBP: 00007f59e6d4f090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.490520][T14700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1112.498480][T14700] R13: 0000000000000000 R14: 00007f59e6136058 R15: 00007ffe572e7348
[ 1112.506465][T14700]  </TASK>
[ 1113.110891][T14720] program syz.3.2258 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1116.236368][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.242921][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.983773][T14750] FAULT_INJECTION: forcing a failure.
[ 1116.983773][T14750] name failslab, interval 1, probability 0, space 0, times 0
[ 1117.091775][T14750] CPU: 1 UID: 0 PID: 14750 Comm: syz.1.2265 Not tainted 6.11.0-syzkaller #0
[ 1117.100491][T14750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1117.110550][T14750] Call Trace:
[ 1117.113814][T14750]  <TASK>
[ 1117.116728][T14750]  dump_stack_lvl+0x241/0x360
[ 1117.121395][T14750]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1117.126588][T14750]  ? __pfx__printk+0x10/0x10
[ 1117.131337][T14750]  ? __kmalloc_cache_noprof+0x44/0x2c0
[ 1117.136787][T14750]  ? __pfx___might_resched+0x10/0x10
[ 1117.142058][T14750]  ? trace_contention_end+0x3c/0x120
[ 1117.147339][T14750]  should_fail_ex+0x3b0/0x4e0
[ 1117.152039][T14750]  should_failslab+0xac/0x100
[ 1117.156735][T14750]  ? genl_start+0x1cb/0x6d0
[ 1117.161245][T14750]  __kmalloc_cache_noprof+0x6c/0x2c0
[ 1117.166526][T14750]  genl_start+0x1cb/0x6d0
[ 1117.170844][T14750]  __netlink_dump_start+0x45c/0x790
[ 1117.176026][T14750]  genl_rcv_msg+0x88c/0xec0
[ 1117.180511][T14750]  ? mark_lock+0x9a/0x350
[ 1117.184830][T14750]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1117.189841][T14750]  ? __pfx_genl_start+0x10/0x10
[ 1117.194676][T14750]  ? __pfx_genl_dumpit+0x10/0x10
[ 1117.199686][T14750]  ? __pfx_genl_done+0x10/0x10
[ 1117.204444][T14750]  ? __pfx_lock_acquire+0x10/0x10
[ 1117.209452][T14750]  ? __pfx_ip_vs_genl_dump_dests+0x10/0x10
[ 1117.215241][T14750]  ? __pfx___might_resched+0x10/0x10
[ 1117.220519][T14750]  netlink_rcv_skb+0x1e3/0x430
[ 1117.225271][T14750]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1117.230280][T14750]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1117.235554][T14750]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1117.241005][T14750]  genl_rcv+0x28/0x40
[ 1117.244970][T14750]  netlink_unicast+0x7f6/0x990
[ 1117.249728][T14750]  ? __pfx_netlink_unicast+0x10/0x10
[ 1117.254999][T14750]  ? __virt_addr_valid+0x183/0x530
[ 1117.260716][T14750]  ? __check_object_size+0x49c/0x900
[ 1117.265980][T14750]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1117.271074][T14750]  netlink_sendmsg+0x8e4/0xcb0
[ 1117.275825][T14750]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1117.281089][T14750]  ? __import_iovec+0x536/0x820
[ 1117.285933][T14750]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1117.291200][T14750]  ? security_socket_sendmsg+0x87/0xb0
[ 1117.296645][T14750]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1117.301932][T14750]  __sock_sendmsg+0x221/0x270
[ 1117.306681][T14750]  ____sys_sendmsg+0x525/0x7d0
[ 1117.311435][T14750]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1117.316713][T14750]  __sys_sendmsg+0x2b0/0x3a0
[ 1117.321288][T14750]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1117.326380][T14750]  ? vfs_write+0x7c4/0xc90
[ 1117.330818][T14750]  do_syscall_64+0xf3/0x230
[ 1117.335307][T14750]  ? clear_bhb_loop+0x35/0x90
[ 1117.339981][T14750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1117.345879][T14750] RIP: 0033:0x7f5adc37def9
[ 1117.350285][T14750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1117.369894][T14750] RSP: 002b:00007f5adbdff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1117.378290][T14750] RAX: ffffffffffffffda RBX: 00007f5adc535f80 RCX: 00007f5adc37def9
[ 1117.386263][T14750] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
[ 1117.394215][T14750] RBP: 00007f5adbdff090 R08: 0000000000000000 R09: 0000000000000000
[ 1117.402172][T14750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1117.410213][T14750] R13: 0000000000000000 R14: 00007f5adc535f80 R15: 00007ffd38c6ec08
[ 1117.418203][T14750]  </TASK>
[ 1118.014691][   T29] audit: type=1326 audit(1726488299.978:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14741 comm="syz.4.2263" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2d9f7def9 code=0x0
[ 1118.497356][T14782] program syz.3.2270 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1119.214288][T14774] netlink: 'syz.1.2269': attribute type 29 has an invalid length.
