last executing test programs:

38.147795464s ago: executing program 1 (id=1377):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000001280)='blkio.bfq.idle_time\x00', 0x0, 0x0)
preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x9)

37.713680349s ago: executing program 1 (id=1381):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = gettid()
r1 = io_uring_setup(0x7fe7, &(0x7f0000000140)={0x0, 0x0, 0x3000})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x7c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x5d, 0x33, @beacon={{{}, {0x8}, @device_b, @device_b}, 0x1000, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0xb7}}, @val={0x2d, 0x1a, {0x2, 0x2, 0x6, 0x0, {0x6df, 0xff, 0x0, 0x3, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x1, 0x101, 0x5}}, @void, @val={0x71, 0x7, {0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x60}}, @void}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
io_uring_enter(r1, 0x0, 0xe257, 0x1, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffe000)
r6 = syz_io_uring_setup(0xd5, &(0x7f0000000480), &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r6, 0x47ba, 0x0, 0x0, 0x0, 0x0)
rt_sigqueueinfo(r0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
r9 = socket(0x200000100000011, 0x3, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f00000000c0))
r11 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x0, 0x20000070], 0x0, 0x0, &(0x7f0000000040)=[{}, {0x2}, {}]}, 0x108)
setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000a2ae0000000000d96e6c8d5e000000"], 0xa}, {0x0}], 0x2}, 0x0)
r12 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$FUSE(r12, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0)

36.219671148s ago: executing program 1 (id=1386):
syz_emit_ethernet(0x256, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000bbbbbbbbbbbb86dd6000000002203afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000000000000000aa78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af05020001000005dc00000000260004000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef68ca6e26b1277bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"], 0x0)

35.0252663s ago: executing program 1 (id=1389):
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000004dc0)=ANY=[@ANYBLOB="8c00000018000000000000000000002004000000780018809e37b535e6a54eec330ed9fd08be1c6b382419ed4c04cf3f63d730e24e4153ef7bbc2e0c493e5269b9b94bc6072816f7bdbc805f760f25a46631fe3ae277b52e341a3326983eb5074659dfeb22816685beeadfc1902d79eae92463e2b0b30abf1a782dfdf0f927f17ffbbbab2f6f1033e876b0f8"], 0x8c}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000007090400001202060000052406000005240020000d240f010000000000000000000905820200020000000905030240"], 0x0)
io_submit(0x0, 0x0, &(0x7f0000000540))
fcntl$getown(0xffffffffffffffff, 0x9)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x840000000002, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2f, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00123a00631177fbac141416e000030a44079f03fe80000000000000000000000000002206050b038da1880b251810a59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x700}, 0x2c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_ep_read(r1, 0x3, 0xff33, 0x0)
r5 = openat$cgroup(r3, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r5, &(0x7f00000004c0)='cgroup.freeze\x00', 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001100)=ANY=[@ANYBLOB="f00000001000130708000000000000000a01010100000000000000003581494cad3da593d7238b00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000010000000032000000fe80000000000000000000000000000400000000000000000700000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000200"/167], 0xf0}}, 0x0)
r8 = dup(r6)
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d}})
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x33, 0x103, 0x0, 0x2}})
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)

25.857909059s ago: executing program 1 (id=1402):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000001280)='blkio.bfq.idle_time\x00', 0x0, 0x0)
preadv2(r1, &(0x7f0000000540)=[{&(0x7f00000008c0)=""/211, 0xd3}], 0x1, 0x0, 0x0, 0x9)

25.181848063s ago: executing program 1 (id=1403):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="01", @ANYRES32], 0x6f4}}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
bind$netlink(r3, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r3, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0xff88)
write(r3, &(0x7f0000000000)='\"', 0xc0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

11.03914323s ago: executing program 3 (id=1435):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001840)=@newtaction={0xea0, 0x30, 0x25, 0x0, 0x0, {}, [{0xe8c, 0x1, [@m_pedit={0xe88, 0x1, 0x0, 0x0, {{0xa}, {0xe5c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe14}, @TCA_PEDIT_KEYS_EX={0x38, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}]}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xea0}}, 0x0)
r1 = socket(0x200000100000011, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f00000003c0)={'vlan0\x00'})
syz_init_net_socket$ax25(0x3, 0x3, 0xcc)
mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffff}, [@call={0x85, 0x0, 0x0, 0x53}]}, &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

9.046883962s ago: executing program 4 (id=1440):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRESOCT], 0x28}}, 0x0)

8.967859349s ago: executing program 3 (id=1441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x4, 0x0, 0x0, r2, 0xb})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x0, 0x0, 0x2, r2, 0xf})

8.714062564s ago: executing program 4 (id=1443):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800"/29], &(0x7f0000000000)='GPL\x00'}, 0x90)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
socket$packet(0x11, 0x3, 0x300)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

8.201762011s ago: executing program 3 (id=1444):
syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000880)={'netdevsim0\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
r7 = userfaultfd(0x801)
syz_open_dev$video4linux(&(0x7f0000000240), 0x145, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x80000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000300)={0x1, 0x1, &(0x7f0000000240)=""/127, &(0x7f0000000180)=""/25, &(0x7f00000004c0)=""/229, 0x3000})
r8 = socket$kcm(0x10, 0x2, 0x4)
r9 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r9, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
sendmsg$kcm(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="89000000120081ae08060cdc030ec0007f03e3f70000000100e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

7.988717079s ago: executing program 4 (id=1445):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000060000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000004608f0ff7600000000008500000080000000b7000000000000009500"/57], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=<r3=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r5, 0x8924, 0x0)
r6 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
r7 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x400007, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000b40)={0x1, @pix_mp={0x0, 0x0, 0x59455247}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000040000000000000904000000430000000000000105000000f1000000000000000000000300000000020000000700000000000000030000000000000000"], 0x0, 0x5a}, 0x20)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r9 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f00000000c0), 0x12)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f0000000200)=0x8)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000300)=r6, 0x4)
openat$cgroup_int(r10, 0x0, 0x2, 0x0)
mbind(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x6, 0x1f, 0x0)
unshare(0x400)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r11 = syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYRES8=r8, @ANYRESDEC=r2, @ANYRESOCT=r5], 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x1ff, 0x8bcc0c0000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x10})
syz_usb_control_io$hid(r11, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="00000100000004"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r11, 0x0, &(0x7f00000011c0)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="00000d0000006a10a066b224df247f0030f3b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.545327622s ago: executing program 2 (id=1447):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f000001be80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newchain={0xe60, 0x64, 0x0, 0x0, 0x0, {}, [@f_rsvp={{0x9}, {0xe30, 0x2, [@TCA_RSVP_SRC={0x8}, @TCA_RSVP_CLASSID={0x8}, @TCA_RSVP_SRC={0x8, 0x3, @loopback}, @TCA_RSVP_ACT={0xe14, 0x6, [@m_vlan={0x11c, 0x0, 0x0, 0x0, {{0x9}, {0x24, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6}]}, {0xcd, 0x6, "4d54e7b6a1a50474820582defd1f6cf72746afbe28b488a2a2e85fd7f1362b46cca912c8c11441ab170269f50192cb95bd7a75403d3e764b0dbcbc7b93dbced7322a406904c7dc3c41cfed3b15f5db4810524fadc02b9162939b66a4cd3751485d52bf90f84a9368a1cf08d9c58138ec71cdeef5160fd6060d8d727c1656fc8681519bf57f0699a84882b3731c07f7bf2946ccd6bb85ea8d8d2b60ce0506e4bd186134608b2527759b7e52d158bb0b40bd8e0352cf620668e72c815abb29d8733ab5358f34c0cff27c"}, {0xc}, {0xc}}}, @m_skbmod={0xbc, 0x0, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}]}, {0x69, 0x6, "6a27a65704a2bd6d4ac272d32deaa6dc7687937cb16fc69340a9150c6e56a9dce620b0953a9904babc6a4c1776bf75f17e835a2e19fbdd237076006993996f100a964e7ce568479e5fe24e54ad251a0a8cd8abb380d12093922f42711efd4c23e976683b4e"}, {0xc}, {0xc}}}, @m_nat={0x188, 0x0, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast2}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @private, @local}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast1, @private}}]}, {0xbd, 0x6, "7d2838afc7a96e7b66bf8e8f7352fae194d6cf921880017131c4bbb2dbe2e97393d434d0e62326d98bbde04aaf1d64d86e674a47beba7e72878f8b4cb969fda908ffffad0e10e1dbee5c7cc46905883ca2b63ff27ee54dac231e71807514b9855114cfe6d019798eaaa5f9920639631415c16f2be812918181f7949164916c63b59260151a5b268478367408ca959e72818bcaac2432229a57764e74bae59333c9be6a46e36a07c3a75b65cdf21590cbcca0d5dde5d9a1437f"}, {0xc}, {0xc}}}, @m_ctinfo={0x48, 0x0, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_police={0xa68, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0xa39, 0x6, "adf711eef01d7cd19e7207914eb033ced4afbed493d81e1ec1a1bef16948dbd035883f26d174f12881865c276d45c58dc10abbff52cad51409751f2de6cb148809a01493cead59924ad740352b8d9e4b0ad8c6afc0bd84a22ce4df215931a1858ea220467eaa1010919425956def0b972600724c1f6acd6cc6e7d2d3f474a6b71711a369bbf692a7caadec5c7c4ad9b6fafb36d7ec64ba625571669ea30421f42684e37a8209ce689b7bb2e870b410b4d4885b02274dfeac3392a6816ed8f5b0c50e44863c299dede73e87bb0c097201ca9f6422561236d192d664f21b5456138895702fea81d3b45eb25436d9cc766a707d6d1f80a9187e82a87456d5a96a90b7797b64bfaa2c267affda471bbded75d013943c65fd069e711f9b72ddd03f4598f1911d36b3f9e591304de01e4414eb8ac5ca5debf7997f00756678fcc03924ba749f6521d05f3c68c0a91858dca3182fc6a6407dbd6c82230f6ba365204cb66003765930683cc191b521f1649e9403c411d1504d7a9ae725f25fa2c55c748811b66817564d36b72b5603a826f4d6df66e19c48f12eb6479ccd3fe44233f2113f214cffa1ea996b775c8389932bb95a9113b704e4e6e0e8c5b0720135309ce70de6c525122f7cd7ee8becfa44b0e78eba3bf373f4348fafdb9f6d50d41b72021c57da1f0abf714dc27f1844bcd68427eac6e7ace5ef2a78f3b2549fc37ceb0374e2a41669c2a88b11116567e8f1a446a6a99c2a41cc71e11cab8c78f583eec4e0f46a9fb46e87b122bcd2da38df0c46b8e4c677e8fbdf953df2a47656d1fa12f80fc34ee61c7431cb3a0509f43be5c459e6a308e2ae7f353845994dccc3b8501041b5975dfa8f0af52ba1ba5499ef20661fd80a314f87fd634fa68b3a406eca8c0338a2c43fa31c6e811acde88bea3593ccb5bbe12b62402c4b83ea743b7ddf807b746bf64ac0001edd036b72e17efce905d00dbd258dc64f577dddba34b147fcb15936aff4f7717cea46dff040c7c2e88032e590df9c42bec05ee06eeb67ffa05da5af6a86db595dc7fbe99badd16dfd532fc683c421c7be281dbb48decbaaabce4169b6b357c6f3a69ac454d330c08bd0e5cc63676edc1eb892d43fdda16a54eb30d953deb95920a46698826785b9634517c0b2eb3f1a8786aeee2f8ef395db2814b1f9bcb03d4792287d42cd3c6b8f662e43f8fe9af6da4090dab25ecc9d3ed54a62b30fd5f935138db50aba388964a47d1b946498012a909d7e8b93de8712f73d0ebd2b34192eb030c4cf4e2bf88f576023995ebea491d4fa178e21b0a4a93231d68b4167ca00d664dbc61753ada627bbf12862cce4108a80688cbe98df005f5f0175fae71f7b7148e27b4f387559cd01a7b14adc1c64dc8d0c3c64c9d87950978832c696c899c26985d544cbcee03da696dd20ce78279dac3e1c8ebe118e4953d1b11d2f992342b1b1e701385cbe63d32550969b1c7766a7d0f5f0bb3ea651f5f7fbdf3f5d670ab2d784276c5ba6475f250ee28e95f88ef53ab4f56aa2113d65217f243902999fcb6bc5b3b6de5cc3d5faa02335a3ef9c31ecfa2ed0b04e347c9805a18aac0740a778cb57a47247dbff8c2e24f1f1a5c18c8339f87e197dce4432891c15babdfd6bd65e98d9976cd86f250a9cc1710bd2278796ca60240852a5473f0e8f8ade96deee5273e6098b4c3b14840b77a00f9a23309f7f6764ef5cbe19ecb86dc10fb244d5017bdffeffd9699150fdf84b6f22fc8222e919c479916fc5e654664a9e7ea97597269a5da52e0c79b49406c3131cadddc153244b4954a89ce19d21ed552a091e209a8ba7175e5611f63ee37ff0a11f6ce69849340d189a831a47081807bd469711bcb3a3bfd93685d79821fd1dc6eb20c2ec260db94cf6c9abea3bec5cf47790e8856267f64004e8e5a1ebf72bb75b1349905e62ad9d2c8badf7e929498a6186c02bee5c813300dfff747da8649914e6566dc2f95e77b4536be87d12960c5a0eebbeb2e25f948ff61ec9369d416bec9b65522db5bf818968e2bada080434506955d235f08a36959e45da0469ca6f71904c1e1024dfd6afee235a05acb39c4f2eead708cc086d77537d84b99752ad31cf68e003f1f63ce727bc841726fb9fe7ccd14de2a91cd9b50923a5f8f81e9896389747cb448fd60497ba1b5e079977f873f41401cb720546d1fead823277d69395ddb87a8b07765fcc0bde5d5ff039839abb1e0ea3020ebf4bcdf7646df494c982fcda952cf45662694c6e60bbc0874cc0658dba064a60e3d4ea7a6362890932941ea696f1b14911b506153b0e39dc69421582ed1dc680c27d224914608ff15b56777b6994ad762bfcbe3fd2e5b31771990dc3c96840bd9cc335f97d76a08b460e045560c320c4b60f1a57ccd03c0cd7b14f1b318979957b298c185ecaa535204b982583832506ce9b3fd0860ca971e73de8f19158ffdf62de12154caa6e3f20882669f1869a4c9f016f933f7795be83906742776fca6562f1c47df623f922277d963271eafbc221f517b32fd78ffd87e8ab7d515691cbea89a232bc6ea1bda897f25c78f027311e33896c6f91e5bcab9410bcb679647107b0ca0429cd82edbca684d5e3873571d4a6a0344103ec9e0a61a996373a5b00d016fd533274d76d640d138ad9045bf2fdc4710c67b88d9227522ea94ead50085b08f4ea942baf58494fdb5fb7fb356003ddc42b611b1ed6886c122b1f286ee4fc0295e03df0ac9e38338534d082b4378648ad71e5d96a171b2e9467bc560324ad9bb1054ef78898202142ae7ede27a62129217641a75506bce076868104b725e6ce10bc78eba6be583eaaaaeaf0cfb432cec69027e2b6c94e0b47d84b501a2a42becba63080e3815ae8e395f837f153ce44ac9f86fa574a8c7c4fcc23fc21916066cf1c1dfa46008ed407bca2312c40b90ee3a7de6f0bf1eb936ffb28815d9f849cb74303c23e178c147514aeadb54c99c434e12b256c69b98df3667eff61ea7bf84b992d609c82d6a1a974dbc7115f988b325c5accecd0e1592214554c09a2c4fc72f43edf8f2028040ba8355624b0d467e75249856433f3046ee903b90af4abd1d4299856b0e7598546a858147fd04d4871f59bfd77f85e9dc1403a1ae2970b70c311d46fe39dac3ad52b586ea015d9b3b1ec1488d4f1db36a32fcb445fe923437236d6d198b05c335cdf1b2f7be222a50de2a22b021758660173132bad6c7868c74306c76dfdd75260a89c6c14d0395d1597776d8dba32a904151f71cc6d7d5a5c0a692b30789525a2d2504803f02d9f365628c76b2e3d76c59914a2118f1ecc232f514daf2b7a12fc6081c3cdfda1f430f7ba9980c2a8f456ed847812173e5d412b04254894e650c0655179c282e092ac7b70bc5d236b821ffbcb6c92fbe93abdeecbfc899467d4b59b057c7d28d54e68e186249b3bb539c1c2229ac82c609f6b111fcb7320d977d95270382bdf9b4c06152c84f5ba49021c7ee2b31450e74b9ba36a736bdc0672289a44950de05c7d7d2aca61010af0dae324d9a876fc1ecd9e4517c4e11d41b6955b2b01a463c7e86fd351f5a7211c6f5e7b08891477e5b7854ad24ec93a4bde9ad2f6c86234b526d9ad1d70df892c6cba1dff9f90c26cea63648fff06addb755783f44617ed969fd09eb2bf32ec590bab23d7076ee9be3d5c"}, {0xc}, {0xc}}}]}]}}]}, 0xe60}}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f000000a8c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000009700)=""/4096, 0x1000}], 0x1}, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {}]}, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_GET_SYSNAME(r1, 0x8040552c, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
getpid() (async)
open(0x0, 0x0, 0x0) (async)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e0d0500020000000000000000"], 0x10) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x13, 0xffffffffffffffff, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000006c0)={0xe, @pix_mp={0x0, 0x0, 0x51424752, 0x0, 0x0, [{}, {}, {}, {0xffff7fff}]}})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000600)=@mangle={'mangle\x00', 0x64, 0x6, 0x570, 0x1d8, 0x0, 0x2c8, 0xf0, 0x1d8, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@broadcast, @ipv4=@loopback, 0x26, 0x3b}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private2}}}, {{@ipv6={@mcast2, @local, [], [], 'ip6gretap0\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@local, @ipv6=@private1}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x21}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d0)

6.819439921s ago: executing program 2 (id=1449):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_io_uring_setup(0x4b6, &(0x7f0000000080), &(0x7f0000ff0000), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) (fail_nth: 4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x4, 0x84, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xd, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x3, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)

5.681742817s ago: executing program 0 (id=1450):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
socket$inet(0x2, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r5 = syz_open_dev$loop(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x8c}}, 0x0)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000340)={'\x00', 0x0, 0x7, 0xde3f, 0x0, 0x9})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000c3000000f10000009500000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040), 0x10)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @tid=0xffffffffffffffff}, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)

