last executing test programs:

1m34.488634583s ago: executing program 1 (id=1037):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x59)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r2 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/access\x00', 0x2, 0x0)
pwrite64(r2, &(0x7f0000000200)="2763c75fd89f29ee2c65a968baf51bb05ac3b4a2362da53f8a21d0496b691da174e78e5a2ea879ca92dc7e4263806c8c7e5d1c9dbdc1", 0x36, 0x7f) (async)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, 0x0, 0x0) (async)
epoll_create(0x1) (async)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r4 = socket(0x1e, 0x4, 0x0)
close(r4) (async)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) (async)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) (async)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TCFLSH(r5, 0x400455c8, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000000)="0f01cb0f79bff04fb8ff068ed0260f01ca0f00170f00d30f79430366b9800000c00f326635000400000f30c1f192660f3880a8474f", 0x35}], 0x1, 0x5d, &(0x7f0000000140)=[@vmwrite={0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}], 0x1) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)

1m34.152572526s ago: executing program 1 (id=1039):
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x34}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0)
r5 = fsmount(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup=r5, 0x15, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
timer_gettime(0x0, 0x0)
socket(0x40000000015, 0x5, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x8, 0x11, r6, 0x100000000)

1m33.080329588s ago: executing program 1 (id=1041):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r2}, 0x8) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000180)) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x4, 0x10, 0x0, 0x0, 0x5f, 0xff, 0x0, 0xa6, 0x2, 0x5}, {0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x6, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0x2, 0x35, 0x0, 0x0, 0x4, 0x5, 0x4, 0xfe, 0x5}]}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000}) (async)
fcntl$setstatus(r5, 0x4, 0x2400) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m29.749327089s ago: executing program 1 (id=1048):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = accept$netrom(0xffffffffffffffff, &(0x7f00000004c0)={{0x3, @rose}, [@bcast, @bcast, @bcast, @netrom, @remote, @remote, @netrom, @netrom]}, &(0x7f0000000540)=0x48)
r3 = accept4(r2, &(0x7f0000000580)=@nfc, &(0x7f0000000600)=0x80, 0x80000)
read$hiddev(0xffffffffffffffff, &(0x7f00000017c0)=""/185, 0xb9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000019140)=@newtaction={0x214, 0x30, 0xb, 0x1, 0x0, {}, [{0x200, 0x1, [@m_ct={0x68, 0x1, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xabdb, 0xfffffff9, 0x6, 0x8, 0xd173d5fd}}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x6}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e20}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @mcast1}]}, {0x4}, {0xc}, {0xc}}}, @m_simple={0x80, 0x16, 0x0, 0x0, {{0xb}, {0x4}, {0x54, 0x6, "7828370f07642927266dc4337f42c970293a5e2c822fddd5a12a08ae36caf23af7354ffbfa988930365182bb7d0bc81e6defa96b44e74d2876ec0b252eda327ef4f8ac76e22379fd2437aba8694215cf"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_vlan={0x98, 0x20, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xc5}]}, {0x61, 0x6, "b9bc520909cf28f439461b54ad7bf078620a823a4b3a5ce5eae8666494063a8fbf8dadf8b089f174a37a925280ed2d6d00f398bbee115645709800237afb0e87251f27ef28d54d5fdd27c2c12cb1cf861b6e38d4f98843acaadd9236d7"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_skbedit={0x7c, 0xf, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0xf5, 0x7ff, 0x10000000, 0xa73a, 0x3}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x3}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xf, 0x3}}]}, {0x1d, 0x6, "b0236ea4c7ce01af93d4e269777bfcc596b57e8359d001eb7b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x214}, 0x1, 0x0, 0x0, 0xc091}, 0x480c0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000cc0)={'virt_wifi0\x00', &(0x7f0000000040)=@ethtool_drvinfo={0x3, "ff918db4b2ea864f5815795e5c517b777bf7d391e3a422329473449b6549c7ed", "1a324626a66fea4c37e166fb9b76dbb0b34a4b52c396450339b98a84de4a9567", "b767d3283bdd19a0bac6fc57d24dc8ec638ab26a47bc5f7cf96061a759cdef6c", "bea2a66f7ab0e327991883899b8aa68cbdb0cdcc65ba8de2a80f983f3bc5c9b5", "bf445359f87c8d9d44597e290cfd1c5ef93ac3eabc63287ff01f140e67ad238a", "7fb9d290634203ca8f9ca834", 0x8, 0x7fff, 0x6, 0x5, 0x6}})
r6 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r6, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001b40)=@raw={'raw\x00', 0x8, 0x3, 0x480, 0x0, 0x60, 0xd0e0000, 0x0, 0x100, 0x3e8, 0x1d8, 0x1d8, 0x3e8, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0x9}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x2, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x5, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x5b7}, {0xa, 0xc, 0x2, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x9, 0x7ffd}}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0xc0, 0x120, 0x94, {}, [@inet=@rpfilter={{0x28}, {0x4}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, {0x0, 0x0, &(0x7f00000001c0)=""/83, 0x3, 0x1}}, 0x48)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x1, 0x21e, [0x200000002300, 0x0, 0x0, 0x2000000024be, 0x2000000024ee], 0x0, 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000006b0011000016636169663000000000000000e3ff00007665746831000000000000000000000073797a5f74756e0039da0000f8ff0000000076657468310000000000000000001000aaaaaaaaaa3d000000ff00000180c2000003ff00ffffff00ae000000560100008e0100006f776e6572000000000000000000000000000000000000000000000000000000180000000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="02040000000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000000100000007000300000000005cae641872319dfae5a988272763a36abcf1f74cfd4bf988531a30a528c1c044813d8205fd8b1fdf1c2ccd79b5fb7f9e096fbd1c7eeee4b6646c0b2fc39d3fe20000000072656469726563740000000000000000000000000000000000000000000000000800000000000000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff00000000"]}, 0x296)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x2000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m29.649642192s ago: executing program 1 (id=1050):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffdd, 0x0, 0x0, 0xf71}, 0x28)
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
setrlimit(0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000340))
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000002540)=ANY=[@ANYBLOB="58000000020800000000000000000000070000040900020073797a31000000000c000780050003001700000011000300686173683a69702c6d61726b00000000050004000200000005000500070000000500010007000000"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x20000000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x4c040)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x4, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}]}, 0x24}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000018004904000000000000", @ANYRESHEX=r2], 0x24}}, 0x40000)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_init_net_socket$ax25(0x3, 0x3, 0x7)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x15, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0xa0}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x10}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x56010000}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x25}}], {{0x6}, {0x5}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)

1m28.681445679s ago: executing program 1 (id=1053):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
bind$tipc(r2, &(0x7f0000000540)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r4=>0x0})
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="1801000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="6fed0400262b04001c0012800b0001006d6163736563098e35bee3bf84620e2f6700000cfe028005", @ANYRES32=r4, @ANYBLOB="6400128008000100736974005800028008000300e0000002050005000000000008000200ac1414bb080002000a01010014000b00fc0200000000000000000000000000000500040031000000060011004e230000080014000e02d33e060008002900000008000a00", @ANYRES32=0x0, @ANYBLOB="6800348014003500766972745f77696669300000000000001400350076657468315f746f5f626f6e64000000140035006c6f0000000000000000000000000000140035006d616373656330000000000000000000140035007369743000"/104], 0x118}, 0x1, 0x0, 0x0, 0x20044801}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000340)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4002}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20044094}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETFILTEREBPF(r6, 0x800454e1, &(0x7f00000001c0))
fcntl$getflags(r0, 0x1)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
sendfile(r9, r9, 0x0, 0x100000000)
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000000240))