[ 1119.371686][T14769] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2269'.
[ 1120.507811][T14795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2272'.
[ 1120.521875][T14795] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2272'.
[ 1123.827776][T14815] netlink: 780 bytes leftover after parsing attributes in process `syz.2.2276'.
[ 1123.853349][   T29] audit: type=1326 audit(1726488305.808:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14824 comm="syz.1.2281" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc37def9 code=0x0
[ 1124.141772][ T5362] libceph: connect (1)[c::]:6789 error -101
[ 1124.740152][ T5362] libceph: mon0 (1)[c::]:6789 connect error
[ 1124.899042][   T29] audit: type=1326 audit(1726488306.868:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14842 comm="syz.0.2282" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59e5f7def9 code=0x0
[ 1125.027785][T11340] libceph: connect (1)[c::]:6789 error -101
[ 1125.038419][T11340] libceph: mon0 (1)[c::]:6789 connect error
[ 1125.116858][T14846] ceph: No mds server is up or the cluster is laggy
[ 1125.276387][T14871] netlink: 800 bytes leftover after parsing attributes in process `syz.2.2285'.
[ 1125.286973][T14871] netlink: 1301 bytes leftover after parsing attributes in process `syz.2.2285'.
[ 1125.748710][ T5271] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1126.185879][T14872] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1126.197336][ T5271] usb 4-1: Using ep0 maxpacket: 8
[ 1126.221921][ T5271] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1126.244953][T14872] batadv_slave_0: entered allmulticast mode
[ 1126.260840][ T5271] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1126.320468][ T5271] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1127.110239][ T5271] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1127.247237][T14298] libceph: connect (1)[c::]:6789 error -101
[ 1127.253411][T14298] libceph: mon0 (1)[c::]:6789 connect error
[ 1131.482321][ T5271] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1131.495040][T14298] libceph: connect (1)[c::]:6789 error -101
[ 1131.501748][ T5271] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1131.519144][T14886] ceph: No mds server is up or the cluster is laggy
[ 1131.526063][T14298] libceph: mon0 (1)[c::]:6789 connect error
[ 1131.551152][ T5271] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1131.570109][ T5271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.640355][ T5271] usb 4-1: can't set config #16, error -71
[ 1131.688738][ T5271] usb 4-1: USB disconnect, device number 45
[ 1132.296447][ T5218] libceph: connect (1)[c::]:6789 error -101
[ 1132.695313][ T5218] libceph: mon0 (1)[c::]:6789 connect error
[ 1133.403775][ T9644] libceph: connect (1)[c::]:6789 error -101
[ 1133.418864][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[ 1133.431075][   T29] audit: type=1326 audit(1726488315.398:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14901 comm="syz.4.2294" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2d9f7def9 code=0x0
[ 1134.613482][ T9644] libceph: connect (1)[c::]:6789 error -101
[ 1134.627809][ T9644] libceph: mon0 (1)[c::]:6789 connect error
[ 1134.670403][T14906] ceph: No mds server is up or the cluster is laggy
[ 1135.249484][T11340] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1135.507472][ T9644] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1135.760150][T11340] usb 3-1: device descriptor read/64, error -71
[ 1135.797525][ T9644] usb 5-1: Using ep0 maxpacket: 8