4.126965462s ago: executing program 0 (id=1451):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x29)
accept$alg(r0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='mountstats\x00')
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48)
socket$unix(0x1, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x10002})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRES16=r1], 0x20}, 0x1, 0xc00000000000000}, 0x0)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd)

3.995915201s ago: executing program 3 (id=1452):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRESOCT], 0x28}}, 0x0)

3.8934721s ago: executing program 2 (id=1453):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
socket$inet(0x2, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r5 = syz_open_dev$loop(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000000001000e000000000000000000000a20000000000a0300000100000000000007000000ff"], 0x8c}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000340)={'\x00', 0x0, 0x7, 0xde3f, 0x0, 0x9})

3.892381076s ago: executing program 4 (id=1454):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800"/31], &(0x7f0000000000)='GPL\x00'}, 0x90)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
socket$packet(0x11, 0x3, 0x300)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

3.711257319s ago: executing program 3 (id=1455):
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff03)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x0, 0x80020000, 0x2, {0x5, @pix_mp={0x0, 0x0, 0xb5315258, 0x0, 0x0, [{0x0, 0x7fff}]}}})
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@multiplanar_userptr={0x0, 0x5, 0x0, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "162bb54e"}, 0x0, 0x2, {&(0x7f0000000380)=[{0x0, 0x0, {0x0}}, {0x0, 0x0, {0x0}}]}, 0x10001})

3.602987399s ago: executing program 0 (id=1456):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010001fff00"/18, @ANYRES32=0x0], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a00"], 0x22)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.109583259s ago: executing program 0 (id=1457):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) (async)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000100)=0x6) (async)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000100)=0x6)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000))
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NL80211_CMD_ADD_TX_TS(r2, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)=ANY=[], 0x1c}}, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x1}}, 0x19) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x1}}, 0x19)
openat$nullb(0xffffffffffffff9c, 0x0, 0x20080, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0) (async)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19})
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1}) (async)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r8, 0x0, <r9=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ecbb5}) (async)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ecbb5})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, 0xffffffffffffffff, 0x0)

2.530750866s ago: executing program 2 (id=1458):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48})

2.360922284s ago: executing program 4 (id=1459):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x110, 0x0, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x44}, &(0x7f0000000300)='./file1/file0\x00', 0x18})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0xb8)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000500)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r6)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="05000000000003000000110000001c00098008"], 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_emit_ethernet(0xa0e, &(0x7f0000000c00)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000009d83afffe800000000000000000000000000000fe8000000000000000000000000000aa86009078ff00000000000000000000000016004af660fdcd2a9d3fea8639c367475824e5ff1fec61d05cd2481e5f16a2e0c0c7a77da8e54574913307583a126de92dd2f27575716d36ceade2ad37f45e18289a13311b1525e24fd1078f16a632b7d9e170e1e59580de090000000000000026862b4351000964ab32e55e4339bb2937602534c310d016fa7537403ddcdd12341a16f2bdef862e5ba4d76e965de44b86e123844d8361242c7809117c5eacdc237022f54dc68760d4711978c0575160dd2dfe2e8500073abc2ac2bfb0f9366574005770a981d0425b685b7f39f2bf671c534e4af4347759f70e051bc102a9d7655956b8bc8486cde8bc388d38001b04640bcae346286d0e12a26ae0b9306929a0b858d121c73730ae09dfd2728cb2b0cce5481bf0927da7d9461cac12d399767fef07a793c77c9628d16b0551a4a033367841b9469c9ef1b9eff68ad8edb00922c3e3518c0926eca71a9b010ae5d9dde15c3ed291778999408550e554455a13bc8f2fe1a284c72c7fb4a12680d256d3677d79c6b2df69b699ef6fb0d7fdafc6e1a028cee81c7bf0702461ebad1952d42a15a3e3906c9e2ca33b0a1005ba756f54c831fe836b3efe7bc4c11d228e93438ca5e1ab9c9fff72cf0d2219f58224c342cac0a80fac82262ee05206e70f21935d7a695a1cc0a94ed336af67e9bac97c7c5fa4f300a0e9ca314da9d26d3c4589546bd588945c97201d5a4088945cc8feabc93170b8faaad5bcc635610e03c5925ce468138598b4f197b89afc19d5cf45771a652011a9963eae8acd27cdadbe46cea242c13964d3177e0cc04f9f2bab688e51081dbde4169bdc7e292e4e0d2ff48ad26617068c541d4ca4e3c59f49cf6016a5c4852bb55d89b92ce72042268e7872d3310fa2692c44d564fa15b7b4d9af0e79eb63f384d1de2b0b5ca67e84df5dfed6fe41f6822fac0b864a433b7e21e1ebd1475abc71dd801239bce9e03385354eb4a4a1250a9682507bce25c85474f186c5610be3fdc53336e0dd39136ab965001fa7d2dc2ac375e31d6681618ce68f2aba5fb5e1fde42d9b5698d49362c3daf8da0b801670c2df17f7d509a7df56be4aacbc3666c25bc6a530c870f6399203bbd58bf121b1310f4abd1ea50a90d308edc540e74d77571b0eea07e5f04d4c283d861f81e213526ea307e085e452338b2f8adad0fa9e71ea8e37595ce1f730107459354e452af2293e475fe35eb836cfade2a387df3dbc02262c76555251fa9c455fc0b517a85c36d0d6d9f9f3db9d0d687a7bc5d71f005416416a4bba57e710285033310091768ace229534932f8e0221e1288a4a1d6fd6c6a6875428155b023e29a4d8d1460b1d05621e102f3b4642c57d954626ec361536f1a24ef71f28dc6f008c13ea4cb45e23a590b436c2319b0629ed8fee581a339a4508149bb46011a5cd9def21802a8869a6669e8e09d118a329d98eeb546f3ea3d915f8983a22e2632c5859d665352bd3c849bdf21bfcd4cd7b7e9b9ea3d75ff09cc306b52c23308356205ca8f6c52b52be52f19fbac9c888e1792022cbde83bb4dda4ec229dc87f704136f2d91bf8e44cfbfeeb8aaf6dcd9a6c9ed49efffafef73a86de6244a93b315f6281f932f54bac128902a219671b6ab7fd25eaee70ac19dfea6a6b2226cafaa3cb429aa377e61d6900a7766c07562306df015162d5209f851e442c22418d487f92f179f3abb7baa6c279ef87572a703aecf8e2ed0c54aed836036bdb3b915f78d38b052310c7a31065903d1cf37565a637f98bc2bdf6a804b0f3916202f72046be4121e0426b9e4894493bc964ce3ed285a60ff003cc1258f47d2133e1fcc47caff9982d7bfba72fede4d0d2ba9a7c4373b579b986b0bb0015d28ac81fdf3744e5bc66118bb7c561e24929cbc4eebe20c01598d246081ea92e6536395c1a393619090e5abf57b9157812d18e82634b43b7931885765bf0d3fb6274badb1b26597ea9f7aff4a6d0e19b3fdb92d3758f4fd43a077ae3e3fc2a719dd764ad3f7d52d62e5b11c8a12a223e2f9d93e51f78a7a36539b95c6b6ba337102a87634cf977fb21a083f6b9968dbb09c7991d1fa780ed86dd4a161e8f2ffbe789894bbd168b8c678ea65a09b23e6773cd4ca1b3490bc6457b0a7474de47cc1b1eae1f787898b63110e47fa0200b5de3fc71841119a8fb60282f4cbcd4139b259eebfd57587c5f9a16c1c069fdf35be821855049d628ef0ebd0970db05cc0f6fe75e99ba934d722870bfabc109b65382059488727e1043db3e195b200856bb9d9f3ad611c89d22e8284158d07e88921ef247c38eb7d224de5ff234ecf9189efbc50fa4b528c0e11de66b32a2d09cb32d124207a2d3001368e76d9efe63014cedf21eab08e7850a63a65a200fc91b347d4a63fd2b571f54f2dc335d8d7edf0e50cd56135560af9a8c7122ada9575a9ec1bf88450da9985c8a21ab82fdf42d6c2d4e60c45e6f0a12e6b9c295c2310822ae00f0a4a66503a17745ff5273d99ca8c295f407ac67045e60f8f2f081eddeef42771604327f479a17a3f6150f253e4f7a163dfedc80ac9a7553d3d70753968d7aace6167d823575428713166f322406c7c36d26bfb2a9b3e431ddc113eb7b6c3c7cdac3ff50db370deb2eb643c5cab9e4e4088bb8c92c6165bb8074f978ac9fe766f3f914e44e4322d83c1d6b2962f5b342e434980b57cbbcfbcbfddc1cd70d6fce8f9a2108ac765ad77d1bedb2e66f3df522114ee7c8cc798a73256460555a76a9b70d5929a7aaa335ec623eb8e7806ab6968e36617018634d8b9b1692f6f1efdf4fc96ea91832a301e77e9e7d52cd137c9a936b572832442a264253df8f5d47b011e6539e43441a51adb681eca2a5fa02ae3022093b220c891e907c9607cc36668b0370541a69882a455e5c3514ef09c9da62fdba6a794aabaaafbb9ce0380703334d965d7e3367cf69e256275f8e1703e8a32d090e9cf3e8e11cc8ada9a7d40475106fcb88ef3efeb6429f5bb7867aea9c433c88171c57f25aced64f13bea65678299551c48c8985083d490d03c22ed3644b518143e869f4a8a60b6e855b2748a32e0ab0fa6688b67ca6f3981c36e4ce583a2d6e8ac4f70a733e25a4067864d28da48f5f2b93fa92d5933dcb1be2e9b18fd8c5f64c9fd2e48ebcd0c74b0672a27a253618864e78657278943f31e2b6ef83f4f22f8a26291e349a5f2b207fdf55843d767b7a8129b1c914b5652c6d5f565b2acde8a8a6ea7481ad7f9d112fe06e0fc987416e3e0e4fe6ac1f4b9468899c89e0641fee96eaaac7eea5b6d3d6ae921ed80c8606f4aaf63e98a3d8f90d8677d791bca07054ed3a552c136e49fd8f17a89f1830aa75e2e33b54f665567c4dc81c21877419f9d821ef48207e4b0a0d90eecec284223eb04e0759f4048e8dc4e44544aa41fc39d05d6c0f80ef9a8e6f14e9d1cd8706867f7d0b07d83f754d1e846f62e0b464ee98568780927ef458b3bf82578af8a588b015b0b703e05deb5c7d6e366dabc0915f7b07cf1bda5af359ddba94cd04397f680ef1f6673c6eb0a0abc438b7426091f1b6fac0c19395cbf8cdd83e9c6d6e953773e5d750a075283794d53de502340c637715e27c54142ca566491edacafca1617367f5ffede817aa29b43e0126811faa8530300cb62487aee6d15ac1519a8d0bc8dc94d0f45b49d0edbe375e1f0dec920524f8aa27ea2863a97ab227fc54b7948ad03a6c4326f27aae463300239c016cdd33273e920f4a421c19f4c166a092d1f198cb3bfcd8f7c30539b1d398597ef79f949e1373dd945599252d568d7da3cf2445465b0bdaaeb150f3aeb1078454dc55b89890160517fc9c907a00e95a333ee6c8dc6c7e652c78714264338579a1ad35e96a32dbc39b3cb36b35d99623a5b7fc9ab2d464a1de033599e87961b68932b364c43b7de27bf6ee02a6a69b136628aff9bfac21897c03ece03a1cadad6f2"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.264167944s ago: executing program 3 (id=1460):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
socket$inet(0x2, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r4, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000"], 0x14}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r5, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newqdisc={0x54, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x0, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x54}}, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r6, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, 0x5c)
fchdir(0xffffffffffffffff)
sendmsg$nl_route_sched(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffddf, &(0x7f0000000200)=ANY=[@ANYRES16])
syz_usb_control_io(r0, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r2)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, r7, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3d}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@private=0xa010102}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8000}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000091}, 0x40001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x77}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x50808, &(0x7f0000000440)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}]}})

2.042013505s ago: executing program 2 (id=1461):
socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000))
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
epoll_create1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r6, 0x7b1, &(0x7f0000000140)={0x0, 0x6})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')

1.88567706s ago: executing program 0 (id=1462):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000042, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0xfffffffd, 0x4, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xd, &(0x7f0000000500)=ANY=[@ANYRES64, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000240)='ufshcd_exception_event\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000060a00000000000000000000000000002800048024000180090001007866726d00000000140002800800014000000000080000400003"], 0x64}}, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b07"], 0xfc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x5453, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/vmallocinfo\x00', 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r8 = accept4(r6, 0x0, 0x0, 0x0)
sendmsg$alg(r8, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x30}, 0x4084800)
sendfile(r5, r6, 0x0, 0x20000023896)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x23a194b442d15c56, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x90)

426.404915ms ago: executing program 2 (id=1463):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_flowlabel\x00')
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4f6947992e95c805ad80000005", @ANYRES8=r1, @ANYBLOB="8866ecff6947cf0072a5eea51b8441d2ff9b55e52ad44c11920c7d8250e773a4c850b9cbdf7f5a8862bf2883d3781994fe2ef97d8d0ba34dd379ccd16f47f800383fdf38a7df8b7aca76f50b8280700c163a95baa330def249dc63ffa130fe020a6da4734514089509fea3ea4cb8b4b0debee3554f4f17f781e86a7df77dc8fcabcce211000000000000000000000000000082c9323f0dad3fe48723cc814b2aae5b2153b0a7679c2fe489af732e0ac600b9990f54df370b4e69192d3edbbdc0a0b4e07da265d64d1a2fa19ab689357991b16f5a67cd77ed639e570044680ab2350841bd90286d109c46f543dc96cf67de5d6cfd52e99ad67b95f856be8fb7697922a26d", @ANYRES32=0x0, @ANYBLOB="0800030002000000"], 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x40080)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xcc71)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000003600)=""/102371, 0x18fe3}], 0x1, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
setns(0xffffffffffffffff, 0x3c020000)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r4, 0xc0e85667, &(0x7f0000000500)={0x40000000, 0x0, "0a1f511f900700427ff44fba1abc61019d30fd87819aba0a3fb25f2167d30b0e"})
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00000015000100000000000000000002000000", @ANYRES32=r7, @ANYBLOB="1400030073797a4674756e"], 0x2c}}, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)={0xfffeffff})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0xfd, 0xfa, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x3, 0x0, 0x7, 0x9}, {0x0, 0x1, 0x0, 0x0, 0x2}, {0x0, 0xffff}], 0xfffffffd})
syz_open_procfs$namespace(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x5cfbc3, 0x0)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

180.073713ms ago: executing program 0 (id=1464):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000060000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000004608f0ff7600000000008500000080000000b7000000000000009500"/57], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r4, 0x8924, 0x0)
r5 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
r6 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x400007, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000b40)={0x1, @pix_mp={0x0, 0x0, 0x59455247}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000040000000000000904000000430000000000000105000000f1000000000000000000000300000000020000000700000000000000030000000000000000"], 0x0, 0x5a}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000000c0), 0x12)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000100), &(0x7f0000000200)=0x8)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000300)=r5, 0x4)
openat$cgroup_int(r8, 0x0, 0x2, 0x0)
mbind(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x6, 0x1f, 0x0)
unshare(0x400)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r9 = syz_usb_connect(0x4, 0x24, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x1ff, 0x8bcc0c0000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x10})
syz_usb_control_io$hid(r9, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="00000100000004"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r9, 0x0, &(0x7f00000011c0)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="00000d0000006a10a066b224df247f0030f3b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 4 (id=1465):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x29)
accept$alg(r0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='mountstats\x00')
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x8, 0x8}, 0x48)
socket$unix(0x1, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x10002})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRES16=r1], 0x20}, 0x1, 0xc00000000000000}, 0x0)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd)

kernel console output (not intermixed with test programs):