1m12.15143112s ago: executing program 32 (id=1053):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
bind$tipc(r2, &(0x7f0000000540)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r4=>0x0})
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="1801000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="6fed0400262b04001c0012800b0001006d6163736563098e35bee3bf84620e2f6700000cfe028005", @ANYRES32=r4, @ANYBLOB="6400128008000100736974005800028008000300e0000002050005000000000008000200ac1414bb080002000a01010014000b00fc0200000000000000000000000000000500040031000000060011004e230000080014000e02d33e060008002900000008000a00", @ANYRES32=0x0, @ANYBLOB="6800348014003500766972745f77696669300000000000001400350076657468315f746f5f626f6e64000000140035006c6f0000000000000000000000000000140035006d616373656330000000000000000000140035007369743000"/104], 0x118}, 0x1, 0x0, 0x0, 0x20044801}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000340)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4002}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20044094}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETFILTEREBPF(r6, 0x800454e1, &(0x7f00000001c0))
fcntl$getflags(r0, 0x1)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0)
sendfile(r9, r9, 0x0, 0x100000000)
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000000240))

8.302495685s ago: executing program 0 (id=1296):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setxattr$system_posix_acl(&(0x7f0000000340)='./cgroup\x00', &(0x7f0000000380)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000080))
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe0905852eff03000100090582"], 0x0)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000400000000000000020000001400020076657468305f746f5f626174616476000900010073597a30000000000900030073797a3200000000"], 0x40}}, 0x2400c850)

7.745745387s ago: executing program 5 (id=1300):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x15, 0x3ff, 0xb, 0x1, 0x60784, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1, <r1=>0xffffffffffffffff}, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'veth1_to_bridge\x00', <r2=>0x0})
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440), 0x4)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x40, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x0, 0x14, &(0x7f00000002c0)=@raw=[@btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x10}, @generic={0x8, 0x5, 0x7, 0x5f51, 0x3}], &(0x7f0000000380)='GPL\x00', 0x5, 0xaa, &(0x7f00000004c0)=""/170, 0x41000, 0x30, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000580)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x3, 0x4, 0x1}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000006c0)=[r4], &(0x7f0000000700)=[{0x4, 0x3, 0x8, 0x1}, {0x3, 0x5, 0x10, 0x9}, {0x4, 0x1, 0x8}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x3, 0xe, 0x9}], 0x10, 0x7}, 0x94)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x2400408d, &(0x7f0000000000)={0xa, 0x2, 0x2, @private0, 0xfffffffc}, 0x1c)
syz_usb_control_io(r5, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f00000003c0)={0x40, 0x17, 0x4, "7d6c9ecc"}, 0x0, 0x0, 0x0, 0x0})

7.661609438s ago: executing program 3 (id=1301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4000)
r1 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaad401d794aaaaaaaabb08004500003000000020fc02907864010102e0005def36eed053cc93fff6006500050504000364010102ac1414aa00000000"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004500001c0000c70d17e64ff52eafbc8ce00003000000907800670005"], 0x0)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f000000a500)=0x5, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r8, 0x6b, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x4)
sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x8080)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0xa0)
sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="00000000034647e7b53019ab0e97970678fd91bc3075fd64fd52eb0b92ea42737a67dc05b34f2958c1016c6a3cc6b2936bfd195487eeadd60c59f990f7d15fbba341c3ff7cccae66212ff8b4247bca43300f2d524f16b95a1b983b5002553036af19074028c6ad9f2723523d0adeaff313f7321bdd167ba0fb0bcd6b45941cfa7430c66b11943a170dc3ecc46eb86bce1a085c0987ea932c64d641766d726d", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fbdbdf250b00000008000600800200001400028006000f00e7d200000800030002000000600001800c0007000000000004000000080009004c000000080009003000000014000300e00000020000000000000000000000000600020089000000060002002f0000000a0006006c626c6372000000060004004e230000060002002100000008000500050000000800040001000000"], 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

6.935474208s ago: executing program 4 (id=1302):
r0 = socket(0x10, 0x8000000803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20000, 0x1}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @remote}, {0xa, 0x4, @multicast}]}]}}}]}, 0x50}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r5, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r7=>0x0})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404005400ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b70000000000000095000000000000003f0c54cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752688300000000dbc2777df150b7cdd77b85b941092314fd085f1b1b2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c830fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b8498aa787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28179f09943b1b0452d1b72183aacf4a84f9130b701b81675dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fd80f3876acb45821d0c48fb657c29b309c73f0977e7cde65a89d9458aac2795b2b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d2665016ac59dd20fde0745db06753a7ac7fe13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2084bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a3894696082417304fff0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bdb539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572ac45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af00200f900cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee78ebf9ef40662d7836961a8de6f2d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408816eae08cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb7819441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005391577f480000ea65559eb00e2b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e710d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d4ac534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f0300000000000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca396eeec1f53bb0bc1bc9ce45bb671f2dea5eafc74551cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b847e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fde46ad265983eb1b1c6adb1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0c5605000063902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f617396c18cc7130000fc000000210000006e00002000000000000027c9a46157a3ffff6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4472b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc4c860495b240e80063bde261fd000000000072f6df342f3e7071e28ef6806b6b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2b3a113e47edf76f7d116d2b0976cf2ec447c0309316d1dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a80500e92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949c68b7a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273061fc5c0e0a33db7f2d43ea8086cf059f40fa2645944cd9e7f2e6ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858e13e8f0ba9d1dec469dc71e998d99ebf7cfda638d7ce859acfec3f14ec2aa98b53cd68a0d99d62a5620b7c0f61dc386c449664a94bca09859a35760b7b818087347697c239990daec8384a12d973d5470efe5dae887be689c6b1551f4c5a649d9dc563d7049c91453facecbee789a1d5a4896b2b7bec3ec5e60c4916e5561888502a12f4985f9c7dab41cbf31c26cd12d5116de95b521a57408adbbac278be82fef3f9d8a51385b376b57e20be83e7b27460729a626250ccd7982eba588f86195e15119eca569bebba8514e5bfcbe51f1a628793b4ed4424c95a731628fa38e167b79affcd50b561d3a9cb4bea872d9e5a06a4201fd09eecfe283854837a65ecf8cd6cdaad4bf223db323de9d4854d66d324a0d125e3ebe2ed3c78e47392962860de6bb86759406e74335443407d9ee7d4a4430b60b6ef369604e1282b0c1aa8d4b18e8db32a0eeaaabc7f7b5c49bd88cfe860f69f5510179d867970f975169591908282cd4367f82e62e3fa37876f30934c23dc2d02a0c25839f008ec099503c8d1b3169aa9c5a7db7f0116d203ac6503596c3a5b063c28f84c9eb4200000000000000000000000000000000000009f491210abc6ed14c49e22898d449d435f7e0e94a6b8b37924f725c47d17471ea258133681ff4dca50beba02eacfe0910c1676bdff06e737e0d12878ab5366985c0e8245864b3abd02e81ba0638e4de4b2f62098108535546b58ae8baee1fcc301a3b4101588e60f6f7678b82aa80e37832a2f49744d23e3a11bd2282ec7ff3400e8748f91e247b80e1b65400"/3088], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
r9 = dup(r8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r9, r7, 0x25, 0x4, @val=@tracing={0x0, 0x8}}, 0x20)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0x0, 0x0, 0x1010000}}}}}, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000000)="d8", &(0x7f0000000080)=@tcp6}, 0x20)
r10 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000180)='source', &(0x7f0000000500)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xc1\t\xb7b\x12A\x1d`\x16\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\":\xc1I;\x03\xe2<\xdf;\xce\x93\xd3\xd2\x19\x964\xeb\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1H\x9a_\xe3*\xc6\xca\xae\x01\x00\x1e\xe1\xf4\x90\xe2\x12]\x01v\xbd\x0e\x0f J\x1d\xcb\xd9:\xa6U\f|\xce*\xa4\x8aJ$\xa5&\x1fu\x1b\x15v\xd0\xd8\x9fH54\xaa\xf2t.I\x96\x1c\t\xe42\x02\x85\xa0\xc2T\x02\x99\xfe\x1e\xb6\xf47u\xa7\x1c\xf5\"K\f\x03i\xba', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{}, &(0x7f00000001c0), &(0x7f0000000300)=r3}, 0x20)
bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="1ec86e88bf4ba4466ecffff7edad", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