[ 1135.814356][ T9644] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1135.822102][T14944] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1136.177421][T11340] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1136.657245][ T9644] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1136.667044][ T9644] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1136.679601][ T9644] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1136.679768][T14944] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1136.696369][ T9644] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1136.724434][T14944] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1136.762365][ T9644] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1136.781483][T14944] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1136.794854][T14944] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1136.833397][ T9644] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1137.017355][ T9644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.052048][ T9644] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[ 1137.817983][ T9580] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1138.099103][ T5270] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1138.467116][ T5271] usb 5-1: USB disconnect, device number 38
[ 1138.549689][T14978] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1138.597355][ T5270] usb 2-1: Using ep0 maxpacket: 16
[ 1138.688235][ T5270] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1138.697945][ T9580] Bluetooth: hci0: command 0x0405 tx timeout
[ 1138.714032][ T5270] usb 2-1: config 0 has no interface number 0
[ 1138.736329][ T5270] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1138.764680][ T5270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.777564][ T9580] Bluetooth: hci3: command 0x0405 tx timeout
[ 1138.808545][ T5270] usb 2-1: Product: syz
[ 1139.031139][T12386] Bluetooth: hci4: command 0x040f tx timeout
[ 1139.497539][T14994] No buffer was provided with the request
[ 1139.577372][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1140.074302][T14995] misc userio: The device must be registered before sending interrupts
[ 1140.199285][ T9580] Bluetooth: hci5: command 0x041b tx timeout
[ 1140.551374][ T5270] usb 2-1: Manufacturer: syz
[ 1140.556021][ T5270] usb 2-1: SerialNumber: syz
[ 1140.570523][ T5270] usb 2-1: config 0 descriptor??
[ 1140.600201][ T5270] usb 2-1: can't set config #0, error -71
[ 1140.636581][ T5270] usb 2-1: USB disconnect, device number 45
[ 1140.838270][T15011] program syz.1.2318 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1141.717658][   T29] audit: type=1326 audit(1726488323.678:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15002 comm="syz.3.2317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f580637def9 code=0x0
[ 1144.015654][   T52] syzkaller0: tun_net_xmit 76
[ 1144.035661][   T52] syzkaller0: tun_net_xmit 48
[ 1144.087823][ T9644] syzkaller0: tun_net_xmit 76
[ 1144.241481][   T29] audit: type=1326 audit(1726488326.208:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15033 comm="syz.3.2324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f580637def9 code=0x0
[ 1144.297325][ T5270] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1144.804660][ T9644] syzkaller0: tun_net_xmit 76
[ 1144.823317][ T5271] syzkaller0: tun_net_xmit 76
[ 1145.979918][T15040] ceph: No mds server is up or the cluster is laggy
[ 1146.007277][ T5270] usb 5-1: Using ep0 maxpacket: 8
[ 1146.107664][ T5270] usb 5-1: device descriptor read/all, error -71
[ 1146.266794][T15072] program syz.0.2329 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1146.308129][T14298] syzkaller0: tun_net_xmit 76
[ 1147.154074][T15086] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2334'.
[ 1147.596306][T15099] FAULT_INJECTION: forcing a failure.
[ 1147.596306][T15099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1147.596363][T15099] 
[ 1147.596367][T15099] ======================================================
[ 1147.596372][T15099] WARNING: possible circular locking dependency detected
[ 1147.596377][T15099] 6.11.0-syzkaller #0 Not tainted
[ 1147.596383][T15099] ------------------------------------------------------
[ 1147.596387][T15099] syz.1.2337/15099 is trying to acquire lock:
[ 1147.596393][T15099] ffffffff8e613cb8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x20/0xa0
[ 1147.596422][T15099] 
[ 1147.596422][T15099] but task is already holding lock:
[ 1147.596425][T15099] ffff8880b883e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[ 1147.596451][T15099] 
[ 1147.596451][T15099] which lock already depends on the new lock.