 Concurrent blktraces are not allowed on loop0
[  441.227100][ T5233] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  441.313387][ T9765] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1110'.
[  442.396253][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[  442.402821][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  442.492216][ T9770] FAULT_INJECTION: forcing a failure.
[  442.492216][ T9770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  442.556959][ T9770] CPU: 0 UID: 0 PID: 9770 Comm: syz.3.1112 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  442.567680][ T9770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  442.577739][ T9770] Call Trace:
[  442.581024][ T9770]  <TASK>
[  442.583961][ T9770]  dump_stack_lvl+0x241/0x360
[  442.588654][ T9770]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.593865][ T9770]  ? __pfx__printk+0x10/0x10
[  442.598477][ T9770]  ? snprintf+0xda/0x120
[  442.602725][ T9770]  should_fail_ex+0x3b0/0x4e0
[  442.607412][ T9770]  _copy_to_user+0x2f/0xb0
[  442.611837][ T9770]  simple_read_from_buffer+0xca/0x150
[  442.617234][ T9770]  proc_fail_nth_read+0x1e9/0x250
[  442.622274][ T9770]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.627834][ T9770]  ? rw_verify_area+0x52a/0x6b0
[  442.632705][ T9770]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.638268][ T9770]  vfs_read+0x204/0xbc0
[  442.642436][ T9770]  ? __pfx_lock_release+0x10/0x10
[  442.647485][ T9770]  ? __pfx_vfs_read+0x10/0x10
[  442.652167][ T9770]  ? __fget_files+0x29/0x470
[  442.656766][ T9770]  ? __fget_files+0x3f6/0x470
[  442.661470][ T9770]  ksys_read+0x1a0/0x2c0
[  442.665734][ T9770]  ? __pfx_ksys_read+0x10/0x10
[  442.670508][ T9770]  ? do_syscall_64+0x100/0x230
[  442.675287][ T9770]  ? do_syscall_64+0xb6/0x230
[  442.679977][ T9770]  do_syscall_64+0xf3/0x230
[  442.684491][ T9770]  ? clear_bhb_loop+0x35/0x90
[  442.689185][ T9770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.695096][ T9770] RIP: 0033:0x7f99ec175dfc
[  442.699522][ T9770] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  442.719146][ T9770] RSP: 002b:00007f99ecfeb040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  442.727575][ T9770] RAX: ffffffffffffffda RBX: 00007f99ec305f80 RCX: 00007f99ec175dfc
[  442.735554][ T9770] RDX: 000000000000000f RSI: 00007f99ecfeb0b0 RDI: 0000000000000007
[  442.743537][ T9770] RBP: 00007f99ecfeb0a0 R08: 0000000000000000 R09: 0000000000000000
[  442.751516][ T9770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  442.759492][ T9770] R13: 000000000000000b R14: 00007f99ec305f80 R15: 00007ffce396afe8
[  442.767481][ T9770]  </TASK>
[  443.143573][ T9774] XFS (nullb0): Invalid superblock magic number
[  443.219114][ T9791] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1115'.
[  444.110294][ T9804] mkiss: ax0: crc mode is auto.
[  444.474692][ T9810] blktrace: Concurrent blktraces are not allowed on loop0
[  445.317442][ T5233] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  445.783334][    T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  446.001102][    T9] usb 1-1: Using ep0 maxpacket: 16
[  446.035150][    T9] usb 1-1: config 0 has an invalid interface number: 56 but max is 1
[  446.056501][    T9] usb 1-1: config 0 has an invalid descriptor of length 80, skipping remainder of the config
[  446.115523][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  446.159619][    T9] usb 1-1: config 0 has no interface number 0
[  446.201221][    T9] usb 1-1: config 0 interface 56 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  446.267330][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=11.1d
[  446.291125][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.321014][    T9] usb 1-1: Product: syz
[  446.343963][    T9] usb 1-1: Manufacturer: syz
[  446.357161][    T9] usb 1-1: SerialNumber: syz
[  446.379518][    T9] usb 1-1: config 0 descriptor??
[  446.403097][  T941] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  446.606502][    T9] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.56/input/input7
[  446.628361][  T941] usb 4-1: config 0 has an invalid interface number: 206 but max is 0
[  446.650695][ T4653] bcm5974 1-1:0.56: could not read from device
[  446.674118][    T9] usb 1-1: USB disconnect, device number 27
[  446.674786][  T941] usb 4-1: config 0 has no interface number 0
[  446.715327][  T941] usb 4-1: config 0 interface 206 altsetting 211 has 0 endpoint descriptors, different from the interface descriptor's value: 19
[  446.761052][  T941] usb 4-1: config 0 interface 206 has no altsetting 0
[  446.790127][  T941] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  446.834786][  T941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.894070][  T941] usb 4-1: config 0 descriptor??
[  447.387622][ T9835] tmpfs: Unknown parameter 'nr_ino>JÔC÷des'
[  447.398627][ T9838] FAULT_INJECTION: forcing a failure.
[  447.398627][ T9838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  447.415283][  T941] usb 4-1: string descriptor 0 read error: -32
[  447.465103][ T9838] CPU: 0 UID: 0 PID: 9838 Comm: syz.0.1127 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  447.475807][ T9838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  447.485872][ T9838] Call Trace:
[  447.489169][ T9838]  <TASK>
[  447.492112][ T9838]  dump_stack_lvl+0x241/0x360
[  447.496798][ T9838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  447.501991][ T9838]  ? __pfx__printk+0x10/0x10
[  447.506584][ T9838]  ? snprintf+0xda/0x120
[  447.510830][ T9838]  should_fail_ex+0x3b0/0x4e0
[  447.515528][ T9838]  _copy_to_user+0x2f/0xb0
[  447.519965][ T9838]  simple_read_from_buffer+0xca/0x150
[  447.525358][ T9838]  proc_fail_nth_read+0x1e9/0x250
[  447.530394][ T9838]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  447.535942][ T9838]  ? rw_verify_area+0x520/0x6b0
[  447.540797][ T9838]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  447.546357][ T9838]  vfs_read+0x204/0xbc0
[  447.550505][ T9838]  ? __pfx_lock_release+0x10/0x10
[  447.555546][ T9838]  ? __pfx_vfs_read+0x10/0x10
[  447.560221][ T9838]  ? __fget_files+0x29/0x470
[  447.564832][ T9838]  ? __fget_files+0x3f6/0x470
[  447.569545][ T9838]  ksys_read+0x1a0/0x2c0
[  447.573808][ T9838]  ? __pfx_ksys_read+0x10/0x10
[  447.578583][ T9838]  ? do_syscall_64+0x100/0x230
[  447.583364][ T9838]  ? do_syscall_64+0xb6/0x230
[  447.588062][ T9838]  do_syscall_64+0xf3/0x230
[  447.592581][ T9838]  ? clear_bhb_loop+0x35/0x90
[  447.597282][ T9838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.603174][ T9838] RIP: 0033:0x7f3527575dfc
[  447.607599][ T9838] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  447.627221][ T9838] RSP: 002b:00007f3528400040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  447.633152][ T9840] netlink: 4544 bytes leftover after parsing attributes in process `syz.4.1125'.
[  447.635617][ T9838] RAX: ffffffffffffffda RBX: 00007f3527705f80 RCX: 00007f3527575dfc
[  447.652721][ T9838] RDX: 000000000000000f RSI: 00007f35284000b0 RDI: 0000000000000004
[  447.660704][ T9838] RBP: 00007f35284000a0 R08: 0000000000000000 R09: 0000000000000000
[  447.668689][ T9838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.676674][ T9838] R13: 000000000000000b R14: 00007f3527705f80 R15: 00007ffcd9621eb8
[  447.684676][ T9838]  </TASK>
[  447.702005][ T9840] netlink: 4544 bytes leftover after parsing attributes in process `syz.4.1125'.
[  448.562555][ T9850] blktrace: Concurrent blktraces are not allowed on loop0
[  449.302007][  T941] usb 4-1: Cannot read MAC address
[  449.315905][ T5330] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  449.320582][ T5221] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  449.334535][  T941] MOSCHIP usb-ethernet driver 4-1:0.206: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  449.519841][  T941] usb 4-1: USB disconnect, device number 43
[  449.879841][ T5330] usb 1-1: Using ep0 maxpacket: 16
[  449.888770][ T5330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  450.020744][ T5330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  450.130334][ T5330] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  450.534432][ T5330] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.555998][ T5330] usb 1-1: config 0 descriptor??
[  451.444190][ T9867] XFS (nullb0): Invalid superblock magic number
[  451.550702][ T9847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.566704][ T9847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.584838][ T9878] netlink: 'syz.3.1138': attribute type 10 has an invalid length.
[  451.629079][ T9878] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1138'.
[  451.650364][ T9878] bond0: entered promiscuous mode
[  451.650386][ T9878] bond_slave_0: entered promiscuous mode
[  451.650656][ T9878] bond_slave_1: entered promiscuous mode
[  451.668324][ T9878] bridge0: port 3(bond0) entered blocking state
[  451.668505][ T9878] bridge0: port 3(bond0) entered disabled state
[  451.668685][ T9878] bond0: entered allmulticast mode
[  451.668703][ T9878] bond_slave_0: entered allmulticast mode
[  451.668718][ T9878] bond_slave_1: entered allmulticast mode
[  451.671813][ T9878] bridge0: port 3(bond0) entered blocking state
[  451.672910][ T9878] bridge0: port 3(bond0) entered forwarding state
[  452.401154][ T9893] blktrace: Concurrent blktraces are not allowed on loop0
[  453.110312][ T5233] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  453.132664][ T5330] usbhid 1-1:0.0: can't add hid device: -71
[  453.141376][ T5330] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  453.163371][ T5330] usb 1-1: USB disconnect, device number 28
[  453.194830][ T5233] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  453.303564][ T5233] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  453.313092][ T5233] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  453.322033][ T5233] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  453.330219][ T5233] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  453.343896][ T5233] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  453.491452][ T9906] XFS (nullb0): Invalid superblock magic number
[  454.070945][ T9897] chnl_net:caif_netlink_parms(): no params data found
[  454.369198][ T9897] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.402681][ T9897] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.409952][ T9897] bridge_slave_0: entered allmulticast mode
[  454.429180][ T9897] bridge_slave_0: entered promiscuous mode
[  454.445900][ T9897] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.463945][ T9897] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.471212][ T9897] bridge_slave_1: entered allmulticast mode
[  454.510337][ T9897] bridge_slave_1: entered promiscuous mode
[  455.430077][ T5233] Bluetooth: hci6: command tx timeout
[  455.441221][ T9897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  455.527606][ T9897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  455.671887][ T1177] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  455.856718][ T9897] team0: Port device team_slave_0 added
[  455.865788][ T1177] usb 2-1: Using ep0 maxpacket: 8
[  455.985727][ T9949] blktrace: Concurrent blktraces are not allowed on loop0
[  456.268958][ T9897] team0: Port device team_slave_1 added
[  456.606676][ T1177] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  456.616072][ T1177] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.627229][ T1177] usb 2-1: config 0 descriptor??
[  456.689959][ T9897] batman_adv: batadv0: Adding interface: batadv_slave_0
[  456.696940][ T9897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  456.785384][ T9897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  456.806272][ T9897] batman_adv: batadv0: Adding interface: batadv_slave_1
[  456.832056][ T9897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  456.889345][ T9897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  457.098293][ T9963] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1161'.
[  457.103604][ T9897] hsr_slave_0: entered promiscuous mode
[  457.143024][ T9897] hsr_slave_1: entered promiscuous mode
[  457.169331][ T9897] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  457.193769][ T9897] Cannot create hsr debugfs directory
[  457.524235][ T5233] Bluetooth: hci6: command tx timeout
[  457.911103][ T9978] blktrace: Concurrent blktraces are not allowed on loop0
[  458.478920][ T1177] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  458.492068][ T1177] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  458.502573][ T1177] asix 2-1:0.0: probe with driver asix failed with error -71
[  458.542878][ T1177] usb 2-1: USB disconnect, device number 34
[  458.768759][ T9897] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.839736][ T9981] netlink: 'syz.3.1166': attribute type 12 has an invalid length.
[  459.193222][ T9897] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.203930][    T9] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  459.619343][ T5233] Bluetooth: hci6: command tx timeout
[  459.765516][ T5233] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  459.959986][    T9] usb 4-1: string descriptor 0 read error: -22
[  459.970553][    T9] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  460.002924][ T9897] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.019311][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.064556][    T9] usb 4-1: config 0 descriptor??
[  460.087685][T10000] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1172'.
[  460.098107][    T9] usb 4-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  460.105286][    T9] usb 4-1: No valid video chain found.
[  460.219388][ T9897] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.848466][ T9897] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  461.711684][ T5233] Bluetooth: hci6: command tx timeout
[  461.835289][ T9897] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  461.888314][    T9] usb 4-1: USB disconnect, device number 44
[  461.900454][ T9897] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  461.933473][ T9897] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  462.212212][ T9897] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.276255][ T9897] 8021q: adding VLAN 0 to HW filter on device team0
[  462.555617][T10004] syz.1.1174: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[  462.738364][T10017] blktrace: Concurrent blktraces are not allowed on loop0
[  463.462506][T10019] blktrace: Concurrent blktraces are not allowed on loop0
[  463.648198][T10004] ,cpuset=syz1,mems_allowed=0-1
[  463.668378][T10004] CPU: 0 UID: 0 PID: 10004 Comm: syz.1.1174 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  463.679189][T10004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  463.689256][T10004] Call Trace:
[  463.692538][T10004]  <TASK>
[  463.695473][T10004]  dump_stack_lvl+0x241/0x360
[  463.700170][T10004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.705386][T10004]  ? __pfx__printk+0x10/0x10
[  463.709994][T10004]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  463.716416][T10004]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  463.722926][T10004]  warn_alloc+0x278/0x410
[  463.727275][T10004]  ? __pfx_warn_alloc+0x10/0x10
[  463.732145][T10004]  ? translate_table+0x174/0x2330
[  463.737181][T10004]  ? __get_vm_area_node+0x23d/0x270
[  463.742397][T10004]  __vmalloc_node_range_noprof+0x69f/0x1460
[  463.748301][T10004]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  463.754057][T10004]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  463.760394][T10004]  ? rcu_is_watching+0x15/0xb0
[  463.765170][T10004]  ? trace_kmalloc+0x1f/0xd0
[  463.769772][T10004]  ? __kmalloc_node_noprof+0x247/0x440
[  463.775245][T10004]  ? __kvmalloc_node_noprof+0x72/0x190
[  463.780715][T10004]  __kvmalloc_node_noprof+0x142/0x190
[  463.786099][T10004]  ? translate_table+0x174/0x2330
[  463.791131][T10004]  translate_table+0x174/0x2330
[  463.796022][T10004]  ? __pfx_translate_table+0x10/0x10
[  463.801313][T10004]  ? __might_fault+0xaa/0x120
[  463.806002][T10004]  ? __pfx_lock_release+0x10/0x10
[  463.811046][T10004]  ? __might_fault+0xaa/0x120
[  463.815730][T10004]  ? __might_fault+0xc6/0x120
[  463.820416][T10004]  ? _copy_from_user+0xa6/0xe0
[  463.825202][T10004]  ? copy_from_sockptr_offset+0x6b/0xb0
[  463.830785][T10004]  do_ip6t_set_ctl+0xe4c/0x1270
[  463.835659][T10004]  ? __pfx___might_resched+0x10/0x10
[  463.840957][T10004]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  463.846254][T10004]  ? __pfx_lock_release+0x10/0x10
[  463.851312][T10004]  ? __mutex_unlock_slowpath+0x21d/0x750
[  463.856966][T10004]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  463.862977][T10004]  nf_setsockopt+0x295/0x2c0
[  463.867595][T10004]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  463.873508][T10004]  do_sock_setsockopt+0x3af/0x720
[  463.878553][T10004]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  463.884120][T10004]  ? __fget_files+0x29/0x470
[  463.888736][T10004]  ? __fget_files+0x3f6/0x470
[  463.893438][T10004]  __sys_setsockopt+0x1ae/0x250
[  463.898308][T10004]  __x64_sys_setsockopt+0xb5/0xd0
[  463.903350][T10004]  do_syscall_64+0xf3/0x230
[  463.907877][T10004]  ? clear_bhb_loop+0x35/0x90
[  463.912577][T10004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.918492][T10004] RIP: 0033:0x7fdec31773b9
[  463.922923][T10004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.922946][  T941] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.942519][T10004] RSP: 002b:00007fdec3f48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  463.942543][T10004] RAX: ffffffffffffffda RBX: 00007fdec3305f80 RCX: 00007fdec31773b9
[  463.942555][T10004] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  463.942567][T10004] RBP: 00007fdec31e48e6 R08: 00000000000007b0 R09: 0000000000000000
[  463.942579][T10004] R10: 0000000020001280 R11: 0000000000000246 R12: 0000000000000000
[  463.942592][T10004] R13: 000000000000000b R14: 00007fdec3305f80 R15: 00007ffde93116b8
[  463.949737][  T941] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.958020][T10004]  </TASK>
[  464.066762][T10004] Mem-Info:
[  464.084709][T10004] active_anon:256 inactive_anon:4519 isolated_anon:0
[  464.084709][T10004]  active_file:14349 inactive_file:40623 isolated_file:0
[  464.084709][T10004]  unevictable:335914 dirty:395 writeback:0
[  464.084709][T10004]  slab_reclaimable:10066 slab_unreclaimable:102401
[  464.084709][T10004]  mapped:30701 shmem:336397 pagetables:849
[  464.084709][T10004]  sec_pagetables:0 bounce:0
[  464.084709][T10004]  kernel_misc_reclaimable:0
[  464.084709][T10004]  free:988276 free_pcp:6895 free_cma:0
[  464.177087][  T941] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.184255][  T941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.206556][T10004] Node 0 active_anon:1020kB inactive_anon:18340kB active_file:57324kB inactive_file:162492kB unevictable:1333544kB isolated(anon):0kB isolated(file):0kB mapped:122796kB dirty:1580kB writeback:0kB shmem:1335544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10476kB pagetables:3392kB sec_pagetables:0kB all_unreclaimable? no
[  464.243669][T10004] Node 1 active_anon:4kB inactive_anon:36kB active_file:72kB inactive_file:0kB unevictable:11712kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:11744kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:136kB pagetables:104kB sec_pagetables:0kB all_unreclaimable? no
[  464.276748][T10004] Node 0 DMA free:10496kB boost:2048kB min:2252kB low:2300kB high:2348kB reserved_highatomic:0KB active_anon:0kB inactive_anon:64kB active_file:0kB inactive_file:0kB unevictable:988kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:44kB local_pcp:8kB free_cma:0kB
[  464.319108][T10004] lowmem_reserve[]: 0 2563 2565 0 0
[  464.324410][T10004] Node 0 DMA32 free:57876kB boost:14336kB min:49372kB low:58128kB high:66884kB reserved_highatomic:0KB active_anon:1016kB inactive_anon:18256kB active_file:55812kB inactive_file:162428kB unevictable:1332676kB writepending:1576kB present:3129332kB managed:2653300kB mlocked:0kB bounce:0kB free_pcp:1948kB local_pcp:780kB free_cma:0kB
[  464.408320][T10004] lowmem_reserve[]: 0 0 1 0 0
[  464.413196][T10004] Node 0 Normal free:8kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1512kB inactive_file:64kB unevictable:0kB writepending:4kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  464.519805][T10004] lowmem_reserve[]: 0 0 0 0 0
[  464.524601][T10004] Node 1 Normal free:3881248kB boost:0kB min:54844kB low:68552kB high:82260kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:72kB inactive_file:0kB unevictable:13512kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:25972kB local_pcp:17100kB free_cma:0kB
[  464.645929][T10004] lowmem_reserve[]: 0 0 0 0 0
[  464.659822][T10004] Node 0 DMA: 4*4kB (UM) 2*8kB (UM) 2*16kB (UM) 3*32kB (UM) 1*64kB (M) 0*128kB 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 1*2048kB (M) 1*4096kB (M) = 8416kB
[  464.760405][T10004] Node 0 DMA32: 169*4kB (UME) 892*8kB (UME) 600*16kB (UME) 424*32kB (UME) 233*64kB (UME) 48*128kB (UME) 20*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 57668kB
[  464.770603][ T5270] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  464.844525][T10004] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  464.896753][T10004] Node 1 Normal: 1*4kB (E) 1*8kB (M) 1*16kB (U) 3*32kB (UME) 1*64kB (E) 1*128kB (M) 2*256kB (ME) 2*512kB (UE) 1*1024kB (U) 3*2048kB (UME) 943*4096kB (M) = 3871548kB