6.775154587s ago: executing program 4 (id=1303):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0)
syz_open_dev$vim2m(0x0, 0x3, 0x2)
r3 = socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(r3, 0x0, 0x0, 0x9200000000000000)
memfd_create(&(0x7f0000000480)='!.\x00', 0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6800000010000104000000000000000001000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000004800128008000100687372003c00028005000700020000000a000400bbbbbbbbbbbb000006000500ffff000005000600080000000a000400ffffffffffff00000500030001000000"], 0x68}}, 0x20048804)
socket$inet6_udp(0xa, 0x2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=@flushsa={0x2c8, 0x1c, 0x100, 0x70bd27, 0x25dfdbfc, {0x6c}, [@address_filter={0x28, 0x1a, {@in6=@loopback, @in=@rand_addr=0x64010101, 0xa, 0xc, 0x80}}, @XFRMA_IF_ID={0x8, 0x1f, 0x3}, @migrate={0x134, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0x2e}, @in=@private=0xa010102, @in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2b, 0x4, 0x0, 0x3505, 0xa, 0xa}, {@in=@multicast2, @in6=@remote, @in=@empty, @in=@broadcast, 0x2b, 0x0, 0x0, 0x3505, 0xa, 0xa}, {@in=@dev={0xac, 0x14, 0x14, 0x3e}, @in=@rand_addr=0x64010100, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@private0, 0xff, 0x0, 0x0, 0x4, 0x2, 0x2}, {@in6=@remote, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6=@local, @in6=@remote, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x2}]}, @tfcpad={0x8, 0x16, 0x6}, @algo_comp={0x112, 0x3, {{'deflate\x00'}, 0x650, "be4ffafe471a9e60b91be3176909dd0fb782c96ba45da4037e01a1eb7ec6b2cc3755d29c8e13b9a7e4b6624a7c0e3b55a73de571b139095672b14c03985f94591d81ff7bebfb1952634cce49b987bdd61f52b3bb190ede8a09f5e9bddac2c654a4829c7c45901d24ff1ee2aaa6ee4b0445492933a2bd09f002a577b48d2e081c00d51e6eb0f4316941e2596e1c1500afaaf038cac1205d5432da8a2994d6de3949138eba13de67a2e18ce0756e848d3b13208d8d4caef2fc19eadfff3655de388f3f65377770ece03360"}}, @lastused={0xc, 0xf, 0x1a}, @address_filter={0x28, 0x1a, {@in6=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xa, 0x5, 0x4}}]}, 0x2c8}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x670, 0x5, 0x458, 0xe8, 0x180, 0xfeffffff, 0x2a0, 0x180, 0x3c0, 0x3c0, 0xffffffff, 0x3c0, 0x3c0, 0x5, 0x0, {[{{@uncond, 0x0, 0xb0, 0xe8, 0x0, {}, [@common=@socket0={{0x20}}, @common=@socket0={{0x20}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x1, @multicast1, @remote, @gre_key, @gre_key}}}}, {{@ip={@dev, @empty, 0x0, 0x0, 'vlan1\x00', 'veth0\x00'}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x0, 0x0, 0x4}}, @common=@inet=@ecn={{0x28}}]}, @common=@SET={0x60}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'syzkaller1\x00', 'ip6tnl0\x00'}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'veth0_virt_wifi\x00'}}, @common=@addrtype={{0x30}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x3b00, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
r8 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0)
sendfile(r8, r7, 0x0, 0x100000001)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r7}, 0x8)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r9, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r2, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050004000000140004"], 0x58}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)

6.653554724s ago: executing program 3 (id=1304):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000"], 0x80}}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000001040)={@multicast, @random="58a4ab044a92", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0xb0, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x400, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "4e0ec4d8ec1533548dfb72e1261d7aeb619d49e98f3f4cadcd53ff011dd82418", "80bdd625bd905ba90d0a6927c37cefe3c4b48ef7ded481883e35fd85afe3254b3e1441af5775976715bf29ed4dcc166e", "7cdfd8ec14c7ce8bac951c90fcfaa4d6679b931ed70bb5b50f5b738d", {"fdeca3693c5b2785e92ce602a669b6dd", "af8ff0acae2f2a3d0d0de9d22c2e3cf8"}}}}}}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "0af5b0699d46dac48f29d158dbe8cfb1979e12979688dc039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c7667ce67af25166c2f0f85f36aa8867406119c2a6f1f892e31dea982c5ab0348d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b51424df36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459af0ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0x9, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x4000010)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
gettid()
fsmount(r5, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6, 0x2010, 0xffffffffffffffff, 0x180000000)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0x8, 0x47524247, 0x3, 0x6, 0x2, 0x6, 0xa6e, 0x0, 0x4, 0x1, 0x5}})
syz_open_dev$vim2m(0x0, 0x3, 0x2)

6.574514001s ago: executing program 0 (id=1305):
syz_usb_connect(0x1, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x5, [{0x9, 0x1, 0x5}]}]}, {0x0, [0x5f, 0x0, 0x0, 0x61, 0x61]}}, &(0x7f0000000340)=""/250, 0x37, 0xfa, 0x9}, 0x28)
write$char_usb(r0, &(0x7f0000000000)="4b65cbe0926721ca1036d2e127931b909d84161c36869d3f2b2cb9c0e103ad88f2ada536109d153d3a426a39cd374ec324e07455efac41f903e970a2867683f5dcdc0cfff65240dc85f5d7ebdf5f0000003f7304fe19122c1b3c2d713b966cb737bb8381c0a6bc6ec72b27ae0c4d583f0be2e8358913d54237e641050e35548dc77aaf15d5d6ac557399baf43cd07e6502b2a9f445c240ce9b7a1667", 0x9c)