[ 1147.596451][T15099] 
[ 1147.596455][T15099] 
[ 1147.596455][T15099] the existing dependency chain (in reverse order) is:
[ 1147.596459][T15099] 
[ 1147.596459][T15099] -> #2 (&rq->__lock){-.-.}-{2:2}:
[ 1147.596471][T15099]        lock_acquire+0x1ed/0x550
[ 1147.596484][T15099]        _raw_spin_lock_nested+0x31/0x40
[ 1147.596493][T15099]        raw_spin_rq_lock_nested+0x2a/0x140
[ 1147.596504][T15099]        task_fork_fair+0x61/0x1e0
[ 1147.596516][T15099]        sched_cgroup_fork+0x37c/0x410
[ 1147.596525][T15099]        copy_process+0x2217/0x3dc0
[ 1147.596537][T15099]        kernel_clone+0x223/0x880
[ 1147.596549][T15099]        user_mode_thread+0x132/0x1a0
[ 1147.596561][T15099]        rest_init+0x23/0x300
[ 1147.596572][T15099]        start_kernel+0x47a/0x500
[ 1147.596584][T15099]        x86_64_start_reservations+0x2a/0x30
[ 1147.596599][T15099]        x86_64_start_kernel+0x9f/0xa0
[ 1147.596613][T15099]        common_startup_64+0x13e/0x147
[ 1147.596628][T15099] 
[ 1147.596628][T15099] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[ 1147.596645][T15099]        lock_acquire+0x1ed/0x550
[ 1147.596659][T15099]        _raw_spin_lock_irqsave+0xd5/0x120
[ 1147.596676][T15099]        try_to_wake_up+0xb0/0x1470
[ 1147.596692][T15099]        up+0x72/0x90
[ 1147.596704][T15099]        console_unlock+0x22f/0x4d0
[ 1147.596716][T15099]        do_fb_ioctl+0x72a/0x7b0
[ 1147.596727][T15099]        __se_sys_ioctl+0xfc/0x170
[ 1147.596744][T15099]        do_syscall_64+0xf3/0x230
[ 1147.596757][T15099]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1147.596772][T15099] 
[ 1147.596772][T15099] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[ 1147.596789][T15099]        validate_chain+0x18e0/0x5900
[ 1147.596800][T15099]        __lock_acquire+0x137a/0x2040
[ 1147.596816][T15099]        lock_acquire+0x1ed/0x550
[ 1147.596830][T15099]        _raw_spin_lock_irqsave+0xd5/0x120
[ 1147.596846][T15099]        down_trylock+0x20/0xa0
[ 1147.596859][T15099]        __down_trylock_console_sem+0x109/0x250
[ 1147.596872][T15099]        vprintk_emit+0x2aa/0x7c0
[ 1147.596883][T15099]        _printk+0xd5/0x120
[ 1147.596894][T15099]        should_fail_ex+0x391/0x4e0
[ 1147.596907][T15099]        strncpy_from_user+0x36/0x2e0
[ 1147.596918][T15099]        strncpy_from_user_nofault+0x71/0x140
[ 1147.596936][T15099]        bpf_probe_read_compat_str+0xe9/0x180
[ 1147.596954][T15099]        bpf_prog_e3f550b2299101ce+0x40/0x42
[ 1147.596965][T15099]        bpf_trace_run4+0x334/0x590
[ 1147.596978][T15099]        __traceiter_sched_switch+0x98/0xd0
[ 1147.596991][T15099]        __schedule+0x253f/0x4a10
[ 1147.597007][T15099]        schedule+0x14b/0x320
[ 1147.597023][T15099]        schedule_preempt_disabled+0x13/0x30
[ 1147.597041][T15099]        rwsem_down_write_slowpath+0xeeb/0x13b0
[ 1147.597055][T15099]        down_write+0x1d7/0x220
[ 1147.597067][T15099]        __se_sys_mbind+0x716/0x19f0
[ 1147.597081][T15099]        do_syscall_64+0xf3/0x230
[ 1147.597094][T15099]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1147.597108][T15099] 
[ 1147.597108][T15099] other info that might help us debug this:
[ 1147.597108][T15099] 
[ 1147.597113][T15099] Chain exists of:
[ 1147.597113][T15099]   (console_sem).lock --> &p->pi_lock --> &rq->__lock
[ 1147.597113][T15099] 