[  465.049547][T10004] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  465.059928][T10004] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=1 hugepages_size=2048kB
[  465.070549][T10004] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  465.081691][ T5270] usb 4-1: Using ep0 maxpacket: 8
[  465.086939][T10004] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  465.819723][T10004] 397066 total pagecache pages
[  465.824537][T10004] 10 pages in swap cache
[  465.921190][ T5270] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  465.927437][T10004] Free swap  = 124456kB
[  465.942667][ T5270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.951193][ T5270] usb 4-1: Product: syz
[  465.955453][ T5270] usb 4-1: Manufacturer: syz
[  465.960833][ T5270] usb 4-1: SerialNumber: syz
[  465.973910][ T5270] usb 4-1: config 0 descriptor??
[  465.976708][ T9897] 8021q: adding VLAN 0 to HW filter on device batadv0
[  465.996444][T10004] Total swap = 124996kB
[  466.007376][T10004] 2097051 pages RAM
[  466.021041][ T5270] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  466.030484][T10004] 0 pages HighMem/MovableOnly
[  466.068862][T10004] 402196 pages reserved
[  466.074141][ T5270] usb 4-1: setting power ON
[  466.088352][T10004] 0 pages cma reserved
[  466.094644][ T5270] dvb-usb: bulk message failed: -22 (2/0)
[  466.134162][ T5270] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  466.172606][ T5270] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  466.263875][ T9897] veth0_vlan: entered promiscuous mode
[  466.350183][ T9897] veth1_vlan: entered promiscuous mode
[  466.670759][T10047] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1180'.
[  466.679972][T10047] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1180'.
[  466.689036][T10047] netlink: 'syz.3.1180': attribute type 5 has an invalid length.
[  466.696846][T10047] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1180'.
[  466.734983][ T9897] veth0_macvtap: entered promiscuous mode
[  466.900843][ T9897] veth1_macvtap: entered promiscuous mode
[  467.020164][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.031924][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.042999][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.054137][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.065944][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.079280][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.089886][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.100894][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.111976][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.122888][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.133138][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.144668][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.163806][ T9897] batman_adv: batadv0: Interface activated: batadv_slave_0
[  467.211069][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.222800][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.233256][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.244022][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.254028][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.265515][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.279039][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.290334][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.305303][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.317190][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.328112][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.339361][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.350645][ T9897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.361940][ T9897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.381243][ T9897] batman_adv: batadv0: Interface activated: batadv_slave_1
[  467.414460][ T9897] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  467.423667][ T9897] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  467.444919][ T9897] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  467.454447][ T9897] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  467.891102][    T9] usb 4-1: USB disconnect, device number 45
[  467.942155][ T6974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  467.981495][ T6974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  468.202379][ T6974] bridge_slave_1: left allmulticast mode
[  468.208058][ T6974] bridge_slave_1: left promiscuous mode
[  468.239801][ T6974] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.396348][ T6974] bridge_slave_0: left allmulticast mode
[  468.421863][ T6974] bridge_slave_0: left promiscuous mode
[  468.427680][ T6974] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.578417][T10061] blktrace: Concurrent blktraces are not allowed on loop0
[  469.649273][ T5222] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  469.916364][ T5222] usb 5-1: string descriptor 0 read error: -22
[  469.948468][ T5222] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  469.973824][ T5222] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.021926][ T5222] usb 5-1: config 0 descriptor??
[  470.038811][ T5222] usb 5-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  470.111335][ T5222] usb 5-1: No valid video chain found.
[  471.508952][ T6974] bond0 (unregistering): left promiscuous mode
[  471.515173][ T6974] bond_slave_0: left promiscuous mode
[  471.559364][ T6974] bond_slave_1: left promiscuous mode
[  471.570245][ T6974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  471.645146][ T6974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  471.661876][ T5221] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  471.674065][ T6974] bond0 (unregistering): Released all slaves
[  471.674246][ T5221] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  471.689181][ T5221] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  471.703206][ T5221] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  471.717988][ T5221] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  471.718329][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.740304][ T5221] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  471.795356][T10055] netlink: 'syz.4.1186': attribute type 12 has an invalid length.
[  471.821169][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.865148][  T941] usb 5-1: USB disconnect, device number 30
[  472.576345][    T8] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  472.753176][ T6974] team0: left promiscuous mode
[  472.775984][ T6974] team_slave_0: left promiscuous mode
[  472.782106][T10088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1194'.
[  472.793895][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  472.815890][ T6974] team_slave_1: left promiscuous mode
[  472.826559][T10088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1194'.
[  472.843847][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  472.868912][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  472.879239][T10090] netlink: 'syz.0.1194': attribute type 11 has an invalid length.
[  472.907748][    T8] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  472.912542][T10090] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1194'.
[  472.928560][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.976416][   T29] audit: type=1326 audit(471.048:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10091 comm="syz.4.1195" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65fd1773b9 code=0x0
[  472.998039][    T8] usb 3-1: config 0 descriptor??
[  473.013558][ T6974] hsr_slave_0: left promiscuous mode
[  473.025031][ T6974] hsr_slave_1: left promiscuous mode
[  473.079693][ T6974] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.129843][ T6974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  473.173416][ T6974] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.196123][ T6974] batman_adv: batadv0: Removing interface: batadv_slave_1
[  473.290495][ T6974] veth1_macvtap: left allmulticast mode
[  473.307764][ T6974] veth1_macvtap: left promiscuous mode
[  473.319688][ T6974] veth0_macvtap: left promiscuous mode
[  473.334667][ T6974] veth1_vlan: left promiscuous mode
[  473.369295][  T941] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  473.475040][    T8] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  473.475841][    T8] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  473.499303][    T8] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  473.570180][  T941] usb 5-1: device descriptor read/64, error -71
[  473.782904][ T5221] Bluetooth: hci1: command tx timeout
[  473.842484][  T941] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  473.863265][T10077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  473.894349][T10077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.082985][  T941] usb 5-1: device descriptor read/64, error -71
[  474.224856][  T941] usb usb5-port1: attempt power cycle
[  474.677042][  T941] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  474.751797][  T941] usb 5-1: device descriptor read/8, error -71
[  475.056284][  T941] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  475.116217][  T941] usb 5-1: device descriptor read/8, error -71
[  475.225656][ T6974] team0 (unregistering): Port device team_slave_1 removed
[  475.235393][ T5221] Bluetooth: hci5: command 0x0406 tx timeout
[  475.253626][  T941] usb usb5-port1: unable to enumerate USB device
[  475.354650][ T6974] team0 (unregistering): Port device team_slave_0 removed
[  475.572307][ T5233] Bluetooth: hci6: ISO packet for unknown connection handle 3300
[  475.748787][    T8] usb 3-1: USB disconnect, device number 36
[  475.875216][ T5233] Bluetooth: hci1: command tx timeout
[  475.910983][T10104] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1197'.
[  476.252505][T10107] FAULT_INJECTION: forcing a failure.
[  476.252505][T10107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  476.299087][T10107] CPU: 1 UID: 0 PID: 10107 Comm: syz.4.1198 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  476.309980][T10107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  476.320057][T10107] Call Trace:
[  476.323352][T10107]  <TASK>
[  476.326290][T10107]  dump_stack_lvl+0x241/0x360
[  476.330996][T10107]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.336221][T10107]  ? __pfx__printk+0x10/0x10
[  476.340838][T10107]  ? snprintf+0xda/0x120
[  476.345096][T10107]  should_fail_ex+0x3b0/0x4e0
[  476.349795][T10107]  _copy_to_user+0x2f/0xb0
[  476.354235][T10107]  simple_read_from_buffer+0xca/0x150
[  476.359640][T10107]  proc_fail_nth_read+0x1e9/0x250
[  476.364690][T10107]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.370249][T10107]  ? rw_verify_area+0x520/0x6b0
[  476.375098][T10107]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.380638][T10107]  vfs_read+0x204/0xbc0
[  476.384784][T10107]  ? __pfx_lock_release+0x10/0x10
[  476.389805][T10107]  ? __pfx_vfs_read+0x10/0x10
[  476.394473][T10107]  ? __fget_files+0x29/0x470
[  476.399059][T10107]  ? __fget_files+0x3f6/0x470
[  476.403733][T10107]  ksys_read+0x1a0/0x2c0
[  476.407968][T10107]  ? __pfx_ksys_read+0x10/0x10
[  476.412722][T10107]  ? do_syscall_64+0x100/0x230
[  476.417479][T10107]  ? do_syscall_64+0xb6/0x230
[  476.422148][T10107]  do_syscall_64+0xf3/0x230
[  476.426645][T10107]  ? clear_bhb_loop+0x35/0x90
[  476.431315][T10107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.437207][T10107] RIP: 0033:0x7f65fd175dfc
[  476.441617][T10107] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  476.461226][T10107] RSP: 002b:00007f65fcbff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  476.469633][T10107] RAX: ffffffffffffffda RBX: 00007f65fd306058 RCX: 00007f65fd175dfc
[  476.477595][T10107] RDX: 000000000000000f RSI: 00007f65fcbff0b0 RDI: 0000000000000004
[  476.485558][T10107] RBP: 00007f65fcbff0a0 R08: 0000000000000000 R09: 0000000000000000
[  476.493519][T10107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.501476][T10107] R13: 000000000000006e R14: 00007f65fd306058 R15: 00007ffd849347b8
[  476.509449][T10107]  </TASK>
[  477.002880][T10110] netlink: 'syz.2.1199': attribute type 12 has an invalid length.
[  477.241278][T10119] netlink: 763 bytes leftover after parsing attributes in process `syz.4.1202'.
[  477.339568][ T5274] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  477.635612][ T5274] usb 3-1: string descriptor 0 read error: -22
[  477.662326][T10070] chnl_net:caif_netlink_parms(): no params data found
[  477.672477][ T5274] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  477.698367][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.742325][ T5274] usb 3-1: config 0 descriptor??
[  477.771975][T10126] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1204'.
[  477.783609][ T5274] usb 3-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  477.790498][ T5274] usb 3-1: No valid video chain found.
[  477.962585][ T5233] Bluetooth: hci1: command tx timeout
[  478.060408][   T29] audit: type=1326 audit(476.102:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10117 comm="syz.4.1202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65fd1773b9 code=0x0
[  479.612823][T10070] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.652132][T10070] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.675866][T10070] bridge_slave_0: entered allmulticast mode
[  479.711303][T10070] bridge_slave_0: entered promiscuous mode
[  479.731861][T10070] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.760304][T10070] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.768971][ T5221] Bluetooth: hci5: ISO packet for unknown connection handle 3300
[  479.776928][ T5221] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  479.778169][T10070] bridge_slave_1: entered allmulticast mode
[  479.793308][T10070] bridge_slave_1: entered promiscuous mode
[  479.897481][ T5331] usb 3-1: USB disconnect, device number 37
[  480.052757][ T5221] Bluetooth: hci1: command tx timeout
[  480.074447][T10070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.140821][T10070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.230855][T10146] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1208'.
[  480.322172][T10070] team0: Port device team_slave_0 added
[  480.380777][T10070] team0: Port device team_slave_1 added
[  480.585712][T10070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.605629][T10070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.009154][T10153] blktrace: Concurrent blktraces are not allowed on loop0
[  481.640241][T10070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.702628][T10070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.709969][T10070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.753855][ T5221] Bluetooth: hci6: command 0x0406 tx timeout
[  481.791164][T10070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.926869][T10159] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  482.080562][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1212'.
[  482.130778][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1212'.
[  482.161270][T10163] netlink: 'syz.2.1212': attribute type 11 has an invalid length.
[  482.208895][T10070] hsr_slave_0: entered promiscuous mode
[  482.223048][T10163] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1212'.
[  482.259359][T10070] hsr_slave_1: entered promiscuous mode
[  482.278686][T10070] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  482.303279][T10070] Cannot create hsr debugfs directory
[  482.885048][T10169] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  483.057234][ T5222] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  483.208915][T10070] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.287781][ T5222] usb 5-1: Using ep0 maxpacket: 16
[  483.322090][ T5222] usb 5-1: too many configurations: 51, using maximum allowed: 8
[  483.349424][T10178] netlink: 'syz.2.1217': attribute type 12 has an invalid length.
[  483.369194][ T5222] usb 5-1: unable to read config index 0 descriptor/start: -61
[  483.385553][T10179] FAULT_INJECTION: forcing a failure.
[  483.385553][T10179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  483.398684][ T5222] usb 5-1: can't read configurations, error -61
[  483.447324][T10070] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.497529][T10179] CPU: 1 UID: 0 PID: 10179 Comm: syz.3.1218 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  483.508322][T10179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  483.518370][T10179] Call Trace:
[  483.521641][T10179]  <TASK>
[  483.524562][T10179]  dump_stack_lvl+0x241/0x360
[  483.529240][T10179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  483.534431][T10179]  ? __pfx__printk+0x10/0x10
[  483.539024][T10179]  ? __pfx_lock_release+0x10/0x10
[  483.544058][T10179]  should_fail_ex+0x3b0/0x4e0
[  483.548730][T10179]  _copy_from_user+0x2f/0xe0
[  483.553319][T10179]  copy_msghdr_from_user+0xae/0x680
[  483.558511][T10179]  ? _parse_integer_limit+0x1b5/0x200
[  483.563881][T10179]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  483.569696][T10179]  __sys_sendmmsg+0x374/0x740
[  483.574368][T10179]  ? __pfx___sys_sendmmsg+0x10/0x10
[  483.579579][T10179]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  483.585468][T10179]  ? ksys_write+0x23e/0x2c0
[  483.589962][T10179]  ? __pfx_lock_release+0x10/0x10
[  483.594982][T10179]  ? vfs_write+0x7c4/0xc90
[  483.599389][T10179]  ? __mutex_unlock_slowpath+0x21d/0x750
[  483.605012][T10179]  ? __pfx_vfs_write+0x10/0x10
[  483.609782][T10179]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  483.615753][T10179]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  483.622072][T10179]  ? do_syscall_64+0x100/0x230
[  483.626830][T10179]  __x64_sys_sendmmsg+0xa0/0xb0
[  483.631672][T10179]  do_syscall_64+0xf3/0x230
[  483.636175][T10179]  ? clear_bhb_loop+0x35/0x90
[  483.640865][T10179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.646757][T10179] RIP: 0033:0x7f99ec1773b9
[  483.651162][T10179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.671109][T10179] RSP: 002b:00007f99ecfa9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  483.679521][T10179] RAX: ffffffffffffffda RBX: 00007f99ec306130 RCX: 00007f99ec1773b9
[  483.687492][T10179] RDX: 0000000004000095 RSI: 0000000020005240 RDI: 0000000000000005
[  483.695457][T10179] RBP: 00007f99ecfa90a0 R08: 0000000000000000 R09: 0000000000000000
[  483.703418][T10179] R10: 000000003a00ea60 R11: 0000000000000246 R12: 0000000000000001
[  483.711377][T10179] R13: 000000000000006e R14: 00007f99ec306130 R15: 00007ffce396afe8
[  483.719347][T10179]  </TASK>
[  483.740653][ T5222] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  483.991078][ T5222] usb 5-1: Using ep0 maxpacket: 16
[  483.999278][T10070] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.030158][ T5222] usb 5-1: too many configurations: 51, using maximum allowed: 8
[  484.050334][ T5222] usb 5-1: unable to read config index 0 descriptor/start: -61
[  484.058029][    T8] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  484.103013][ T5222] usb 5-1: can't read configurations, error -61
[  484.122115][ T5222] usb usb5-port1: attempt power cycle
[  484.280627][    T8] usb 3-1: string descriptor 0 read error: -22
[  484.313798][    T8] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  484.340329][T10070] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.354695][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.430431][    T8] usb 3-1: config 0 descriptor??
[  484.475346][    T8] usb 3-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  484.527165][    T8] usb 3-1: No valid video chain found.
[  484.583718][ T5222] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  484.644386][ T5222] usb 5-1: Using ep0 maxpacket: 16
[  484.650012][ T5222] usb 5-1: too many configurations: 51, using maximum allowed: 8
[  484.696888][ T5222] usb 5-1: unable to read config index 0 descriptor/start: -61
[  484.743318][ T5222] usb 5-1: can't read configurations, error -61
[  484.915316][ T5222] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  484.996944][ T5222] usb 5-1: Using ep0 maxpacket: 16
[  485.009825][ T5222] usb 5-1: too many configurations: 51, using maximum allowed: 8
[  485.097884][ T5222] usb 5-1: unable to read config index 0 descriptor/start: -61
[  485.112933][T10070] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  485.164755][ T5222] usb 5-1: can't read configurations, error -61
[  485.196780][T10070] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  485.205434][ T5222] usb usb5-port1: unable to enumerate USB device
[  485.279818][T10070] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  485.318956][T10070] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  485.813934][T10187] blktrace: Concurrent blktraces are not allowed on loop0
[  486.563744][  T941] usb 3-1: USB disconnect, device number 38
[  486.650966][T10070] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.741458][   T29] audit: type=1326 audit(484.732:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10193 comm="syz.2.1222" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35fed773b9 code=0x0
[  486.765530][T10197] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1221'.
[  486.822623][T10070] 8021q: adding VLAN 0 to HW filter on device team0
[  486.872667][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.879878][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  486.921633][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.928861][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  487.152576][T10201] FAULT_INJECTION: forcing a failure.