6.389742153s ago: executing program 4 (id=1306):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0))
signalfd4(0xffffffffffffffff, &(0x7f0000001140)={[0xfffffffffffffff5]}, 0x8, 0x40800) (async)
socket$netlink(0x10, 0x3, 0x8000000004)
syz_io_uring_setup(0x17e8, &(0x7f00000003c0)={0x0, 0x936, 0x0, 0x0, 0x339}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000180)=0x8, 0x0, 0x4) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) (async)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) (async)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0xa, 0x2, 0x0, 0x4}) (async)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f00000000000600000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

5.577897888s ago: executing program 3 (id=1308):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000000}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000b40)={0x0, [[0x9ef8, 0x0, 0x0, 0x4, 0x5d11, 0x9, 0x0, 0x12], [0x10000, 0x0, 0x0, 0x0, 0x3a3], [0x7, 0x0, 0x0, 0x0, 0x5]], '\x00', [{0x0, 0xff}, {0x3, 0x8}, {0x1, 0xfffffffc}, {0x0, 0x80000000}, {0x2, 0x4, 0x0, 0x1, 0x1}, {0x18, 0x5f, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x6}, {0x0, 0x3}, {0x0, 0xfffffffb}, {0x0, 0xbd0}, {0x8000000, 0x8}], '\x00', 0xfff})

5.437603319s ago: executing program 2 (id=1310):
r0 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan4\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r1, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x3}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x40}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x404c880}, 0x0)
sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xb, &(0x7f0000000180)={&(0x7f0000000100)={0x6c, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x0, 0x8, @multicast2}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010102}, @NLBL_MGMT_A_CV4DOI={0x0, 0x4, 0xffffffffffffffff}, @NLBL_MGMT_A_DOMAIN={0xd, 0x1, '/dev/kvm\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000082}, 0x4000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000b3000040"])

5.436758394s ago: executing program 3 (id=1311):
syz_io_uring_setup(0xcb5, &(0x7f0000000500)={0x0, 0xeae7, 0x80, 0x2, 0x24f}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340)=<r1=>0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = getpid()
syz_open_procfs(r4, &(0x7f0000000240)='net/sco\x00')
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480240001800b000100736f636b6574000014000280080002400000000308000140000000023000018008"], 0xac}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0xa, 0xd, &(0x7f0000000000)=ANY=[@ANYRESOCT], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
syz_io_uring_setup(0xcb5, &(0x7f0000000500)={0x0, 0xeae7, 0x80, 0x2, 0x24f}, &(0x7f00000000c0), &(0x7f0000000340)) (async)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
getpid() (async)
syz_open_procfs(r4, &(0x7f0000000240)='net/sco\x00') (async)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480240001800b000100736f636b6574000014000280080002400000000308000140000000023000018008"], 0xac}}, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0xa, 0xd, &(0x7f0000000000)=ANY=[@ANYRESOCT], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94) (async)

4.897359582s ago: executing program 2 (id=1312):
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f36f0c7eb2700d609bcf41076d88144448ebe7994dd1b33d7c8787734cc315672f62261ceeede940774fd94d2767288cfb3a20882449d601ff878eedd3d57c9eb3a723b62102bd534c8a304a975d752e82cc8d5f969771c94a1d69cfd8694e29b9468fca5df65ece31ed7c209325604001fcd06adc3ac391f60a3523d6d0b4a8a"], 0x310)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20d6, 0xcb17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

4.838064667s ago: executing program 3 (id=1313):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f0000000200)=@v2={0x3, 0x0, 0x17, 0x4, 0x3, "44dd06"}, 0xc, 0x0)
syz_usb_connect(0x5, 0x51, &(0x7f00000001c0)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63dd0000000009050300730a99d05b8114f9b278000000000009050cf201000206020905"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})
rename(0x0, 0x0)

4.677773282s ago: executing program 4 (id=1314):
r0 = userfaultfd(0x801)
poll(&(0x7f0000000000)=[{r0, 0x1040}], 0x1, 0xe2)
syz_usb_connect(0x0, 0x44, &(0x7f0000001fc0)={{0x12, 0x1, 0x40, 0xeb, 0x3d, 0x7d, 0x8, 0x4e2, 0x1420, 0x30ad, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x2, 0x6, 0xfa, 0x90, 0x8, [{{0x9, 0x4, 0x0, 0x77, 0x0, 0x0, 0x51, 0xa5, 0x9}}, {{0x9, 0x4, 0x33, 0x7, 0x0, 0x2, 0xd, 0x0, 0x6, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0xff}, {0xd, 0x24, 0xf, 0x1, 0xb7c8, 0x1, 0x7, 0x4}}]}}]}}]}}, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000100)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x8000, 0x5, 0x38}, 0x18)
open_tree(r1, &(0x7f00000000c0)='./file0\x00', 0x8000)

4.676762686s ago: executing program 5 (id=1315):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$media(&(0x7f0000000ac0), 0x0, 0x0)
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001240))
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4000)
r2 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x60}}, 0x0)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0xc, &(0x7f0000000040), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r8, 0x6b, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x4)
sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x8080)
sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0xa0)

4.629632991s ago: executing program 0 (id=1316):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x7, 0x0, 0x5, 0x1000, 0xe96})
syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x80080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, <r0=>0x0}, 0x2020)
setreuid(r0, 0xee01)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x1e01)