[ 1147.597132][T15099]  Possible unsafe locking scenario:
[ 1147.597132][T15099] 
[ 1147.597136][T15099]        CPU0                    CPU1
[ 1147.597140][T15099]        ----                    ----
[ 1147.597145][T15099]   lock(&rq->__lock);
[ 1147.597156][T15099]                                lock(&p->pi_lock);
[ 1147.597165][T15099]                                lock(&rq->__lock);
[ 1147.597174][T15099]   lock((console_sem).lock);
[ 1147.597187][T15099] 
[ 1147.597187][T15099]  *** DEADLOCK ***
[ 1147.597187][T15099] 
[ 1147.597191][T15099] 3 locks held by syz.1.2337/15099:
[ 1147.597199][T15099]  #0: ffff88806b25a798 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_mbind+0x716/0x19f0
[ 1147.597231][T15099]  #1: ffff8880b883e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[ 1147.597262][T15099]  #2: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x244/0x590
[ 1147.597293][T15099] 
[ 1147.597293][T15099] stack backtrace:
[ 1147.597298][T15099] CPU: 0 UID: 0 PID: 15099 Comm: syz.1.2337 Not tainted 6.11.0-syzkaller #0
[ 1147.597313][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1147.597322][T15099] Call Trace:
[ 1147.597327][T15099]  <TASK>
[ 1147.597333][T15099]  dump_stack_lvl+0x241/0x360
[ 1147.597349][T15099]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1147.597368][T15099]  ? print_circular_bug+0x130/0x1a0
[ 1147.597382][T15099]  check_noncircular+0x36a/0x4a0
[ 1147.597394][T15099]  ? __pfx_check_noncircular+0x10/0x10
[ 1147.597404][T15099]  ? lockdep_lock+0x123/0x2b0
[ 1147.597420][T15099]  validate_chain+0x18e0/0x5900
[ 1147.597439][T15099]  ? __pfx_validate_chain+0x10/0x10
[ 1147.597449][T15099]  ? __pfx_prb_first_seq+0x10/0x10
[ 1147.597466][T15099]  ? this_cpu_in_panic+0x4f/0x80
[ 1147.597481][T15099]  ? _prb_read_valid+0xa39/0xac0
[ 1147.597498][T15099]  ? mark_lock+0x9a/0x350
[ 1147.597512][T15099]  __lock_acquire+0x137a/0x2040
[ 1147.597529][T15099]  lock_acquire+0x1ed/0x550
[ 1147.597541][T15099]  ? down_trylock+0x20/0xa0
[ 1147.597553][T15099]  ? __pfx_desc_update_last_finalized+0x10/0x10
[ 1147.597568][T15099]  ? __pfx_lock_acquire+0x10/0x10
[ 1147.597579][T15099]  ? rcu_is_watching+0x15/0xb0
[ 1147.597595][T15099]  ? vprintk_store+0xd3e/0x1160
[ 1147.597604][T15099]  ? __lock_acquire+0x137a/0x2040
[ 1147.597619][T15099]  _raw_spin_lock_irqsave+0xd5/0x120
[ 1147.597633][T15099]  ? down_trylock+0x20/0xa0
[ 1147.597643][T15099]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1147.597659][T15099]  down_trylock+0x20/0xa0
[ 1147.597670][T15099]  __down_trylock_console_sem+0x109/0x250
[ 1147.597682][T15099]  ? _printk+0xd5/0x120
[ 1147.597691][T15099]  ? __pfx___down_trylock_console_sem+0x10/0x10
[ 1147.597706][T15099]  vprintk_emit+0x2aa/0x7c0
[ 1147.597716][T15099]  ? __pfx_vprintk_emit+0x10/0x10
[ 1147.597727][T15099]  ? bpf_bprintf_prepare+0x148/0x1530
[ 1147.597740][T15099]  _printk+0xd5/0x120
[ 1147.597751][T15099]  ? __pfx__printk+0x10/0x10
[ 1147.597764][T15099]  should_fail_ex+0x391/0x4e0
[ 1147.597775][T15099]  strncpy_from_user+0x36/0x2e0
[ 1147.597786][T15099]  strncpy_from_user_nofault+0x71/0x140
[ 1147.597801][T15099]  bpf_probe_read_compat_str+0xe9/0x180
[ 1147.597815][T15099]  ? bpf_trace_run4+0x244/0x590
[ 1147.597826][T15099]  bpf_prog_e3f550b2299101ce+0x40/0x42
[ 1147.597834][T15099]  bpf_trace_run4+0x334/0x590