[  487.152576][T10201] name failslab, interval 1, probability 0, space 0, times 0
[  487.183296][T10201] CPU: 0 UID: 0 PID: 10201 Comm: syz.3.1224 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  487.194096][T10201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  487.204141][T10201] Call Trace:
[  487.207406][T10201]  <TASK>
[  487.210320][T10201]  dump_stack_lvl+0x241/0x360
[  487.214990][T10201]  ? __pfx_dump_stack_lvl+0x10/0x10
[  487.220184][T10201]  ? __pfx__printk+0x10/0x10
[  487.224760][T10201]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  487.230205][T10201]  ? __pfx___might_resched+0x10/0x10
[  487.235493][T10201]  should_fail_ex+0x3b0/0x4e0
[  487.240181][T10201]  should_failslab+0xac/0x100
[  487.244846][T10201]  ? ucma_alloc_ctx+0x4b/0x2c0
[  487.249595][T10201]  __kmalloc_cache_noprof+0x6c/0x2c0
[  487.254868][T10201]  ucma_alloc_ctx+0x4b/0x2c0
[  487.259449][T10201]  ucma_create_id+0x237/0x500
[  487.264112][T10201]  ? __might_fault+0xaa/0x120
[  487.268774][T10201]  ? __pfx_ucma_create_id+0x10/0x10
[  487.273962][T10201]  ? __might_fault+0xc6/0x120
[  487.278624][T10201]  ? __pfx_ucma_create_id+0x10/0x10
[  487.283802][T10201]  ucma_write+0x2df/0x430
[  487.288118][T10201]  ? __import_iovec+0x361/0x820
[  487.292955][T10201]  ? __pfx_ucma_write+0x10/0x10
[  487.297789][T10201]  ? bpf_lsm_file_permission+0x9/0x10
[  487.303146][T10201]  ? rw_verify_area+0x1d2/0x6b0
[  487.307986][T10201]  vfs_writev+0x5af/0xbb0
[  487.312304][T10201]  ? __pfx_ucma_write+0x10/0x10
[  487.317135][T10201]  ? __pfx_vfs_writev+0x10/0x10
[  487.321968][T10201]  ? vfs_write+0x7c4/0xc90
[  487.326369][T10201]  ? __fget_files+0x29/0x470
[  487.330947][T10201]  do_writev+0x1b1/0x350
[  487.335176][T10201]  ? __pfx_do_writev+0x10/0x10
[  487.339933][T10201]  ? do_syscall_64+0x100/0x230
[  487.344695][T10201]  ? do_syscall_64+0xb6/0x230
[  487.349366][T10201]  do_syscall_64+0xf3/0x230
[  487.353860][T10201]  ? clear_bhb_loop+0x35/0x90
[  487.358542][T10201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.364430][T10201] RIP: 0033:0x7f99ec1773b9
[  487.368835][T10201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  487.388431][T10201] RSP: 002b:00007f99ecfeb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  487.396836][T10201] RAX: ffffffffffffffda RBX: 00007f99ec305f80 RCX: 00007f99ec1773b9
[  487.404793][T10201] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000004
[  487.412751][T10201] RBP: 00007f99ecfeb0a0 R08: 0000000000000000 R09: 0000000000000000
[  487.420717][T10201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.428681][T10201] R13: 000000000000000b R14: 00007f99ec305f80 R15: 00007ffce396afe8
[  487.436658][T10201]  </TASK>
[  487.445875][  T941] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  487.659233][  T941] usb 3-1: Using ep0 maxpacket: 8
[  487.679064][  T941] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  487.688679][  T941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.696686][  T941] usb 3-1: Product: syz
[  487.710544][ T5233] Bluetooth: hci5: ISO packet for unknown connection handle 3300
[  487.719059][ T5233] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  487.727586][  T941] usb 3-1: Manufacturer: syz
[  487.807736][  T941] usb 3-1: SerialNumber: syz
[  487.834809][  T941] usb 3-1: config 0 descriptor??
[  487.864386][  T941] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  487.903315][  T941] usb 3-1: setting power ON
[  487.923615][  T941] dvb-usb: bulk message failed: -22 (2/0)
[  487.963577][  T941] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  488.005877][  T941] dvb_usb_cxusb 3-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  488.363198][T10070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  488.731405][T10070] veth0_vlan: entered promiscuous mode
[  488.791139][T10070] veth1_vlan: entered promiscuous mode
[  488.920194][T10070] veth0_macvtap: entered promiscuous mode
[  489.237310][T10225] blktrace: Concurrent blktraces are not allowed on loop0
[  489.838658][T10070] veth1_macvtap: entered promiscuous mode
[  489.925399][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.938553][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.948505][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.959050][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.969304][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.979827][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.989911][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.004711][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.023852][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.062384][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.128004][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.189918][T10231] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1222'.
[  490.198987][T10231] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1222'.
[  490.208163][T10231] netlink: 'syz.2.1222': attribute type 5 has an invalid length.
[  490.215894][T10231] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1222'.
[  490.382842][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.750019][T10070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.864911][T10233] netlink: 'syz.3.1231': attribute type 12 has an invalid length.
[  490.959650][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  490.975686][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.028375][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.115347][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.131479][ T5222] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  491.181167][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.252387][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.262823][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.275257][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.291526][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.304026][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.314723][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.332485][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.344947][T10070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.366037][ T5222] usb 4-1: string descriptor 0 read error: -22
[  491.383980][ T5222] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  491.404297][T10070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.422792][ T5222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.441021][T10070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  491.461153][ T5222] usb 4-1: config 0 descriptor??
[  491.490623][T10070] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  491.503680][ T5222] usb 4-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  491.521805][ T5222] usb 4-1: No valid video chain found.
[  491.536584][T10070] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  491.580309][T10070] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  491.604793][T10070] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  491.698592][ T5222] usb 3-1: USB disconnect, device number 39
[  492.035477][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.087407][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.188859][ T6973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.256555][ T6973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.529852][ T5233] Bluetooth: hci6: SCO packet for unknown connection handle 200
[  492.996244][T10262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1238'.
[  493.155841][ T5274] usb 4-1: USB disconnect, device number 46
[  493.679670][ T5233] Bluetooth: hci6: unexpected event for opcode 0x042c
[  493.711742][   T29] audit: type=1326 audit(491.683:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10272 comm="syz.1.1244" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63fd3773b9 code=0x0
[  493.795771][ T5233] Bluetooth: hci3: link tx timeout
[  493.801618][ T5233] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[  493.814498][ T5233] Bluetooth: hci3: link tx timeout
[  493.822306][ T5233] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  494.073156][  T941] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  494.330933][  T941] usb 2-1: Using ep0 maxpacket: 8
[  494.340497][  T941] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  494.351946][  T941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.364664][  T941] usb 2-1: Product: syz
[  494.369119][  T941] usb 2-1: Manufacturer: syz
[  494.373711][  T941] usb 2-1: SerialNumber: syz
[  494.391760][  T941] usb 2-1: config 0 descriptor??
[  494.458957][  T941] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  494.524861][  T941] usb 2-1: setting power ON
[  494.552941][  T941] dvb-usb: bulk message failed: -22 (2/0)
[  494.614369][  T941] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  494.684442][  T941] dvb_usb_cxusb 2-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  494.935859][T10285] blktrace: Concurrent blktraces are not allowed on loop0
[  495.882751][T10276] Bluetooth: hci3: command 0x0406 tx timeout
[  500.711562][ T5331] usb 2-1: USB disconnect, device number 35
[  500.933946][T10307] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1249'.
[  501.111678][T10312] netlink: 'syz.3.1251': attribute type 12 has an invalid length.
[  501.332977][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1252'.
[  501.515175][ T5331] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  501.911984][T10328] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1255'.
[  502.745060][ T5331] usb 4-1: string descriptor 0 read error: -22
[  502.751388][ T5331] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  502.770385][ T5331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.783505][ T5331] usb 4-1: config 0 descriptor??
[  502.789466][T10276] Bluetooth: hci3: command 0x0406 tx timeout
[  502.798867][ T5331] usb 4-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  502.814866][ T5331] usb 4-1: No valid video chain found.
[  503.016963][T10339] FAULT_INJECTION: forcing a failure.
[  503.016963][T10339] name failslab, interval 1, probability 0, space 0, times 0
[  503.063743][T10339] CPU: 1 UID: 0 PID: 10339 Comm: syz.2.1257 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  503.074561][T10339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  503.084639][T10339] Call Trace:
[  503.087938][T10339]  <TASK>
[  503.090884][T10339]  dump_stack_lvl+0x241/0x360
[  503.095595][T10339]  ? __pfx_dump_stack_lvl+0x10/0x10
[  503.100817][T10339]  ? __pfx__printk+0x10/0x10
[  503.105425][T10339]  ? __kmalloc_noprof+0xb0/0x400
[  503.110384][T10339]  ? __pfx___might_resched+0x10/0x10
[  503.115690][T10339]  should_fail_ex+0x3b0/0x4e0
[  503.120390][T10339]  ? pfkey_add+0x1453/0x3030
[  503.124995][T10339]  should_failslab+0xac/0x100
[  503.129688][T10339]  ? pfkey_add+0x1453/0x3030
[  503.134298][T10339]  __kmalloc_noprof+0xd8/0x400
[  503.139087][T10339]  pfkey_add+0x1453/0x3030
[  503.143536][T10339]  ? __pfx_pfkey_add+0x10/0x10
[  503.148322][T10339]  ? pfkey_broadcast+0x45/0x400
[  503.153188][T10339]  ? pfkey_broadcast+0x3e3/0x400
[  503.158148][T10339]  pfkey_sendmsg+0xbcc/0x1050
[  503.162857][T10339]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  503.168016][T10339]  ? __might_fault+0xaa/0x120
[  503.172712][T10339]  ? __pfx_lock_release+0x10/0x10
[  503.177752][T10339]  ? __import_iovec+0x536/0x820
[  503.182620][T10339]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  503.187921][T10339]  ? security_socket_sendmsg+0x87/0xb0
[  503.193403][T10339]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  503.198533][T10339]  __sock_sendmsg+0x221/0x270
[  503.203229][T10339]  ____sys_sendmsg+0x525/0x7d0
[  503.208016][T10339]  ? __pfx_____sys_sendmsg+0x10/0x10
[  503.213328][T10339]  __sys_sendmsg+0x2b0/0x3a0
[  503.217933][T10339]  ? __pfx___sys_sendmsg+0x10/0x10
[  503.223055][T10339]  ? vfs_write+0x7c4/0xc90
[  503.227530][T10339]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  503.233882][T10339]  ? do_syscall_64+0x100/0x230
[  503.238669][T10339]  ? do_syscall_64+0xb6/0x230
[  503.243364][T10339]  do_syscall_64+0xf3/0x230
[  503.247890][T10339]  ? clear_bhb_loop+0x35/0x90
[  503.252588][T10339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.258510][T10339] RIP: 0033:0x7f35fed773b9
[  503.262937][T10339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  503.282561][T10339] RSP: 002b:00007f35ffb83048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  503.290996][T10339] RAX: ffffffffffffffda RBX: 00007f35fef05f80 RCX: 00007f35fed773b9
[  503.298979][T10339] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006
[  503.306960][T10339] RBP: 00007f35ffb830a0 R08: 0000000000000000 R09: 0000000000000000
[  503.314941][T10339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  503.322926][T10339] R13: 000000000000000b R14: 00007f35fef05f80 R15: 00007fff9ec836e8
[  503.330930][T10339]  </TASK>
[  503.999182][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[  504.005528][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  504.170387][T10356] blktrace: Concurrent blktraces are not allowed on loop0
[  504.781157][   T29] audit: type=1326 audit(501.996:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10352 comm="syz.0.1263" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35275773b9 code=0x0
[  504.809072][ T5331] usb 4-1: USB disconnect, device number 47
[  505.162839][ T1177] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  506.898909][ T1177] usb 1-1: Using ep0 maxpacket: 8
[  506.959671][ T1177] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  507.277650][ T1177] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.288862][ T1177] usb 1-1: Product: syz
[  507.319086][ T1177] usb 1-1: Manufacturer: syz
[  507.350003][ T1177] usb 1-1: SerialNumber: syz
[  507.384123][ T1177] usb 1-1: config 0 descriptor??
[  507.574695][ T5233] Bluetooth: hci6: unexpected event for opcode 0x042c
[  507.588273][ T1177] usb 1-1: can't set config #0, error -71
[  507.631160][ T1177] usb 1-1: USB disconnect, device number 29
[  507.963307][T10382] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1269'.
[  508.069925][T10388] Cannot find add_set index 0 as target
[  508.518317][T10276] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  508.529474][T10276] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  508.542254][T10276] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  508.584076][T10276] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  508.602015][T10276] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  508.611296][T10276] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  509.269938][T10412] blktrace: Concurrent blktraces are not allowed on loop0
[  509.878772][T10409] netlink: 'syz.0.1276': attribute type 12 has an invalid length.
[  509.907848][ T5274] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  510.128529][ T5274] usb 3-1: Using ep0 maxpacket: 8
[  510.138016][ T5274] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  510.165268][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.179272][ T5274] usb 3-1: Product: syz
[  510.183469][ T5274] usb 3-1: Manufacturer: syz
[  510.188206][ T5274] usb 3-1: SerialNumber: syz
[  510.195814][ T5274] usb 3-1: config 0 descriptor??
[  510.207294][ T5274] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  510.229152][ T5274] usb 3-1: setting power ON
[  510.233735][ T5274] dvb-usb: bulk message failed: -22 (2/0)
[  510.261010][ T5274] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  510.276518][ T5222] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  510.285302][ T5274] dvb_usb_cxusb 3-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  510.385253][ T5331] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  510.481662][ T5222] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[  510.514954][ T5222] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.712371][ T5222] usb 4-1: config 0 descriptor??
[  510.732097][ T5233] Bluetooth: hci7: command tx timeout
[  510.777893][ T5331] usb 1-1: string descriptor 0 read error: -22
[  511.365471][T10421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1280'.
[  511.418241][ T5222] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  511.421756][ T5331] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  511.528062][ T5331] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.609438][ T5222] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  511.617166][ T5331] usb 1-1: config 0 descriptor??
[  511.656843][ T5222] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  511.679091][ T5331] usb 1-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  511.743850][ T5331] usb 1-1: No valid video chain found.
[  511.749870][T10396] chnl_net:caif_netlink_parms(): no params data found
[  511.908402][ T5331] usb 1-1: USB disconnect, device number 30
[  512.451553][T10396] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.481495][T10396] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.545201][T10396] bridge_slave_0: entered allmulticast mode
[  512.576498][ T5222] usb 3-1: USB disconnect, device number 40
[  512.630575][T10396] bridge_slave_0: entered promiscuous mode
[  512.683269][T10396] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.746535][T10396] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.833855][ T5233] Bluetooth: hci7: command tx timeout
[  512.843218][T10396] bridge_slave_1: entered allmulticast mode
[  512.851607][T10396] bridge_slave_1: entered promiscuous mode
[  512.930027][T10441] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1282'.
[  513.017795][T10396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  513.028079][ T5222] usb 4-1: USB disconnect, device number 48
[  513.060375][T10396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  513.264011][T10396] team0: Port device team_slave_0 added
[  513.305808][T10396] team0: Port device team_slave_1 added
[  513.546699][T10451] FAULT_INJECTION: forcing a failure.
[  513.546699][T10451] name failslab, interval 1, probability 0, space 0, times 0
[  513.575474][T10396] batman_adv: batadv0: Adding interface: batadv_slave_0
[  513.593604][T10451] CPU: 1 UID: 0 PID: 10451 Comm: syz.0.1287 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  513.604403][T10451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  513.614471][T10451] Call Trace:
[  513.617761][T10451]  <TASK>
[  513.620701][T10451]  dump_stack_lvl+0x241/0x360
[  513.625405][T10451]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.629167][T10396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  513.630603][T10451]  ? __pfx__printk+0x10/0x10
[  513.630638][T10451]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  513.667031][T10451]  ? __pfx___might_resched+0x10/0x10
[  513.672343][T10451]  should_fail_ex+0x3b0/0x4e0
[  513.677039][T10451]  should_failslab+0xac/0x100
[  513.681728][T10451]  ? __alloc_skb+0x1c3/0x440
[  513.686314][T10451]  kmem_cache_alloc_node_noprof+0x71/0x320
[  513.692117][T10451]  __alloc_skb+0x1c3/0x440
[  513.696529][T10451]  ? __pfx___alloc_skb+0x10/0x10
[  513.701466][T10451]  ? netlink_ack_tlv_len+0x6e/0x200
[  513.706658][T10451]  netlink_ack+0x13f/0xa30
[  513.711066][T10451]  ? __pfx_lock_acquire+0x10/0x10
[  513.716083][T10451]  ? __pfx_fou_nl_del_doit+0x10/0x10
[  513.721369][T10451]  netlink_rcv_skb+0x262/0x430
[  513.726126][T10451]  ? __pfx_genl_rcv_msg+0x10/0x10
[  513.731140][T10451]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  513.736424][T10451]  ? __netlink_deliver_tap+0x77e/0x7c0
[  513.741886][T10451]  genl_rcv+0x28/0x40
[  513.745856][T10451]  netlink_unicast+0x7f0/0x990
[  513.750625][T10451]  ? __pfx_netlink_unicast+0x10/0x10
[  513.755900][T10451]  ? __virt_addr_valid+0x183/0x530
[  513.761006][T10451]  ? __check_object_size+0x49c/0x900
[  513.766285][T10451]  ? bpf_lsm_netlink_send+0x9/0x10
[  513.771390][T10451]  netlink_sendmsg+0x8e4/0xcb0
[  513.776158][T10451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.781441][T10451]  ? __import_iovec+0x536/0x820
[  513.786287][T10451]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  513.791562][T10451]  ? security_socket_sendmsg+0x87/0xb0
[  513.797011][T10451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.802286][T10451]  __sock_sendmsg+0x221/0x270
[  513.806959][T10451]  ____sys_sendmsg+0x525/0x7d0
[  513.811719][T10451]  ? __pfx_____sys_sendmsg+0x10/0x10
[  513.817003][T10451]  __sys_sendmsg+0x2b0/0x3a0
[  513.821583][T10451]  ? __pfx___sys_sendmsg+0x10/0x10
[  513.826691][T10451]  ? vfs_write+0x7c4/0xc90
[  513.831128][T10451]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  513.837452][T10451]  ? do_syscall_64+0x100/0x230
[  513.842212][T10451]  ? do_syscall_64+0xb6/0x230
[  513.846881][T10451]  do_syscall_64+0xf3/0x230
[  513.851400][T10451]  ? clear_bhb_loop+0x35/0x90
[  513.856109][T10451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.862017][T10451] RIP: 0033:0x7f35275773b9
[  513.866429][T10451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.886026][T10451] RSP: 002b:00007f3528400048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  513.894435][T10451] RAX: ffffffffffffffda RBX: 00007f3527705f80 RCX: 00007f35275773b9
[  513.902400][T10451] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[  513.910362][T10451] RBP: 00007f35284000a0 R08: 0000000000000000 R09: 0000000000000000