4.5587811s ago: executing program 0 (id=1317):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000001e00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="180000000014130429bd7045434e284a7eb1ffbcb2a904ffdbdf25080001000000000002b7c08f3bd266c99c472197991262456f28f11acf0a82fcf3aae0153ccbb17ee4d59876aa521744845092d1caaff7100a73f40e369f836f7c31aefa23777b6d57fc108714c5bbff006abe5f6e2377a24fcdbceb307a464fdb487980e3adc9ed7e474dc176fdfdbcb7fa4a81d7dc16d9c523921d692e8fe96fe007331b4ec3a2"], 0x18}}, 0x90)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000000)={"c467b883b4b2c597c3c27fd16f348e5fa553805a7d48036535e0ec821a76bd1ba148daaaff10b33c03b09688af41dc349665db532bd99683fb1ab31efc9250fa7882b91c9afca084a6904a475d430b2041f26e051eb3edf02d5282c79bef1655c35782b131461cdc62cbaffd9ed45aa64bd33cd3b4ccb4f30a1554986d5d0b71128a5b0a21d776d73bb6f9ef6a3def008f73a272400ea71eca582e5f8952a63f0d9fa2ad6e6a13448ae3a63d7dfe8fd8d3e69277ddff563a53afe380cbd8410d276f1bcfc0b2d56d4ec7dae0c14d0b5c268aae7845ba633e2006a360f72465a859c1d314d9372f2cd5734990ae3510fb855bfd5156d5f21d72156ba5a9de914d8639e305a05c127122103b59b5f82d2a82ba8ab6f1b678c0c3329b61b5d0a77fe1ac79a6daffbf4fafb536ef7d90cde846f51f64b58a28e3f34d1c370e70cb95e0ea6a9de0ca4aff44557cd4b9d8f7c6c76d90b5b57b9661bfbb383632a2bf89f70a87d669f51903c04cc9576cca9556b703379a45d52a65e427889d7556ed0b057154be6a6f95c78e03cb0afb5336c3da54c3ef06001488a3d8ce21e5b6c440b5c6ef5a4f5f7fdeecc52ba9695b06b38e20abed372afbd6f371b52146cf7fb8cb188f4e3b7c73ae2fe785f9953690a681c30be5f8d45ca6e6e2638a0ec2b353e6b37f7ab0c93f34b4c334f68f15b9476b40f7ecade2aa57ccf5ddec999b990b9b6e0aeacd8a6477e502a8a202ec7bad030000003a7249fdab39a9368a8cafdf87cd6ae485c4bbd0100ad4e2d6a1186bcbd2854f95a241cc4eeec67d397fdd6f94786eded36e4e811c5f5235e892c4588721438aabe14611b5e9ac053e268bbc2e7ff044687b1259243f8da86bc00165dd7764041e6d5b4fe4accfe3cd2ae6379f92ae37aaf9122d167bb037de518a8370e0c5809700f390e24122c79c4b4eaf4694715eec8dfcba19ee202b64f0d7063224cb0e0e3d50ad306f8cc69980b1c90b10d1dd3453065da2a36f53f5a075ca8b07ec431bef6f7ec3837ff256a0a8a230ddcd2dbc6fab975ddfd2cec7fdc343c68926c08958e80a8de323bd483654c7e60dee6656c126343b73325aeb29746df12de5e8ea24c5b827c983737a43faa31d6b3b8fa50fe098c5861a6a8496e9d66a3545b09fe802dbd6b36bcb073c49722d9ee65f87c5cf173f987e74b2497b62ca92c9c4b4c68cc1978804fc147ae04b916b26e4e6be536921f14361fd6b510d76b936e2fbe03cd68cc0a043781240e311561d3e04ddbc0b041a9c4c749b122c2cbff764c1d3dc057b33b2bea8aae76b6ddb7ea64ae2ff38e65e15db9f9412151cd64927d982eebc76512452ce2479ce10b9fa3504274011fafac6f9912ed769cd42ab17b25eb9eb852a40e4a9e2ac7b3ce0c656b3b0b7fd818e8d7b458d6482f6f4ccbba5d0f74f702b00b7848c3d78"})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a32000000006c000000060a010400000000000000000100000208000b400000000050000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000180001800c00010062"], 0xe0}}, 0x880)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r6}}, 0x48)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r8}}, 0x48)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r9=>0x0})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRESOCT=r9], 0x40}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYRES16=r2, @ANYRESDEC=r7, @ANYRES8=r4], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/wireless\x00')
sendmsg$nl_crypto(r11, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB="e00000001500200029bd7000fddbdf256563622d63616d656c6c69612d6165736e692d617678320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000240000000400"/224], 0xe0}, 0x1, 0x0, 0x0, 0x40000}, 0xc080)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