[ 1147.597845][T15099]  ? psi_group_change+0xb88/0x11c0
[ 1147.597857][T15099]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1147.597870][T15099]  ? __pfx_probe_sched_switch+0x10/0x10
[ 1147.597881][T15099]  ? tracing_record_taskinfo_sched_switch+0x7b/0x390
[ 1147.597893][T15099]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1147.597903][T15099]  __traceiter_sched_switch+0x98/0xd0
[ 1147.597914][T15099]  __schedule+0x253f/0x4a10
[ 1147.597933][T15099]  ? __pfx___schedule+0x10/0x10
[ 1147.597947][T15099]  ? __pfx_lock_release+0x10/0x10
[ 1147.597960][T15099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1147.597973][T15099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1147.597986][T15099]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1147.598000][T15099]  ? schedule+0x90/0x320
[ 1147.598012][T15099]  schedule+0x14b/0x320
[ 1147.598026][T15099]  schedule_preempt_disabled+0x13/0x30
[ 1147.598040][T15099]  rwsem_down_write_slowpath+0xeeb/0x13b0
[ 1147.598052][T15099]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[ 1147.598069][T15099]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[ 1147.598081][T15099]  ? __pfx_lock_acquire+0x10/0x10
[ 1147.598100][T15099]  down_write+0x1d7/0x220
[ 1147.598111][T15099]  ? __pfx_down_write+0x10/0x10
[ 1147.598121][T15099]  ? rcu_is_watching+0x15/0xb0
[ 1147.598134][T15099]  ? trace_kmem_cache_alloc+0x1f/0xc0
[ 1147.598148][T15099]  __se_sys_mbind+0x716/0x19f0
[ 1147.598162][T15099]  ? __mutex_unlock_slowpath+0x21d/0x750
[ 1147.598173][T15099]  ? __pfx_vfs_write+0x10/0x10
[ 1147.598190][T15099]  ? __pfx___se_sys_mbind+0x10/0x10
[ 1147.598200][T15099]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1147.598211][T15099]  ? __fget_files+0x3f6/0x470
[ 1147.598225][T15099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1147.598239][T15099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1147.598252][T15099]  ? do_syscall_64+0x100/0x230
[ 1147.598262][T15099]  ? __x64_sys_mbind+0x21/0xf0
[ 1147.598274][T15099]  do_syscall_64+0xf3/0x230
[ 1147.598284][T15099]  ? clear_bhb_loop+0x35/0x90
[ 1147.598297][T15099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1147.598309][T15099] RIP: 0033:0x7f5adc37def9
[ 1147.598318][T15099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1147.598327][T15099] RSP: 002b:00007f5adbdbd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[ 1147.598337][T15099] RAX: ffffffffffffffda RBX: 00007f5adc536130 RCX: 00007f5adc37def9
[ 1147.598346][T15099] RDX: 0000000000000003 RSI: 0000000000008000 RDI: 0000000020ff8000
[ 1147.598353][T15099] RBP: 00007f5adbdbd090 R08: 0000000000000004 R09: 0000000000000000
[ 1147.598359][T15099] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[ 1147.598366][T15099] R13: 0000000000000000 R14: 00007f5adc536130 R15: 00007ffd38c6ec08
[ 1147.598378][T15099]  </TASK>
[ 1148.546070][T15099] CPU: 0 UID: 0 PID: 15099 Comm: syz.1.2337 Not tainted 6.11.0-syzkaller #0
[ 1148.554723][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1148.564752][T15099] Call Trace:
[ 1148.568017][T15099]  <TASK>
[ 1148.570926][T15099]  dump_stack_lvl+0x241/0x360
[ 1148.575590][T15099]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1148.580764][T15099]  ? __pfx__printk+0x10/0x10
[ 1148.585344][T15099]  should_fail_ex+0x3b0/0x4e0