[  513.918325][T10451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.926284][T10451] R13: 000000000000000b R14: 00007f3527705f80 R15: 00007ffcd9621eb8
[  513.934260][T10451]  </TASK>
[  513.969943][T10396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  514.002309][T10396] batman_adv: batadv0: Adding interface: batadv_slave_1
[  514.009289][T10396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  514.126396][T10396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  514.221580][T10453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  514.468309][T10396] hsr_slave_0: entered promiscuous mode
[  514.533253][T10456] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  514.533273][T10396] hsr_slave_1: entered promiscuous mode
[  514.578532][T10396] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  514.627995][T10396] Cannot create hsr debugfs directory
[  514.634538][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1288'.
[  514.722204][ T1177] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  514.905654][ T5233] Bluetooth: hci7: command tx timeout
[  514.939937][ T1177] usb 3-1: New USB device found, idVendor=1039, idProduct=2121, bcdDevice=9e.ff
[  514.969078][T10468] netlink: 'syz.0.1292': attribute type 12 has an invalid length.
[  515.009779][ T1177] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.062251][ T1177] usb 3-1: Product: syz
[  515.072393][ T1177] usb 3-1: Manufacturer: syz
[  515.094753][ T1177] usb 3-1: SerialNumber: syz
[  515.133733][ T1177] usb 3-1: config 0 descriptor??
[  515.156367][ T1177] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2121) Rev (0X9EFF): Eagle II
[  515.464350][    T8] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  515.596870][T10396] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.671148][    T8] usb 1-1: string descriptor 0 read error: -22
[  515.682452][    T8] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  515.693462][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.726695][    T8] usb 1-1: config 0 descriptor??
[  515.736093][    T8] usb 1-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  515.743150][    T8] usb 1-1: No valid video chain found.
[  516.043752][ T1177] usb 3-1: reset high-speed USB device number 41 using dummy_hcd
[  516.097317][T10396] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.187551][  T941] usb 1-1: USB disconnect, device number 31
[  516.193870][T10475] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1295'.
[  516.319667][ T1177] usb 3-1: [ueagle-atm] pre-firmware device, uploading firmware
[  516.360027][ T1177] usb 3-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  516.429582][T10396] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.469842][    T8] usb 3-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  516.513349][    T8] usb 3-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  516.769976][T10396] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.901438][T10453] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1288'.
[  516.947609][ T5330] usb 3-1: USB disconnect, device number 41
[  516.970480][T10484] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1297'.
[  516.988807][ T5233] Bluetooth: hci7: command tx timeout
[  517.693356][T10276] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  517.706984][T10276] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  517.721150][T10276] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  517.771446][T10276] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  517.784064][T10276] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  517.808435][T10276] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  518.325125][  T941] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  518.584059][  T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.623985][T10396] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  518.663290][  T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  518.734740][T10396] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  518.763545][  T941] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  518.767118][T10396] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  518.794317][  T941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.881328][T10396] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  518.905498][  T941] usb 4-1: config 0 descriptor??
[  519.644756][  T941] usbhid 4-1:0.0: can't add hid device: -71
[  519.709500][  T941] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  519.787691][  T941] usb 4-1: USB disconnect, device number 49
[  519.876695][T10276] Bluetooth: hci1: command tx timeout
[  519.896908][T10396] 8021q: adding VLAN 0 to HW filter on device bond0
[  520.060285][T10485] chnl_net:caif_netlink_parms(): no params data found
[  520.195692][T10396] 8021q: adding VLAN 0 to HW filter on device team0
[  520.560895][T10514] FAULT_INJECTION: forcing a failure.
[  520.560895][T10514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  520.600149][ T5222] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.607298][ T5222] bridge0: port 1(bridge_slave_0) entered forwarding state
[  520.663338][T10514] CPU: 0 UID: 0 PID: 10514 Comm: syz.2.1306 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  520.674147][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  520.684214][T10514] Call Trace:
[  520.687504][T10514]  <TASK>
[  520.690446][T10514]  dump_stack_lvl+0x241/0x360
[  520.695150][T10514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  520.700373][T10514]  ? __pfx__printk+0x10/0x10
[  520.704983][T10514]  ? __pfx_lock_release+0x10/0x10
[  520.710037][T10514]  should_fail_ex+0x3b0/0x4e0
[  520.714734][T10514]  _copy_from_user+0x2f/0xe0
[  520.719348][T10514]  copy_msghdr_from_user+0xae/0x680
[  520.724576][T10514]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  520.730418][T10514]  __sys_sendmsg+0x23d/0x3a0
[  520.735036][T10514]  ? __pfx___sys_sendmsg+0x10/0x10
[  520.740163][T10514]  ? vfs_write+0x7c4/0xc90
[  520.744633][T10514]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  520.750982][T10514]  ? do_syscall_64+0x100/0x230
[  520.755775][T10514]  ? do_syscall_64+0xb6/0x230
[  520.760476][T10514]  do_syscall_64+0xf3/0x230
[  520.764987][T10514]  ? clear_bhb_loop+0x35/0x90
[  520.769679][T10514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.775594][T10514] RIP: 0033:0x7f35fed773b9
[  520.780022][T10514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.799646][T10514] RSP: 002b:00007f35ffb83048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  520.808075][T10514] RAX: ffffffffffffffda RBX: 00007f35fef05f80 RCX: 00007f35fed773b9
[  520.816061][T10514] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[  520.824048][T10514] RBP: 00007f35ffb830a0 R08: 0000000000000000 R09: 0000000000000000
[  520.832039][T10514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.840060][T10514] R13: 000000000000000b R14: 00007f35fef05f80 R15: 00007fff9ec836e8
[  520.848062][T10514]  </TASK>
[  521.030887][ T5222] bridge0: port 2(bridge_slave_1) entered blocking state
[  521.038077][ T5222] bridge0: port 2(bridge_slave_1) entered forwarding state
[  521.108196][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1307'.
[  521.548351][T10525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1309'.
[  521.691150][  T941] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  521.906444][  T941] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  521.920299][  T941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.973376][T10276] Bluetooth: hci1: command tx timeout
[  522.022241][  T941] usb 1-1: config 0 descriptor??
[  522.050091][  T941] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  522.406228][T10485] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.450861][T10485] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.496597][T10485] bridge_slave_0: entered allmulticast mode
[  522.548483][T10485] bridge_slave_0: entered promiscuous mode
[  522.611204][T10485] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.701512][T10485] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.740592][T10485] bridge_slave_1: entered allmulticast mode
[  522.813369][T10485] bridge_slave_1: entered promiscuous mode
[  523.119703][  T941] gspca_stv06xx: I2C: Read error writing address: -71
[  523.253289][  T941] usb 1-1: USB disconnect, device number 32
[  523.305682][T10485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  523.390978][T10485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  523.798226][T10485] team0: Port device team_slave_0 added
[  523.874838][T10485] team0: Port device team_slave_1 added
[  524.047115][T10276] Bluetooth: hci1: command tx timeout
[  524.251498][T10538] XFS (nullb0): Invalid superblock magic number
[  524.439220][T10485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  524.502956][T10485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.668714][T10485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  524.739113][T10485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  524.774778][T10485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.939682][T10485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  526.133090][T10276] Bluetooth: hci1: command tx timeout
[  526.499538][T10276] Bluetooth: hci6: unexpected event for opcode 0x042c
[  526.769184][T10485] hsr_slave_0: entered promiscuous mode
[  526.824733][T10485] hsr_slave_1: entered promiscuous mode
[  526.868480][T10485] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  526.925230][T10485] Cannot create hsr debugfs directory
[  527.231030][T10567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1318'.
[  527.299822][T10396] 8021q: adding VLAN 0 to HW filter on device batadv0
[  527.399991][  T941] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  527.611112][  T941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  527.656810][  T941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  527.736205][  T941] usb 1-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  527.830967][  T941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.881804][  T941] usb 1-1: config 0 descriptor??
[  528.149071][T10485] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.152288][T10485] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.407594][  T941] usbhid 1-1:0.0: can't add hid device: -71
[  530.458353][  T941] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  530.509637][  T941] usb 1-1: USB disconnect, device number 33
[  530.884767][T10485] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.325546][T10485] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.939866][T10595] blktrace: Concurrent blktraces are not allowed on loop0
[  532.146290][T10588] netlink: 'syz.2.1323': attribute type 12 has an invalid length.
[  532.342535][T10396] veth0_vlan: entered promiscuous mode
[  532.387292][ T5275] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  532.399062][T10396] veth1_vlan: entered promiscuous mode
[  532.589451][T10602] FAULT_INJECTION: forcing a failure.
[  532.589451][T10602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.603386][T10602] CPU: 0 UID: 0 PID: 10602 Comm: syz.0.1325 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  532.614172][T10602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  532.624237][T10602] Call Trace:
[  532.627524][T10602]  <TASK>
[  532.630467][T10602]  dump_stack_lvl+0x241/0x360
[  532.635167][T10602]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.640382][T10602]  ? __pfx__printk+0x10/0x10
[  532.644990][T10602]  ? __pfx_lock_release+0x10/0x10
[  532.650038][T10602]  should_fail_ex+0x3b0/0x4e0
[  532.654726][T10602]  _copy_from_user+0x2f/0xe0
[  532.659332][T10602]  iommufd_fops_ioctl+0x47e/0x5a0
[  532.664375][T10602]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  532.669951][T10602]  ? bpf_lsm_file_ioctl+0x9/0x10
[  532.674902][T10602]  ? security_file_ioctl+0x87/0xb0
[  532.680023][T10602]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  532.685581][T10602]  __se_sys_ioctl+0xfc/0x170
[  532.690183][T10602]  do_syscall_64+0xf3/0x230
[  532.694695][T10602]  ? clear_bhb_loop+0x35/0x90
[  532.699386][T10602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.705289][T10602] RIP: 0033:0x7f35275773b9
[  532.709709][T10602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.729320][T10602] RSP: 002b:00007f35283be048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  532.737740][T10602] RAX: ffffffffffffffda RBX: 00007f3527706130 RCX: 00007f35275773b9
[  532.745716][T10602] RDX: 0000000020000180 RSI: 0000000000003ba0 RDI: 0000000000000006
[  532.753692][T10602] RBP: 00007f35283be0a0 R08: 0000000000000000 R09: 0000000000000000
[  532.761667][T10602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.769645][T10602] R13: 000000000000006e R14: 00007f3527706130 R15: 00007ffcd9621eb8
[  532.777645][T10602]  </TASK>
[  533.045064][ T5275] usb 3-1: string descriptor 0 read error: -22
[  533.196856][T10396] veth0_macvtap: entered promiscuous mode
[  533.251873][ T5275] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  533.308665][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.334749][ T5275] usb 3-1: config 0 descriptor??
[  533.376517][ T5275] usb 3-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  533.405927][T10603] Unsupported ieee802154 address type: 0
[  533.426853][ T5275] usb 3-1: No valid video chain found.
[  533.524409][T10396] veth1_macvtap: entered promiscuous mode
[  533.646003][T10605] netlink: 'syz.0.1327': attribute type 12 has an invalid length.
[  533.892273][T10485] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  533.929302][ T5275] usb 3-1: USB disconnect, device number 42
[  533.988142][T10485] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  534.294429][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.314456][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.326414][ T5222] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  534.341587][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.355433][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.373042][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.392023][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.408922][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.425367][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.440184][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.455944][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.471918][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.502449][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.517863][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  534.533714][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.549502][T10396] batman_adv: batadv0: Interface activated: batadv_slave_0
[  534.557010][ T5222] usb 1-1: string descriptor 0 read error: -22
[  534.557760][ T5222] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  534.557787][ T5222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.592688][ T5222] usb 1-1: config 0 descriptor??
[  534.602030][T10485] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  534.623809][ T5222] usb 1-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  534.662178][ T5222] usb 1-1: No valid video chain found.
[  534.727773][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  534.741656][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.758447][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  534.774513][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  534.789642][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  534.944101][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.022930][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  535.112216][ T5330] usb 1-1: USB disconnect, device number 34
[  535.134198][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.182754][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  535.248488][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.322063][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  535.382591][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.423144][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  535.479818][T10615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1330'.
[  535.493213][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.503063][T10396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  535.609124][T10396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  535.719964][T10396] batman_adv: batadv0: Interface activated: batadv_slave_1
[  535.783347][T10485] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  535.917325][T10396] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.008646][T10396] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.061064][T10396] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.102825][T10396] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  537.489035][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.584184][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.339257][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.554172][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.729994][T10485] 8021q: adding VLAN 0 to HW filter on device bond0
[  539.038391][T10485] 8021q: adding VLAN 0 to HW filter on device team0
[  539.153101][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.160331][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state
[  539.261879][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.269151][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state
[  540.098199][T10641] blktrace: Concurrent blktraces are not allowed on loop0
[  540.719111][T10276] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  540.752451][ T5233] Bluetooth: hci6: unexpected event for opcode 0x042c
[  540.770121][T10647] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1265'.
[  541.612821][T10660] FAULT_INJECTION: forcing a failure.
[  541.612821][T10660] name failslab, interval 1, probability 0, space 0, times 0
[  541.699312][T10660] CPU: 1 UID: 0 PID: 10660 Comm: syz.3.1340 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  541.710118][T10660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  541.720168][T10660] Call Trace:
[  541.723439][T10660]  <TASK>
[  541.726360][T10660]  dump_stack_lvl+0x241/0x360
[  541.731048][T10660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.736240][T10660]  ? __pfx__printk+0x10/0x10
[  541.740832][T10660]  ? __kmalloc_node_track_caller_noprof+0xb2/0x440
[  541.747331][T10660]  ? __pfx___might_resched+0x10/0x10
[  541.752613][T10660]  should_fail_ex+0x3b0/0x4e0
[  541.757284][T10660]  should_failslab+0xac/0x100
[  541.761956][T10660]  __kmalloc_node_track_caller_noprof+0xda/0x440
[  541.768278][T10660]  ? __request_module+0x2d5/0x650
[  541.773300][T10660]  ? __request_module+0x2b9/0x650
[  541.778321][T10660]  kstrdup+0x3a/0x80
[  541.782210][T10660]  __request_module+0x2d5/0x650
[  541.787058][T10660]  ? sock_diag_rcv_msg+0x53/0x5f0
[  541.792074][T10660]  ? __pfx___request_module+0x10/0x10
[  541.797452][T10660]  ? sock_is_registered+0x38/0x90
[  541.802471][T10660]  sock_diag_rcv_msg+0x42f/0x5f0
[  541.807407][T10660]  netlink_rcv_skb+0x1e3/0x430
[  541.812172][T10660]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  541.817626][T10660]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  541.822922][T10660]  ? netlink_deliver_tap+0x2e/0x1b0
[  541.828120][T10660]  netlink_unicast+0x7f0/0x990
[  541.832898][T10660]  ? __pfx_netlink_unicast+0x10/0x10
[  541.838174][T10660]  ? __virt_addr_valid+0x183/0x530
[  541.843280][T10660]  ? __check_object_size+0x49c/0x900
[  541.848555][T10660]  ? bpf_lsm_netlink_send+0x9/0x10
[  541.853660][T10660]  netlink_sendmsg+0x8e4/0xcb0
[  541.858432][T10660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.863715][T10660]  ? __import_iovec+0x536/0x820
[  541.868572][T10660]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  541.873852][T10660]  ? security_socket_sendmsg+0x87/0xb0
[  541.879305][T10660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.884587][T10660]  __sock_sendmsg+0x221/0x270
[  541.889259][T10660]  ____sys_sendmsg+0x525/0x7d0
[  541.894020][T10660]  ? __pfx_____sys_sendmsg+0x10/0x10
[  541.899306][T10660]  __sys_sendmsg+0x2b0/0x3a0
[  541.903898][T10660]  ? __pfx___sys_sendmsg+0x10/0x10
[  541.909001][T10660]  ? vfs_write+0x7c4/0xc90
[  541.913442][T10660]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  541.919765][T10660]  ? do_syscall_64+0x100/0x230
[  541.924527][T10660]  ? do_syscall_64+0xb6/0x230
[  541.929197][T10660]  do_syscall_64+0xf3/0x230
[  541.933696][T10660]  ? clear_bhb_loop+0x35/0x90
[  541.938371][T10660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.944262][T10660] RIP: 0033:0x7f99ec1773b9
[  541.948675][T10660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.968273][T10660] RSP: 002b:00007f99ecfeb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.976683][T10660] RAX: ffffffffffffffda RBX: 00007f99ec305f80 RCX: 00007f99ec1773b9
[  541.984644][T10660] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  541.992610][T10660] RBP: 00007f99ecfeb0a0 R08: 0000000000000000 R09: 0000000000000000
[  542.000568][T10660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.008528][T10660] R13: 000000000000000b R14: 00007f99ec305f80 R15: 00007ffce396afe8
[  542.016500][T10660]  </TASK>
[  542.381802][T10485] 8021q: adding VLAN 0 to HW filter on device batadv0
[  542.499493][T10658] sctp: [Deprecated]: syz.2.1341 (pid 10658) Use of struct sctp_assoc_value in delayed_ack socket option.