3.661439534s ago: executing program 5 (id=1318):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8)
recvmmsg(r0, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/180}, {&(0x7f0000000280)=""/122}, {&(0x7f0000000400)=""/165}, {&(0x7f00000004c0)=""/142}, {&(0x7f0000000640)=""/70}, {&(0x7f00000006c0)=""/179}], 0x0, &(0x7f0000000580)=""/70, 0x11}}], 0x40000000000029d, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1}, 0x50)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'lo\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x1, 0x8, 0x400, 0x0, 0x41c0204, r6})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000c80)={'ip6gre0\x00', &(0x7f0000000c00)={'ip6tnl0\x00', <r7=>0x0, 0x29, 0x1, 0x9, 0x200, 0x54, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x8, 0x4, 0x2}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000005c0)={'syztnl1\x00', <r8=>0x0, 0x3e, 0x80, 0x3, 0xfffffeff, 0xa, @dev={0xfe, 0x80, '\x00', 0x27}, @empty, 0x7, 0x700, 0x8, 0xa}})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000d80)={&(0x7f0000002500)=ANY=[@ANYBLOB="02000024dc9da4f2a92b5e2c75748d4abafbb69490ade64d299b1210caad7d0fb85f46757cc3b9f1323871a1b2f1be2e321f34b741d330d3902d419bd17e0e753f8f4838dc170da7936372b0cc9241761d80992ccca57cc508b8534fcd14060e26e3820f03df4f000000", @ANYRES16=0x0, @ANYRESOCT=r3, @ANYRESOCT=r2, @ANYBLOB="1400020074756e6c30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="300001800800030002000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="140002006d6163736563300000000000000000002c00018008000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0800030001000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="1400018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="4400018008000300000000001400020076657468315f6d6163767461700000001400020070696d7265670000000000000000000008000100", @ANYRES16=0x0, @ANYBLOB="08000300010000004c00018008000300010000000800030007000000140002006772657461703000000000000000000008000300010000001400020076657468305f746f5f6261746164760008000100", @ANYRESDEC=r2, @ANYBLOB="4400018014000200626f6e645f736c6176655f310000000008000100", @ANYRES32=0x0, @ANYBLOB="0800030000000000140002007663616e30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="48000180080003000300000008000100", @ANYRES64=r6, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="0800030002000000140002006e657464657673696d300000000000002000018008000300000000001400020072657468305f6d616376746170000000f925628985698a17ba07276b279418c0f926c050abc78b24253a189795a09a376d2390323e36e1a06458efb87edb2db406cd4bf76b4fd284afd39ef8abb7ea7d138fa1385a811247105c631118249fe0c2ccb7506ed1d144d48137bf9ff17d48ca1cab6eef012897a465ac6713cd3ed3cfae949588"], 0x244}, 0x1, 0x0, 0x0, 0x80814}, 0x4)
sendmmsg$inet(r2, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000019280)=[{&(0x7f0000000080)="4b974e827bf253fea454054500"/23, 0x17}, {&(0x7f0000000180)="ed", 0x1}, {&(0x7f0000019300)="d8fa34bdd8", 0x5}, {&(0x7f0000019080)="d119ed488159f3bd268f74da4438da4b0260f17f3a56b4a047186d98f191c53979ddba66751ac655d6803bf26fcd79560cc69b5e6c44d2cb77b2c9bb681fa15c4e114f3bcb299e", 0x47}], 0x4}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000640)="f74f1228b4ef1f23092b217f9a1ca3b6d7327db838a01785fa003d95c54eb07658f3cb0ebf3a29f2e78d54a53d113055b4f6f0649ffbd0cbf716d20f63cf1ddb9c78387f6993fcbe05ffe74a75f5380e33b73ba24661090c07b1e156eb244f1e4066d540f730cea0b695afeafa3eb96c646e032446e4ae4ea484b2962591b07a6a9e", 0x82}], 0x1, &(0x7f0000000d00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @dev={0xac, 0x14, 0x14, 0x3e}, @empty}}}, @ip_tos_u8={{0x11}}], 0x58}}, {{&(0x7f0000000700)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f00000007c0), 0x0, &(0x7f0000000800)}}, {{&(0x7f0000000b80)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000cc0)=[{&(0x7f0000000e80)="71ea3a28daab1e128ffae45e2de54f949e6108463119dbd6d641610f824372858ca08cb9d91ed7e27ba50e9ea80d70d53bbcedaedcb7296b89d114fd628b56ee7dcc7447812972fcc59bc9be5fa8dc98d7706a3ac054cd80fcdbf7d2cb0152f96b80e27556ed7b87dd93f6784a8c6ee01fb261c59333c57622b50225e5a497d00bdb97982c6103d2871d9fb4a208f70098ae8893264e65646851c25628ccfedb7c4eaed488ca7e8f481e9bf634ce56a910bb8e6534f092295f5f7b44ee3fbc1fbab6c3efb14c3fc03592449ef422b40c3520f2e8176a9082", 0xd8}, {&(0x7f0000000f80)="9da00db8f2456d157cab260ee0e9c70193f721e1115f176d409d30de960cfcdc9c76620106b95394bec458005555021f6fd408986d86057fc2866faca0adac86af20762d52576ae76bc3ee6a4bdf07ead864e900eea4b1c8f27f048643c099fd2afc872575d8dcfcccbf77279d820d0800e5912be4e8f26401ee0bb41cb753f8869c112e004f3fe3f60a8e8bfc96890f3f3620ea1d6f35c836892c783d59ef4f5d211e970687055d682c2a475f1c4bf2377be7df3af46b5e8fe73e89b7c2a741a8e0c487921d3c645fc5a4079e0480d6bc576562c4292cc406c853d93dca71108383897494ba4010435b245431252f2a735ac14e1fefd7916068e9cba95331514a9edb6d2a016d2f269f520cd7e3d6a4574f8263a417958c55e380660511b868b729a70bdc4f1984d2aea055257abb4b802129f927976acefe5d1f35a2e1761b146fda706e6802cd18cf5968a5f79f96a8ebfe2cfa2f7994fa32937cce3b59db6dd9b37c610a767d268c40904b60be1ee2e33724cd9aa79f2c3570677e54de14d2c584699ccf231a3eac0d1e44169bb2266ceba6cc625785150fe664623df8989182a9a676befbeea255600ff4e3688df76b92f4d3c374b3391f5696d130314855c2d1d65d0768b2dfb85a3b4f538c66a051bc5c5e02877725b493240379fb53a1bdaa5fcd440ca21bf343dab6d1c0ea5b10f26994461c06a476219a77e727550f17f2925afb8670bdc16bbb53c6f2e6f35395db06d88a01557405b67529a52dcc244d5ddff3c56a15206110af24acaf9c867f511c97dd7eb8c240cab484f6ff3ac0dd49b3dd5b59804a9ce06a3526150f3724e6a58e5beae48260db363c473d37b6a4f1726744f64021417366963dedd38ebbc4dc7978b71a576ad79c483c5a9445e53dde212e65638436c5bd80734de9da5df1f0a24fe5a1ad59adcbf19c4ad29d9a3dfd3749c349037a31436a28d0fc7b83974a2886ee6ea7dba4d08de0938a7e9107cdafbf4172b147f318de38312ee6eeb6be4f6b6aa1ea6d76f2a24c1202b27fbdab9de57e81b34090ba8c883a8ac2a8c8ce020d432b486c8134a6201e0c7aa8f8f199a38432cfbd80b7c2da5fd0f7f72c86c6591558fc4b237efa079bc6b7db28f9433de9c6fa7ca3bbf5ff6284318612870cb7cb3268f99fda2135303225fa140c5da821d9dd1772efe3ae695afb0efc388b6ebbc1691646339b8671b3eba44ee813be818a368f38bf0ce09f8cb919490807f499d9c18847841efef4167b9a9813f5fe4a65bbac90515893bd7bbd3e0cd548ef2dc283b9d9a7349c88bdc34acb5af36f67b5fa16ffa56b874536d1c9946d76cc44f6dc7f486d9d4595aab0f7e4a2c1a6ad7aae3727058eabc376c1a35ea2744eeb76e319c547f7f20bf7b2508a86e16aa917ae08b18d8d55727eed584c1f0323fa8e6718a2ceb2241abd33681e86caf1af988c5760649c3418899e6e7bbb654ddda488658eb0e80b2f21a2cd5434ef7938cdb2379a760a61a8ec83143a2a80ba629e5a1e7f1cb749a1202f91545694aed2bf7643b0709a0b9140248f8e5a29634c97fa788e591639be814d8e69f8befc2c7d2d25690c25817ac449c7ab26721413f68fed05616539acc3da17f93ccd7109ba3bd2376b31ce9b7a96cdb730f173b70da68560144758ce7d5806f2e930a26f785f63230ece4aacbfe1aaf05ab5de53ea16d64c3beca8befbdac23cfcb16c0c653750e5deaa8b19246674d45e1a78c004e586d47042e840085bff817fd0d9b270ada8d646bb45dbe555a4402cd5c70b56715bd4a329d8280f192b568368c66dfe08985b0cf783219540cab3470db85f56743027ee452fbe971aa63b2a7ba7c08eeb7b7e6ce91a39160f588ca49f5a1a233a292a3dc31c635b6c40c0d710ff3c15deead90ba5f2d364c8f75f5763d7da1a2cf8785690b8180be81d8128fead961b557b2f51337509b6787a142f51d45428c850a36414c14831a072c0ee635bdb0d7232a8fb61c7bede4aec9e05f399a472b3daac58a16100c175aada14d8124d9424187444c2b1b3c98c553f7e58ec64d98ea597bf943ffd9763309203193768897a4f95591b8c35781524ca44f04b46ceed7ed504dd9ea194bffe88c95c64de7cb175d72c04ff64fd4768d4ca6efd9b362986500be343029f3021fe349b3d7d056d7000402b6f0ff9d9ad98cd50adbc497d5006f9528c2ed18d256c75edbb330e8e9c35b59a08a67f3a7948af79661da3a7b1c3755ff411ec669ade6e0e4871c82cecb6b892359b51b3b85fc4fb0a8da32d81b98c30bfaf06cce77e2949137066728d5c148aa942b77964d8e776dc521f81e32b175c6397ab83cdae04a889a1076063c7aec5bdadcb46da9c41a9c6fa362cf24f5f4403e8ee6f9e4233b4c6591ab6644b476432a225510305037825aa480cb3728b7d81320057f54dfd7a856992fef8b2bc400e04475e0e5704182c2ef87780b1fb92c84f0f8f0f6098b6f90581a025ea06d278193861762f7a3d13718402118a1f85d27dbc043952046dde76fa9a4d941e558f02e449207cb412ee2894dbb9abede9e96ae9bc16a94a395d13f49a632fb0856bb19446618386eeaebf1894620c779eda11017ebcf819892cd6cb4c7ef87fba3bd96790a7c6b436199fe2240090e091ba45b57c093cc88a6909953c898db00f5254efd0802e8be2a86ae596997ba24448405c5db58f538e376a3d9b005014319579a70410724d5ec2acdc318aa08aca29181a0c07b2ac40e5dbd82105fef4521767b0e6cef5a60b8ee185122ebbdc007c3e8b42d22c04b00f41ffc33b04a6018737ab7b6c259ed2ceae32e2a25dc67d8840a4b91ffdbb60f43aa12a1f7b12c351a69afb2d1554325a6cb95b4d7e8c68d3398ee33c8b088c8aa7969c76564dd1399b0a1243b8aaf0d1b704a0310c295e53276615db2495ec7a78a3e37112c7791e61800d865a9a95802b01726f680c4e26007193ce2bdfebcc2a718e6c8f107702d8586952866717256200519d8adbc2bdda0a888fdb62f2b41f0c522541bb4fa0b41f6215d68c7547b286e64283e03d3e24e2143df51c4615b7f881cc4f16abeac87ad5a66508baacda12ef5e75b0084382e041e37f8095cf8bd9c9e74333c0667accd26bcbadb7cd880959da912eb4011d349864f83eb97bf453136f4345854333b7ef1bb9a2e0032ec3e3ef5260099932bb792971ce2874d60e95aa5023842b54877e5660a6815a2a66937a7fc016ab3f15393e61c91a8b74221da795e2be0bf98a92e93f042d37d3b4490f02d3ce0339f300604132305a63b6fd52ee4d37629b86756cdf3cc11b73f023946ca58fc92df18f6e1f10949b01cc265d753b85685f62e8c24868f35c502c82188c14e2f5bfdd92bc57f3468d20fd4de5bbdf6bc5a2232a0444ed511a48fac6fe122aa5ba8a70350c6010ea893b4cea15f2084cefd26a4397c3e3ca062e4c5a8e44eef0bcec4736cebfee3591772791e7de30ebe2aa12880897b59a34b2afd959c8d4ee061bf7d60f345617c063c593e78aa18109f0eeb4c7efdbe724618bed8e11878ec59f916d7e6f47d94b41c9c3330384f6834036cceb76cf90d551079936351b4c9d45608e3003a18b5d334b6c926fd1d87e5c25e42fe56c57fc118651d883965ffd973c5cbeedf0136f3797ef4eb5045a06afb56025fe1301de8d46585a196cd6780754a572274030fcbc9e0f9fa730f73564291fa4c2516a00545d1aa4eade0fbef6429e74cad5f39bf2eda3d8655d4e7effd1204a6648c5fd92c02e5a0f1933922bb7fe4e993068c9bd2b6cd9c58c49063a98f78fa7f590158aaebc5322412f4c6065386e77aeb0f577bdb9e99ebcf0c9145699bd36d6139891c8c41bc2a0edc5ec32a2636a8a6ab94105d41b141774a2257e0dad9caa9dc947490716c7c7dfa5eb052baae336f09f1ce3583da5bc72563f7538d28729f3b45e302839e40cc77863821a4b6b0c9f1cae1aefdd69f582c66918cc5adebb6f14668c25fec123d3f6b2f489dd6e9ee84c5024f6941e08d993b586571661cef341321a8642aebe9d8dc128ded1f32788d7ed23f0a97d9d972aff85ab0618a99a5b6350188f5fbedb364b9d67806ddddddf237204af86a9ea0849882cde78f80cc64f3cfca6ac34618771ff31627c96a329b38f121da7467cce18a124de8b5b4cdbbae1c0d97e545676f8c906169f3b9192e2b00c328ea7aa8eae482880d76b0b0022fad645fe81b1afa6a612f1b17c633395dfae80fb2d6690e81737e651bba4b2b40703e745b9d2fe125a8b6dbd8633d916325ffa1f14b7b20f2f9def8dae3c1fec76719d2b95795e9e7644f7c0bcba6adcef170669cfef728bec8ab101064152cb8874b7b157fb9ebe3f2800b0f57bd2d9fa74b0a0422dc4e467bb79b855c349d83db3081cadcd79242205c75d3b1a340bf64e8ac7a542dec38d1355a184fdd9de865a25c4ca3add8a8eb6aea8a406cda6cfe28761383c385c2fcc4cecc5d9ef65744b8745e6a68145a6471ace8c67435e3f8ab1aa063a103dd12530767d75306f0cea2b897dbf8323be134c1ebc580979c9806709758abb9f176ec8680a3ce6effc54f6109d66a0d14dbcf255ca06feeec6d33ca24cffb181c7f079397779f6f3c43abd992ec09248e766d117ba8562de20e0c9748fc00c9609e932634e9cbd88d285823c4e601718489e159e3da4b4dca56010591c5f8db538347aced4554c33a10bdaa75794dca52e4ff53b6bbf8257a0a389cf25fa211dcbecc4aa4ebfc31ce1113b787fe718c910119fafa9f5df2c307b58c48e040def5cf48df051ef7864332f32968e1ea561ddd97f6240a1abf3ce63c31b4690a4f556e8956917b86d5acccea3ab352eef2ce60d3aebd41229145c096a8f1f795b089dbda8e8c2cd9a5ee48139704893fc381ba31958fe55625360b668c820a8bf09cec52cf5b917bb599259e025e5acd5580797dba545e95f58f4acdb9ffaa6b029fd2b35eb6291563bea6c7f7003d471b0b3296c10dca02d8505e1e20415fdd9336cc6f12d64963f439efa5f1dcb05b8d69d20896ef4e17e6d95041329e6dd0f6040c87580a93ec7aeb3eb5e920acb0533c729e6f63207ea2ce12107080de87df3dc15a1b0e01d748a5b88e942a1240d7ba838aa4bdd27d6f57bdc30502f31f74867ff9f4decc8e2559ecda7ee3deda2843354b54aabbccc687c3999018601aa91eb8fda85a3936c346785151b17e54ee41d57998be5e99167ce7c6ee6d8f91356e860c590ae1eea67c86425175d989d7d0d641ae302f6d991ac6e48dfb22657894b71449e55d734e8ad867a3203fd334ec07d6dd0fc87be8b3c1abb18621d0805245484a17e354fd4a47cf1c1457ceb577017fac152a6ef95c59c1786ab131143d6e39fea850c103a6f306a60c399209847b8e4ae856d1009c30503d4a886a5d044668893aadad17ac28b15b09087af5d1c331e4087a82c8d81ef8daa92bc4dcc2440625d7028fbaf669fbb36c89f306559ad2c5c3642fb946a24fc7803adbb1765db9bf9e79bb0a97bfd187fb046493fe67c9dddf1a1a587b5af27c34ecba2dab8ad22899ff8ef6d7457e0f09662a6d8e1e0cb454526ea0dd8f0543b16380219d1e201e74ba90573790af4eecef1c3236887106e868d4b1be22129b41b6a87fa729b556bd37b5b0cc0df05d7fd58873562cbd3853f01cb024c71a2c1c2a8f38a3655e7848869e18a59e0c5f0465149ef125f3f59b3a849abdd0e0c103aa08488141900bc8fed04d417ff0c5f1aa74c2d", 0x1000}, {&(0x7f0000000bc0)="9e3ff76071f0d7f98b0883a2ee5d73ae9dc541c6a263a42be8817edead67200bce7c0a33c5269e2b105741b0ad88521e81d1dee317fa015f917f03", 0x3b}], 0x3, &(0x7f0000002140)=ANY=[@ANYBLOB="1400000000000000000000000100000028faffff00000000140000000000000000000000020000007a5600000000000040000000000000000000000007000000070ba97f000001ac1e0101940400004420fa90000000070000000000000009ffffffff000000000000000400000004001c000000000000000000000008000000", @ANYRES32=r6, @ANYBLOB="e0000002ac1e000100000000110000000000000000000000010000000b000000000000001400000000000000000000000100000004000000000b6a69"], 0xc0}}], 0x4, 0x24008804)
sendmmsg$alg(r2, &(0x7f0000003b80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}], 0x1, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="00012cbd7000f9dbdf25020000000800040006ffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x4000100}, 0x90)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