[ 1148.589999][T15099]  strncpy_from_user+0x36/0x2e0
[ 1148.594828][T15099]  strncpy_from_user_nofault+0x71/0x140
[ 1148.600372][T15099]  bpf_probe_read_compat_str+0xe9/0x180
[ 1148.605913][T15099]  ? bpf_trace_run4+0x244/0x590
[ 1148.610747][T15099]  bpf_prog_e3f550b2299101ce+0x40/0x42
[ 1148.616196][T15099]  bpf_trace_run4+0x334/0x590
[ 1148.620858][T15099]  ? psi_group_change+0xb88/0x11c0
[ 1148.626002][T15099]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1148.631181][T15099]  ? __pfx_probe_sched_switch+0x10/0x10
[ 1148.636712][T15099]  ? tracing_record_taskinfo_sched_switch+0x7b/0x390
[ 1148.643366][T15099]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1148.649416][T15099]  __traceiter_sched_switch+0x98/0xd0
[ 1148.654767][T15099]  __schedule+0x253f/0x4a10
[ 1148.659257][T15099]  ? __pfx___schedule+0x10/0x10
[ 1148.664085][T15099]  ? __pfx_lock_release+0x10/0x10
[ 1148.669210][T15099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1148.675206][T15099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1148.681509][T15099]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1148.686601][T15099]  ? schedule+0x90/0x320
[ 1148.690828][T15099]  schedule+0x14b/0x320
[ 1148.694961][T15099]  schedule_preempt_disabled+0x13/0x30
[ 1148.700398][T15099]  rwsem_down_write_slowpath+0xeeb/0x13b0
[ 1148.706092][T15099]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[ 1148.711966][T15099]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[ 1148.718095][T15099]  ? __pfx_lock_acquire+0x10/0x10
[ 1148.723106][T15099]  down_write+0x1d7/0x220
[ 1148.727448][T15099]  ? __pfx_down_write+0x10/0x10
[ 1148.732297][T15099]  ? rcu_is_watching+0x15/0xb0
[ 1148.737075][T15099]  ? trace_kmem_cache_alloc+0x1f/0xc0
[ 1148.742436][T15099]  __se_sys_mbind+0x716/0x19f0
[ 1148.747208][T15099]  ? __mutex_unlock_slowpath+0x21d/0x750
[ 1148.752839][T15099]  ? __pfx_vfs_write+0x10/0x10
[ 1148.757586][T15099]  ? __pfx___se_sys_mbind+0x10/0x10
[ 1148.762779][T15099]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1148.769015][T15099]  ? __fget_files+0x3f6/0x470
[ 1148.773765][T15099]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1148.779728][T15099]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1148.786036][T15099]  ? do_syscall_64+0x100/0x230
[ 1148.790779][T15099]  ? __x64_sys_mbind+0x21/0xf0
[ 1148.795520][T15099]  do_syscall_64+0xf3/0x230
[ 1148.800019][T15099]  ? clear_bhb_loop+0x35/0x90
[ 1148.804674][T15099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1148.810545][T15099] RIP: 0033:0x7f5adc37def9
[ 1148.814939][T15099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1148.834521][T15099] RSP: 002b:00007f5adbdbd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[ 1148.842920][T15099] RAX: ffffffffffffffda RBX: 00007f5adc536130 RCX: 00007f5adc37def9
[ 1148.850883][T15099] RDX: 0000000000000003 RSI: 0000000000008000 RDI: 0000000020ff8000
[ 1148.858827][T15099] RBP: 00007f5adbdbd090 R08: 0000000000000004 R09: 0000000000000000
[ 1148.866777][T15099] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[ 1148.874726][T15099] R13: 0000000000000000 R14: 00007f5adc536130 R15: 00007ffd38c6ec08
[ 1148.882680][T15099]  </TASK>
[ 1150.628978][T15093] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1150.645688][T15093] batadv_slave_0: entered allmulticast mode