[  542.499493][T10658] Use struct sctp_sack_info instead
[  542.809217][T10485] veth0_vlan: entered promiscuous mode
[  543.068245][T10667] mkiss: ax0: crc mode is auto.
[  543.088817][T10485] veth1_vlan: entered promiscuous mode
[  544.253878][T10485] veth0_macvtap: entered promiscuous mode
[  544.308424][T10485] veth1_macvtap: entered promiscuous mode
[  544.549002][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.084576][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.675926][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.771073][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.823902][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.889818][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.917339][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  546.167641][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.181383][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  546.201200][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.345909][T10694] blktrace: Concurrent blktraces are not allowed on loop0
[  547.151250][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  547.209683][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.274324][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  547.311735][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.326974][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  547.342767][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.360247][T10485] batman_adv: batadv0: Interface activated: batadv_slave_0
[  547.387901][T10686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1348'.
[  547.626562][T10276] Bluetooth: hci6: unexpected event for opcode 0x042c
[  547.754613][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  547.831696][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.847076][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  547.862526][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.875483][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  547.917724][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.943649][T10704] netlink: 'syz.3.1352': attribute type 1 has an invalid length.
[  547.951408][T10704] netlink: 9116 bytes leftover after parsing attributes in process `syz.3.1352'.
[  547.985768][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.013106][T10704] netlink: 'syz.3.1352': attribute type 2 has an invalid length.
[  548.025122][T10704] netlink: 185 bytes leftover after parsing attributes in process `syz.3.1352'.
[  548.028615][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.264107][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.275446][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.381703][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.396754][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.418287][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.446352][T10707] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1351'.
[  548.487223][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.501730][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.569687][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.636388][T10485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.675953][T10485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.735493][T10485] batman_adv: batadv0: Interface activated: batadv_slave_1
[  548.803389][T10485] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  548.825483][T10485] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  548.838099][T10485] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  548.850483][T10485] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  549.244781][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.302608][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.477301][ T6183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.516528][ T6183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.249007][T10733] blktrace: Concurrent blktraces are not allowed on loop0
[  552.408544][T10743] blktrace: Concurrent blktraces are not allowed on loop0
[  552.543439][T10745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1361'.
[  553.493480][T10757] 9pnet_fd: Insufficient options for proto=fd
[  554.436780][ T1177] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  555.844347][T10782] blktrace: Concurrent blktraces are not allowed on loop0
[  556.259268][ T1177] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  556.311765][ T1177] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  556.438766][ T1177] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  556.450355][T10787] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  556.493089][ T1177] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  556.501130][ T1177] usb 1-1: SerialNumber: syz
[  556.762570][T10767] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  556.795414][T10793] ipip0: entered promiscuous mode
[  556.940580][T10797] blktrace: Concurrent blktraces are not allowed on loop0
[  557.712513][ T1177] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  557.836816][T10800] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1379'.
[  557.848211][ T1177] usb 1-1: USB disconnect, device number 35
[  557.909901][T10804] FAULT_INJECTION: forcing a failure.
[  557.909901][T10804] name failslab, interval 1, probability 0, space 0, times 0
[  558.094772][T10804] CPU: 1 UID: 0 PID: 10804 Comm: syz.4.1376 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  558.105588][T10804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  558.115657][T10804] Call Trace:
[  558.118946][T10804]  <TASK>
[  558.121883][T10804]  dump_stack_lvl+0x241/0x360
[  558.126587][T10804]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.131804][T10804]  ? __pfx__printk+0x10/0x10
[  558.136409][T10804]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  558.142421][T10804]  ? __pfx___might_resched+0x10/0x10
[  558.147729][T10804]  ? tcp_established_options+0x3c1/0x800
[  558.153388][T10804]  should_fail_ex+0x3b0/0x4e0
[  558.158090][T10804]  should_failslab+0xac/0x100
[  558.162788][T10804]  ? __alloc_skb+0x1c3/0x440
[  558.167398][T10804]  kmem_cache_alloc_node_noprof+0x71/0x320
[  558.173228][T10804]  ? tcp_current_mss+0x29b/0x4d0
[  558.178194][T10804]  __alloc_skb+0x1c3/0x440
[  558.182644][T10804]  ? __pfx___alloc_skb+0x10/0x10
[  558.187604][T10804]  ? validate_chain+0x11e/0x5900
[  558.192562][T10804]  tcp_stream_alloc_skb+0x3d/0x310
[  558.197697][T10804]  tcp_sendmsg_locked+0xd6a/0x4e10
[  558.202828][T10804]  ? __lock_acquire+0x137a/0x2040
[  558.207897][T10804]  ? mark_lock+0x9a/0x350
[  558.212272][T10804]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  558.217835][T10804]  ? __local_bh_enable_ip+0x168/0x200
[  558.223233][T10804]  ? do_raw_spin_unlock+0x13c/0x8b0
[  558.228473][T10804]  tcp_sendmsg+0x30/0x50
[  558.232742][T10804]  __sock_sendmsg+0xef/0x270
[  558.237358][T10804]  sock_sendmsg+0x134/0x200
[  558.241881][T10804]  ? __pfx_sock_sendmsg+0x10/0x10
[  558.246916][T10804]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  558.253245][T10804]  ? iov_iter_bvec+0x4e/0x180
[  558.257919][T10804]  splice_to_socket+0xa13/0x10b0
[  558.262870][T10804]  ? __pfx_splice_to_socket+0x10/0x10
[  558.268260][T10804]  ? shmem_file_splice_read+0xbe8/0xd30
[  558.273817][T10804]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  558.279707][T10804]  ? __pfx_splice_to_socket+0x10/0x10
[  558.285074][T10804]  direct_splice_actor+0x11e/0x220
[  558.290187][T10804]  splice_direct_to_actor+0x58e/0xc90
[  558.295570][T10804]  ? __pfx_direct_splice_actor+0x10/0x10
[  558.301199][T10804]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  558.307095][T10804]  ? __fget_files+0x29/0x470
[  558.311681][T10804]  ? __pfx_lock_release+0x10/0x10
[  558.316703][T10804]  do_splice_direct+0x28c/0x3e0
[  558.321555][T10804]  ? __pfx_do_splice_direct+0x10/0x10
[  558.326925][T10804]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  558.332810][T10804]  ? security_file_permission+0x7f/0xa0
[  558.338366][T10804]  ? rw_verify_area+0x1d2/0x6b0
[  558.343219][T10804]  do_sendfile+0x56d/0xe20
[  558.347635][T10804]  ? __might_fault+0xaa/0x120
[  558.352307][T10804]  ? __pfx_do_sendfile+0x10/0x10
[  558.357245][T10804]  ? __might_fault+0xc6/0x120
[  558.361935][T10804]  __se_sys_sendfile64+0x100/0x1e0
[  558.367057][T10804]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  558.372686][T10804]  ? do_syscall_64+0x100/0x230
[  558.377447][T10804]  ? do_syscall_64+0xb6/0x230
[  558.382122][T10804]  do_syscall_64+0xf3/0x230
[  558.386634][T10804]  ? clear_bhb_loop+0x35/0x90
[  558.391319][T10804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.397211][T10804] RIP: 0033:0x7f9fafd773b9
[  558.401624][T10804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.421235][T10804] RSP: 002b:00007f9fb0ac0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  558.429648][T10804] RAX: ffffffffffffffda RBX: 00007f9faff05f80 RCX: 00007f9fafd773b9
[  558.437622][T10804] RDX: 0000000020000100 RSI: 0000000000000004 RDI: 0000000000000003
[  558.445595][T10804] RBP: 00007f9fb0ac00a0 R08: 0000000000000000 R09: 0000000000000000
[  558.453562][T10804] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000001
[  558.461525][T10804] R13: 000000000000000b R14: 00007f9faff05f80 R15: 00007fffe5691028
[  558.469502][T10804]  </TASK>
[  558.797009][T10276] Bluetooth: hci6: unexpected event for opcode 0x042c
[  559.320547][T10821] fuse: Bad value for 'group_id'
[  559.329837][T10821] fuse: Bad value for 'group_id'
[  559.800821][T10829] blktrace: Concurrent blktraces are not allowed on loop0
[  560.765539][T10837] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  560.866273][T10824] mkiss: ax0: crc mode is auto.
[  561.321537][T10845] blktrace: Concurrent blktraces are not allowed on loop0
[  562.376067][ T5275] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  562.640273][T10854] FAULT_INJECTION: forcing a failure.
[  562.640273][T10854] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.677325][ T5275] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  562.711270][T10854] CPU: 0 UID: 0 PID: 10854 Comm: syz.2.1392 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  562.722067][T10854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  562.732131][T10854] Call Trace:
[  562.735418][T10854]  <TASK>
[  562.738357][T10854]  dump_stack_lvl+0x241/0x360
[  562.743061][T10854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.748274][T10854]  ? __pfx__printk+0x10/0x10
[  562.752883][T10854]  ? __pfx_lock_release+0x10/0x10
[  562.757938][T10854]  should_fail_ex+0x3b0/0x4e0
[  562.762635][T10854]  _copy_from_iter+0x1f6/0x1960
[  562.767501][T10854]  ? __virt_addr_valid+0x183/0x530
[  562.772625][T10854]  ? __pfx_lock_release+0x10/0x10
[  562.777672][T10854]  ? __alloc_skb+0x28f/0x440
[  562.782291][T10854]  ? __pfx__copy_from_iter+0x10/0x10
[  562.787627][T10854]  ? __virt_addr_valid+0x183/0x530
[  562.792757][T10854]  ? __virt_addr_valid+0x183/0x530
[  562.797882][T10854]  ? __virt_addr_valid+0x45f/0x530
[  562.803009][T10854]  ? __check_object_size+0x49c/0x900
[  562.808322][T10854]  netlink_sendmsg+0x73d/0xcb0
[  562.813123][T10854]  ? __pfx_netlink_sendmsg+0x10/0x10
[  562.818436][T10854]  ? __import_iovec+0x536/0x820
[  562.823302][T10854]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  562.828597][T10854]  ? security_socket_sendmsg+0x87/0xb0
[  562.834072][T10854]  ? __pfx_netlink_sendmsg+0x10/0x10
[  562.839366][T10854]  __sock_sendmsg+0x221/0x270
[  562.844062][T10854]  ____sys_sendmsg+0x525/0x7d0
[  562.848848][T10854]  ? __pfx_____sys_sendmsg+0x10/0x10
[  562.854158][T10854]  __sys_sendmsg+0x2b0/0x3a0
[  562.858764][T10854]  ? __pfx___sys_sendmsg+0x10/0x10
[  562.863884][T10854]  ? vfs_write+0x7c4/0xc90
[  562.868352][T10854]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  562.874699][T10854]  ? do_syscall_64+0x100/0x230
[  562.879479][T10854]  ? do_syscall_64+0xb6/0x230
[  562.884175][T10854]  do_syscall_64+0xf3/0x230
[  562.888688][T10854]  ? clear_bhb_loop+0x35/0x90
[  562.893382][T10854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.899287][T10854] RIP: 0033:0x7f35fed773b9
[  562.903731][T10854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.923345][T10854] RSP: 002b:00007f35ffb83048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  562.931773][T10854] RAX: ffffffffffffffda RBX: 00007f35fef05f80 RCX: 00007f35fed773b9
[  562.939751][T10854] RDX: 0000000000000000 RSI: 0000000020001c40 RDI: 0000000000000004
[  562.947732][T10854] RBP: 00007f35ffb830a0 R08: 0000000000000000 R09: 0000000000000000
[  562.955711][T10854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.963690][T10854] R13: 000000000000000b R14: 00007f35fef05f80 R15: 00007fff9ec836e8
[  562.971692][T10854]  </TASK>
[  562.981181][ T5275] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  563.130034][ T5275] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  563.151373][ T5275] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  563.169321][ T5275] usb 2-1: SerialNumber: syz
[  563.186093][ T5331] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  563.251404][T10843] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  563.457632][ T5331] usb 1-1: Using ep0 maxpacket: 16
[  563.634661][ T5331] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  563.667907][ T5331] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.698986][ T5331] usb 1-1: Product: syz
[  563.718274][ T5331] usb 1-1: Manufacturer: syz
[  563.738635][ T5331] usb 1-1: SerialNumber: syz
[  563.770275][ T5331] r8152-cfgselector 1-1: Unknown version 0x0000
[  563.777817][ T5331] r8152-cfgselector 1-1: config 0 descriptor??
[  569.132412][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[  569.138864][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  569.481576][ T5275] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -110
[  569.491757][ T5331] r8152-cfgselector 1-1: Unknown version 0x0000
[  569.553553][ T5331] r8152-cfgselector 1-1: bad CDC descriptors
[  569.690453][ T5331] r8152-cfgselector 1-1: USB disconnect, device number 36
[  569.965042][ T5270] usb 2-1: USB disconnect, device number 36
[  570.198214][   T29] audit: type=1326 audit(567.792:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10879 comm="syz.3.1401" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99ec1773b9 code=0x0
[  570.409511][ T5222] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  570.446012][T10895] blktrace: Concurrent blktraces are not allowed on loop0
[  570.640860][ T5222] usb 3-1: device descriptor read/64, error -71
[  570.672325][    T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  570.912837][    T9] usb 4-1: Using ep0 maxpacket: 8
[  570.963505][ T5222] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  570.990452][    T9] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  571.044517][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.124360][    T9] usb 4-1: Product: syz
[  571.147262][    T9] usb 4-1: Manufacturer: syz
[  571.184770][ T5222] usb 3-1: device descriptor read/64, error -71
[  571.191100][    T9] usb 4-1: SerialNumber: syz
[  571.270452][    T9] usb 4-1: config 0 descriptor??
[  571.319735][ T5222] usb usb3-port1: attempt power cycle
[  571.328422][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  571.376684][    T9] usb 4-1: setting power ON
[  571.396500][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  571.514397][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  571.574750][    T9] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  571.789156][ T5222] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  572.061514][ T5222] usb 3-1: device descriptor read/8, error -71
[  572.245868][T10910] blktrace: Concurrent blktraces are not allowed on loop0
[  572.332966][ T5222] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  573.052155][T10906] mkiss: ax0: crc mode is auto.
[  573.119400][ T5222] usb 3-1: device descriptor read/8, error -71
[  573.289569][ T5222] usb usb3-port1: unable to enumerate USB device
[  573.365437][ T5270] usb 4-1: USB disconnect, device number 50
[  573.756377][T10921] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1409'.
[  573.764190][T10917] Bluetooth: MGMT ver 1.23
[  573.997762][ T5331] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  574.185567][ T5331] usb 1-1: device descriptor read/64, error -71
[  574.538024][ T5331] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  574.719182][ T5331] usb 1-1: device descriptor read/64, error -71
[  574.860628][ T5331] usb usb1-port1: attempt power cycle
[  575.174917][T10943] tipc: MTU too low for tipc bearer
[  575.932872][T10955] blktrace: Concurrent blktraces are not allowed on loop0
[  577.835593][T10950] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1416'.
[  577.854954][   T29] audit: type=1326 audit(575.410:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1419" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99ec1773b9 code=0x0
[  578.221610][ T5222] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  578.453450][ T5222] usb 4-1: Using ep0 maxpacket: 8
[  578.490589][ T5222] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  578.538573][ T5222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.594203][ T5222] usb 4-1: Product: syz
[  578.598409][ T5222] usb 4-1: Manufacturer: syz
[  578.657040][ T5222] usb 4-1: SerialNumber: syz
[  579.021909][ T5222] usb 4-1: config 0 descriptor??
[  579.208495][ T5222] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  579.264546][ T5222] usb 4-1: setting power ON
[  579.297846][ T5222] dvb-usb: bulk message failed: -22 (2/0)
[  579.491333][ T5222] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-22)
[  579.801208][ T5222] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  581.020575][ T5222] usb 4-1: USB disconnect, device number 51
[  581.225389][    T8] usb 3-1: [UEAGLE-ATM] firmware is not available
[  581.685791][T10987] mkiss: ax0: crc mode is auto.
[  581.685818][T10991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1428'.
[  581.894189][ T1177] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  582.160064][ T1177] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  582.212588][ T1177] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.463595][ T1177] usb 4-1: config 0 descriptor??
[  582.761968][ T5331] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  582.940625][ T5331] usb 1-1: device descriptor read/64, error -71
[  583.322722][ T5331] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  583.587010][ T5331] usb 1-1: device descriptor read/64, error -71
[  584.141107][ T5331] usb usb1-port1: attempt power cycle
[  584.714111][ T1177] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  584.775389][ T1177] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  584.811807][ T1177] [drm:udl_init] *ERROR* Selecting channel failed
[  584.918306][ T1177] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  584.922237][ T5233] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  584.983427][ T1177] [drm] Initialized udl on minor 2
[  584.990881][ T5233] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  585.017809][ T5233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  585.036083][ T1177] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  585.062792][ T5233] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  585.063455][T11013] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1435'.
[  585.124255][ T1177] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  585.127247][ T5233] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  585.143205][    T8] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  585.174065][ T5233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  585.195374][    T8] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  585.240743][ T1177] usb 4-1: USB disconnect, device number 52
[  585.280067][T11015] netlink: 'syz.2.1437': attribute type 12 has an invalid length.
[  585.294496][    T8] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  586.486121][ T5222] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  586.882877][ T5222] usb 3-1: string descriptor 0 read error: -22
[  586.912394][ T5222] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  587.003566][ T5222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.056800][ T5222] usb 3-1: config 0 descriptor??
[  587.084051][ T5222] usb 3-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  587.098354][ T5222] usb 3-1: No valid video chain found.
[  587.316273][T10276] Bluetooth: hci1: command tx timeout
[  587.565513][ T5331] usb 3-1: USB disconnect, device number 47
[  587.668449][T11009] chnl_net:caif_netlink_parms(): no params data found
[  587.930324][ T5222] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  588.138223][T11009] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.161100][T11009] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.192243][T11009] bridge_slave_0: entered allmulticast mode
[  588.312815][ T5222] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  588.330898][T11009] bridge_slave_0: entered promiscuous mode
[  588.364118][ T5222] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.373743][T11009] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.405564][T11009] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.422351][ T5222] usb 4-1: config 0 descriptor??
[  588.432416][T11009] bridge_slave_1: entered allmulticast mode