3.461493478s ago: executing program 5 (id=1319):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c0003800800014000000000"], 0x80}}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000001040)={@multicast, @random="58a4ab044a92", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0xb0, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x400, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "4e0ec4d8ec1533548dfb72e1261d7aeb619d49e98f3f4cadcd53ff011dd82418", "80bdd625bd905ba90d0a6927c37cefe3c4b48ef7ded481883e35fd85afe3254b3e1441af5775976715bf29ed4dcc166e", "7cdfd8ec14c7ce8bac951c90fcfaa4d6679b931ed70bb5b50f5b738d", {"fdeca3693c5b2785e92ce602a669b6dd", "af8ff0acae2f2a3d0d0de9d22c2e3cf8"}}}}}}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "0af5b0699d46dac48f29d158dbe8cfb1979e12979688dc039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c7667ce67af25166c2f0f85f36aa8867406119c2a6f1f892e31dea982c5ab0348d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b51424df36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459af0ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0x9, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x4000010)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
gettid()
fsmount(r5, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6, 0x2010, 0xffffffffffffffff, 0x180000000)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0x8, 0x47524247, 0x3, 0x6, 0x2, 0x6, 0xa6e, 0x0, 0x4, 0x1, 0x5}})
syz_open_dev$vim2m(0x0, 0x3, 0x2)