[  588.461645][T11009] bridge_slave_1: entered promiscuous mode
[  588.654684][ T5330] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  588.924080][ T5330] usb 5-1: device descriptor read/64, error -71
[  589.065900][T11009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.157457][T11009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.265904][ T5330] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  589.406720][T10276] Bluetooth: hci1: command tx timeout
[  589.463701][T11079] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1448'.
[  589.484346][T11009] team0: Port device team_slave_0 added
[  589.561397][T11009] team0: Port device team_slave_1 added
[  589.587598][ T5330] usb 5-1: device descriptor read/64, error -71
[  589.743318][ T5330] usb usb5-port1: attempt power cycle
[  589.928301][T11009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  590.030318][T11009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  590.149034][T11009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  590.187324][T11009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  590.235651][ T5330] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  590.247895][T11009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  590.656386][T11009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  590.680859][ T5330] usb 5-1: device descriptor read/8, error -71
[  591.517745][T10276] Bluetooth: hci1: command tx timeout
[  591.777321][ T5222] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  591.879267][ T5222] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  591.957431][ T5222] [drm:udl_init] *ERROR* Selecting channel failed
[  592.046053][ T5222] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  592.090525][ T5222] [drm] Initialized udl on minor 2
[  592.113036][ T5222] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  592.149928][ T5222] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  592.157096][    T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  592.194203][    T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  592.211678][ T5222] usb 4-1: USB disconnect, device number 53
[  592.227954][    T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  592.247610][T11009] hsr_slave_0: entered promiscuous mode
[  592.388015][T11009] hsr_slave_1: entered promiscuous mode
[  592.440145][T11009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  592.449523][T10276] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  592.565037][T11009] Cannot create hsr debugfs directory
[  593.554121][T11111] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  593.578728][ T5233] Bluetooth: hci1: command tx timeout
[  593.998913][ T5233] Bluetooth: hci5: unknown advertising packet type: 0x6c
[  595.017933][ T5330] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  595.230330][ T5330] usb 4-1: Using ep0 maxpacket: 32
[  595.249357][T11127] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1459'.
[  595.270669][T11009] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.309990][ T5330] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  595.347199][ T5330] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  595.398847][ T5330] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  595.437974][ T5330] usb 4-1: config 1 has no interface number 0
[  595.467283][ T5330] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  595.547659][ T5330] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  595.624451][T11009] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.658431][ T5330] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  595.709579][ T5330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.807990][ T5330] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  595.821737][T11009] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.000351][   T30] INFO: task syz.2.1113:9781 blocked for more than 143 seconds.
[  596.011727][   T30]       Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  596.040183][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  596.071701][   T30] task:syz.2.1113      state:D stack:27360 pid:9781  tgid:9771  ppid:6941   flags:0x00004004
[  596.102810][T11141] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1460'.
[  596.125617][   T30] Call Trace:
[  596.145983][   T30]  <TASK>
[  596.152767][T11130] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  596.160240][   T30]  __schedule+0x17ae/0x4a10
[  596.172131][   T30]  ? __pfx___schedule+0x10/0x10
[  596.179417][   T30]  ? __pfx_lock_release+0x10/0x10
[  596.227228][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  596.332364][   T30]  ? schedule+0x90/0x320
[  596.375468][   T30]  schedule+0x14b/0x320
[  596.402394][   T30]  schedule_preempt_disabled+0x13/0x30
[  596.437056][   T30]  __ww_mutex_lock+0xec2/0x2790
[  596.444733][   T30]  ? __ww_mutex_lock+0xb08/0x2790
[  596.458361][   T30]  ? drm_modeset_lock+0x6f/0x90
[  596.466636][   T30]  ? __pfx___ww_mutex_lock+0x10/0x10
[  596.476145][   T30]  ? __drm_mode_object_find+0x448/0x5d0
[  596.484083][   T30]  ww_mutex_lock+0x40/0x1f0
[  596.490972][   T30]  ? drm_modeset_lock+0x65/0x90
[  596.498928][   T30]  drm_modeset_lock+0x6f/0x90
[  596.510043][   T30]  drm_mode_getplane+0xf0/0x7a0
[  596.521098][   T30]  drm_ioctl_kernel+0x33a/0x440
[  596.528882][   T30]  ? __pfx_drm_mode_getplane+0x10/0x10
[  596.551163][   T30]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  596.560462][ T1177] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  596.579777][   T30]  ? __might_fault+0xc6/0x120
[  596.609569][   T30]  drm_ioctl+0x611/0xad0
[  596.629837][   T30]  ? __pfx_drm_mode_getplane+0x10/0x10
[  596.676491][   T30]  ? __pfx_drm_ioctl+0x10/0x10
[  596.700855][   T30]  ? bpf_lsm_file_ioctl+0x9/0x10
[  596.721377][   T30]  ? security_file_ioctl+0x87/0xb0
[  596.772067][ T1177] usb 3-1: Using ep0 maxpacket: 8
[  596.775844][   T30]  ? __pfx_drm_ioctl+0x10/0x10
[  596.819237][ T1177] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  596.824988][   T30]  __se_sys_ioctl+0xfc/0x170
[  596.867600][ T1177] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  596.886336][ T5330] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  596.892514][ T1177] usb 3-1: Product: syz
[  596.908103][   T30]  do_syscall_64+0xf3/0x230
[  596.924708][ T1177] usb 3-1: Manufacturer: syz
[  596.930280][   T30]  ? clear_bhb_loop+0x35/0x90
[  596.952809][ T1177] usb 3-1: SerialNumber: syz
[  596.967333][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.006287][ T1177] usb 3-1: config 0 descriptor??
[  597.017947][   T30] RIP: 0033:0x7f72393773b9
[  597.038502][   T30] RSP: 002b:00007f723a0dd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  597.075473][ T1177] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  597.113751][   T30] RAX: ffffffffffffffda RBX: 00007f7239506130 RCX: 00007f72393773b9
[  597.194352][   T30] RDX: 00000000200003c0 RSI: 00000000c02064b6 RDI: 000000000000000a
[  597.272195][   T30] RBP: 00007f72393e48e6 R08: 0000000000000000 R09: 0000000000000000
[  597.327422][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  597.353047][   T30] R13: 000000000000006e R14: 00007f7239506130 R15: 00007ffc34668d88
[  597.406506][   T30]  </TASK>
[  597.424907][   T30] 
[  597.424907][   T30] Showing all locks held in the system:
[  597.440238][T11146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1460'.
[  597.514138][   T30] 1 lock held by khungtaskd/30:
[  597.547405][   T30]  #0: ffffffff8e7377a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  597.615549][   T30] 4 locks held by kworker/u8:3/53:
[  597.653281][   T30] 5 locks held by kworker/0:2/1177:
[  597.677931][ T1177] gspca_zc3xx: reg_w_i err -71
[  597.705870][ T1177] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  597.718664][   T30] 1 lock held by udevd/4668:
[  597.738121][   T30]  #0: ffff8880b923e9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  597.779944][ T1177] usb 3-1: USB disconnect, device number 48
[  597.808475][   T30] 2 locks held by getty/4975:
[  597.843058][   T30]  #0: ffff88802b5ae0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  597.901413][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  597.923804][ T5331] snd_usb_pod 4-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  597.953067][   T30] 3 locks held by kworker/1:4/5275:
[  597.987498][   T30]  #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  598.047227][   T30]  #1: ffffc90004a2fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  598.114553][   T30]  #2: ffffffff8fa6dc88 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  598.156253][   T30] 4 locks held by kworker/u8:11/6974:
[  598.178214][   T30]  #0: ffff8880162e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  598.232179][   T30]  #1: ffffc90015587d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  598.292254][   T30]  #2: ffffffff8fa61110 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  598.339010][   T30]  #3: ffffffff8fa6dc88 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x7b2/0x1000
[  598.376188][   T30] 4 locks held by syz.4.845/8741:
[  598.403857][   T30] 1 lock held by syz.2.1113/9781:
[  598.435675][   T30]  #0: ffff8880201aa0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90
[  598.479613][   T30] 7 locks held by syz-executor/11009:
[  598.511301][   T30]  #0: ffff8880770f2420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90
[  598.559638][   T30]  #1: ffff888183fba088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  598.613259][   T30]  #2: ffff88802260ec38 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500
[  598.663851][   T30]  #3: ffffffff8f30aaa8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  598.715198][   T30]  #4: ffff888060f2a0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  598.784208][   T30]  #5: ffff88809063f250 (&devlink->lock_key#12){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  598.843684][   T30]  #6: ffffffff8fa6dc88 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0
[  598.906341][   T30] 1 lock held by syz.3.1460/11116:
[  598.930484][   T30]  #0: ffffffff8fa6dc88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  598.981607][   T30] 2 locks held by syz.3.1460/11146:
[  598.988799][   T30]  #0: ffffffff8fa6dc88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  599.020443][   T30]  #1: ffffffff8e73cb78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  599.047055][   T30] 4 locks held by kvm-nx-lpage-re/11134:
[  599.060559][   T30]  #0: ffffffff8e7653e8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x27/0xe0
[  599.095026][   T30]  #1: ffffffff8e5d1ad0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock+0x11/0x40
[  599.132719][   T30]  #2: ffffffff8e7655d0 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_task_all+0x31/0xe0
[  599.166184][   T30]  #3: ffffffff8e73cb78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  599.205588][   T30] 
[  599.222838][   T30] =============================================
[  599.222838][   T30] 
[  599.320911][   T30] NMI backtrace for cpu 0
[  599.325292][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  599.335811][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  599.345878][   T30] Call Trace:
[  599.349173][   T30]  <TASK>
[  599.352116][   T30]  dump_stack_lvl+0x241/0x360
[  599.356823][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  599.362041][   T30]  ? __pfx__printk+0x10/0x10
[  599.366644][   T30]  ? vprintk_emit+0x631/0x770
[  599.371344][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  599.376394][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  599.381360][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  599.386832][   T30]  ? _printk+0xd5/0x120
[  599.391003][   T30]  ? __pfx__printk+0x10/0x10
[  599.395609][   T30]  ? __wake_up_klogd+0xcc/0x110
[  599.400475][   T30]  ? __pfx__printk+0x10/0x10
[  599.405083][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  599.409146][ T5275] usb 4-1: USB disconnect, device number 54
[  599.410106][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  599.410138][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  599.410164][   T30]  watchdog+0xfee/0x1030
[  599.410191][   T30]  ? watchdog+0x1ea/0x1030
[  599.410222][   T30]  ? __pfx_watchdog+0x10/0x10
[  599.410245][   T30]  kthread+0x2f0/0x390
[  599.410263][   T30]  ? __pfx_watchdog+0x10/0x10
[  599.410287][   T30]  ? __pfx_kthread+0x10/0x10
[  599.410306][   T30]  ret_from_fork+0x4b/0x80
[  599.410330][   T30]  ? __pfx_kthread+0x10/0x10
[  599.410349][   T30]  ret_from_fork_asm+0x1a/0x30
[  599.410387][   T30]  </TASK>
[  599.413040][   T30] Sending NMI from CPU 0 to CPUs 1:
[  599.468518][ T5275] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  599.469559][    C1] NMI backtrace for cpu 1
[  599.469572][    C1] CPU: 1 UID: 0 PID: 5275 Comm: kworker/1:4 Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  599.469591][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  599.469602][    C1] Workqueue: usb_hub_wq hub_event
[  599.469624][    C1] RIP: 0010:kasan_check_range+0x1b8/0x290
[  599.469645][    C1] Code: 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee 5b <41> 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff 00
[  599.469659][    C1] RSP: 0018:ffffc90000a18a48 EFLAGS: 00000056
[  599.469672][    C1] RAX: 0000000000000001 RBX: 0000000000000068 RCX: ffffffff816fb67f
[  599.469684][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff934ec808
[  599.469695][    C1] RBP: 0000000000000000 R08: ffffffff934ec80f R09: 1ffffffff269d901
[  599.469706][    C1] R10: dffffc0000000000 R11: fffffbfff269d902 R12: ffff88802a223c00
[  599.469719][    C1] R13: 0000000000000068 R14: dffffc0000000001 R15: fffffbfff269d902
[  599.469731][    C1] FS:  0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
[  599.469745][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  599.469756][    C1] CR2: 00007f074fbc6027 CR3: 0000000021ec8000 CR4: 00000000003526f0
[  599.469771][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  599.469781][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  599.469792][    C1] Call Trace:
[  599.469798][    C1]  <NMI>
[  599.469806][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  599.469822][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  599.469842][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  599.469865][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  599.469884][    C1]  ? nmi_handle+0x14f/0x5a0
[  599.469899][    C1]  ? nmi_handle+0x2a/0x5a0
[  599.469915][    C1]  ? kasan_check_range+0x1b8/0x290
[  599.469933][    C1]  ? default_do_nmi+0x63/0x160
[  599.469949][    C1]  ? exc_nmi+0x123/0x1f0
[  599.469964][    C1]  ? end_repeat_nmi+0xf/0x53
[  599.469987][    C1]  ? __lock_acquire+0x5df/0x2040
[  599.470006][    C1]  ? kasan_check_range+0x1b8/0x290
[  599.470024][    C1]  ? kasan_check_range+0x1b8/0x290
[  599.470047][    C1]  ? kasan_check_range+0x1b8/0x290
[  599.470065][    C1]  </NMI>
[  599.470071][    C1]  <IRQ>
[  599.470077][    C1]  __lock_acquire+0x5df/0x2040
[  599.470103][    C1]  lock_acquire+0x1ed/0x550
[  599.470121][    C1]  ? __hrtimer_run_queues+0x670/0xd50
[  599.470140][    C1]  ? advance_sched+0xa02/0xca0
[  599.470161][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  599.470183][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  599.470199][    C1]  ? taprio_set_budgets+0x32c/0x370
[  599.470218][    C1]  ? advance_sched+0xa02/0xca0
[  599.470236][    C1]  ? advance_sched+0xa02/0xca0
[  599.470258][    C1]  _raw_spin_lock_irq+0xd3/0x120
[  599.470274][    C1]  ? __hrtimer_run_queues+0x670/0xd50
[  599.470289][    C1]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  599.470310][    C1]  __hrtimer_run_queues+0x670/0xd50
[  599.470326][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[  599.470353][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  599.470370][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[  599.470391][    C1]  hrtimer_interrupt+0x396/0x990
[  599.470417][    C1]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[  599.470439][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  599.470457][    C1]  </IRQ>
[  599.470462][    C1]  <TASK>
[  599.470468][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  599.470488][    C1] RIP: 0010:vprintk_emit+0x576/0x770
[  599.470504][    C1] Code: 04 20 00 4c 21 e3 0f 85 3a 01 00 00 e8 b3 ff 1f 00 4d 89 ec 4d 85 ff 75 07 e8 a6 ff 1f 00 eb 06 e8 9f ff 1f 00 fb 44 8b 3c 24 <48> c7 c7 c0 31 61 8e 31 f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00
[  599.470517][    C1] RSP: 0018:ffffc90004a2f040 EFLAGS: 00000283
[  599.470530][    C1] RAX: ffffffff81736631 RBX: 0000000000000000 RCX: 0000000000100000
[  599.470541][    C1] RDX: ffffc900144d3000 RSI: 0000000000017433 RDI: 0000000000017434
[  599.470553][    C1] RBP: ffffc90004a2f130 R08: ffffffff8173660f R09: 1ffffffff269d90e
[  599.470565][    C1] R10: dffffc0000000000 R11: fffffbfff269d90f R12: dffffc0000000000
[  599.470577][    C1] R13: dffffc0000000000 R14: ffffffff8173648f R15: 0000000000000037
[  599.470589][    C1]  ? vprintk_emit+0x3cf/0x770
[  599.470606][    C1]  ? vprintk_emit+0x54f/0x770
[  599.470620][    C1]  ? vprintk_emit+0x571/0x770
[  599.470639][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  599.470655][    C1]  ? __pfx_snprintf+0x10/0x10
[  599.470672][    C1]  ? read_word_at_a_time+0xe/0x20
[  599.470690][    C1]  ? sized_strscpy+0x8d/0x220
[  599.470709][    C1]  dev_vprintk_emit+0x2ae/0x330
[  599.470729][    C1]  ? __pfx_dev_vprintk_emit+0x10/0x10
[  599.470753][    C1]  dev_printk_emit+0xdd/0x120
[  599.470774][    C1]  ? __pfx_dev_printk_emit+0x10/0x10
[  599.470795][    C1]  ? __dev_printk+0x137/0x1a0
[  599.470812][    C1]  _dev_info+0x122/0x170
[  599.470830][    C1]  ? snd_card_disconnect+0x5bd/0x830
[  599.470846][    C1]  ? __pfx__dev_info+0x10/0x10
[  599.470862][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  599.470880][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  599.470901][    C1]  line6_disconnect+0x21d/0x280
[  599.470919][    C1]  usb_unbind_interface+0x25e/0x940
[  599.470944][    C1]  ? kernfs_remove_by_name_ns+0x11b/0x160
[  599.470962][    C1]  ? __pfx_usb_unbind_interface+0x10/0x10
[  599.470980][    C1]  device_release_driver_internal+0x503/0x7c0
[  599.471001][    C1]  bus_remove_device+0x34f/0x420
[  599.471022][    C1]  device_del+0x57a/0x9b0
[  599.471048][    C1]  ? kfree+0x149/0x360
[  599.471067][    C1]  ? __pfx_device_del+0x10/0x10
[  599.471086][    C1]  ? kobject_put+0x44a/0x480
[  599.471109][    C1]  usb_disable_device+0x3bf/0x850
[  599.471131][    C1]  usb_disconnect+0x340/0x950
[  599.471152][    C1]  hub_event+0x1eb9/0x5150
[  599.471177][    C1]  ? debug_object_deactivate+0x2d5/0x390
[  599.471205][    C1]  ? __pfx_hub_event+0x10/0x10
[  599.471224][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  599.471242][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  599.471262][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  599.471286][    C1]  ? process_scheduled_works+0x945/0x1830
[  599.471305][    C1]  process_scheduled_works+0xa2c/0x1830
[  599.471335][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  599.471358][    C1]  ? assign_work+0x364/0x3d0
[  599.471378][    C1]  worker_thread+0x86d/0xd40
[  599.471400][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  599.471418][    C1]  ? __kthread_parkme+0x169/0x1d0
[  599.471438][    C1]  ? __pfx_worker_thread+0x10/0x10
[  599.471456][    C1]  kthread+0x2f0/0x390
[  599.471470][    C1]  ? __pfx_worker_thread+0x10/0x10
[  599.471488][    C1]  ? __pfx_kthread+0x10/0x10
[  599.471502][    C1]  ret_from_fork+0x4b/0x80
[  599.471520][    C1]  ? __pfx_kthread+0x10/0x10
[  599.471535][    C1]  ret_from_fork_asm+0x1a/0x30
[  599.471561][    C1]  </TASK>
[  599.619795][T11009] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.917134][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  599.917154][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc1-syzkaller-00154-gc0ecd6388360 #0
[  599.917178][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  599.917189][   T30] Call Trace:
[  599.917197][   T30]  <TASK>
[  599.917206][   T30]  dump_stack_lvl+0x241/0x360
[  599.917237][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  599.917259][   T30]  ? __pfx__printk+0x10/0x10
[  599.917286][   T30]  ? vscnprintf+0x5d/0x90
[  599.917305][   T30]  panic+0x349/0x860
[  599.917327][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  599.917346][   T30]  ? __pfx_panic+0x10/0x10
[  599.917364][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  599.917384][   T30]  ? __irq_work_queue_local+0x137/0x410
[  599.917408][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  599.917427][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  599.917444][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  599.917463][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  599.917484][   T30]  watchdog+0x102d/0x1030
[  599.917508][   T30]  ? watchdog+0x1ea/0x1030
[  599.917536][   T30]  ? __pfx_watchdog+0x10/0x10
[  599.917557][   T30]  kthread+0x2f0/0x390
[  599.917575][   T30]  ? __pfx_watchdog+0x10/0x10
[  599.917596][   T30]  ? __pfx_kthread+0x10/0x10
[  599.917613][   T30]  ret_from_fork+0x4b/0x80
[  599.917634][   T30]  ? __pfx_kthread+0x10/0x10
[  599.917650][   T30]  ret_from_fork_asm+0x1a/0x30
[  599.917684][   T30]  </TASK>
[  599.920353][   T30] Kernel Offset: disabled