3.236993851s ago: executing program 2 (id=1320):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002480), 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0x7, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)

2.327148569s ago: executing program 5 (id=1321):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc010000190001000000000010000000fe8000000000000000000000000000bbfc010000000000000000000000000000000000004e2100000a00200000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000005000000000000008000000000000000ffffffffffffffff0000000000000000000000030000000044010500ac1414aa000000000000000000000000000000003c00000000000000ac1414aa0000000000000000000000000100f2ff03000000000000000000000000000000ac1414bb000000000000000000000000100004d22b00000000000000000000000000000000000000000000000000000000000000000800000000000000000000fe8000000000000000000000000000bb000000003200000000000000000000000000000000000000000000000000800003000000000000000000000000000000000000000000000000000000000000000000000033000000"], 0x1fc}}, 0x44)

1.951525268s ago: executing program 3 (id=1322):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open(0x0, 0x14507e, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x25, &(0x7f0000001500)={r2, @in6={{0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x28f9fed5}}}, 0x90)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
r5 = socket$igmp(0x2, 0x3, 0x2)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r6, r0, 0x0, 0x10, &(0x7f0000000100)=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x30)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r5, 0x0, 0x6, &(0x7f0000000040)=0x2000011, 0x4)
setsockopt$inet_int(r9, 0x0, 0x17, &(0x7f0000000180)=0x10000, 0x4)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

1.946548147s ago: executing program 4 (id=1323):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$unix(0x1, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) (async)
mmap(&(0x7f0000405000/0x2000)=nil, 0x2000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xab24d000)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x88400)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r6, 0x40485404, &(0x7f0000000600)={{0x3, 0x1, 0x7, 0x3}, 0x1, 0x405}) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x48805)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000ec0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xe, 0xffff}, {}, {0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0x5c, 0x2, [@TCA_BASIC_ACT={0x58, 0x3, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0xe42ef}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0xffff, 0x4, 0x2, 0x6}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, &(0x7f0000000200)) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x100) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000011a40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)='p', 0x1}], 0x1, 0x0, 0x0, 0x4004}}], 0x1, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0x10820, 0x400}}, 0x20}}, 0x4084)

1.943597542s ago: executing program 5 (id=1324):
process_vm_readv(0x0, &(0x7f00000000c0), 0x1, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x30, 0x3e, 0x107, 0xffffffff, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x14, 0x0, 0x1, [@nested={0x4, 0x6}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47f0"], 0x0)
syz_usb_ep_read(r2, 0xf, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x14, &(0x7f0000003580)=[{0x6, 0x1, 0x0, &(0x7f0000001480)=[{&(0x7f0000000040)=""/215, 0xd7}, {&(0x7f0000000140)=""/218, 0xda}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/218, 0xda}, {&(0x7f0000001340)=""/124, 0x7c}, {&(0x7f00000013c0)=""/185, 0xb9}], &(0x7f0000001500)=[0xe]}, {0x1, 0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001540)=""/180, 0xb4}], &(0x7f0000001640)=[0xffff, 0x10000]}, {0x4, 0x1, 0x0, &(0x7f00000027c0)=[{&(0x7f0000001680)=""/167, 0xa7}, {&(0x7f0000001740)=""/38, 0x26}, {&(0x7f0000001780)=""/63, 0x3f}, {&(0x7f00000017c0)=""/4096, 0x1000}], &(0x7f0000002800)=[0x7, 0x1ff, 0x4a0, 0xc, 0x3, 0x6]}, {0x2, 0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000002840)=""/32, 0x20}, {&(0x7f0000002880)=""/155, 0x9b}], &(0x7f0000002980)=[0x2, 0xb95e, 0x1, 0xfffffffffffffff9, 0x81, 0x9]}, {0x1, 0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f00000029c0)=""/45, 0x2d}], &(0x7f0000002a40)=[0x6]}, {0x8, 0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000002a80)=""/43, 0x2b}, {&(0x7f0000002ac0)=""/124, 0x7c}, {&(0x7f0000002b40)=""/225, 0xe1}, {&(0x7f0000002c40)=""/86, 0x56}, {&(0x7f0000002cc0)=""/186, 0xba}, {&(0x7f0000002d80)=""/1, 0x1}, {&(0x7f0000002dc0)=""/192, 0xc0}, {&(0x7f0000002e80)=""/76, 0x4c}], &(0x7f0000002f80)=[0x7fffffffffffffff, 0x3]}, {0x4, 0x1, 0x0, &(0x7f0000003240)=[{&(0x7f0000002fc0)=""/220, 0xdc}, {&(0x7f00000030c0)=""/28, 0x1c}, {&(0x7f0000003100)=""/181, 0xb5}, {&(0x7f00000031c0)=""/125, 0x7d}], &(0x7f0000003280)=[0x3, 0x3, 0x6, 0x7, 0xc, 0x7fffffffffffffff]}, {0x3, 0x0, 0x0, &(0x7f0000003500)=[{&(0x7f00000032c0)=""/235, 0xeb}, {&(0x7f00000033c0)=""/246, 0xf6}, {&(0x7f00000034c0)=""/40, 0x28}], &(0x7f0000003540)=[0xfffffffffffffffe]}], 0x8)

1.352151122s ago: executing program 2 (id=1325):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f84848000000cc140602ab1100000e000a000f000000028080101294", 0x2e}], 0x1}, 0x300)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r1, 0x0, 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x2, {0x0, 0xf0, 0x3}}, 0x18)
r5 = epoll_create1(0x0)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000000)={0xc000201e})
read$FUSE(r6, &(0x7f00000028c0)={0x2020}, 0x2020)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x69}}]}, &(0x7f0000000300)='GPL\x00', 0x8, 0xff7, &(0x7f0000001e00)=""/4087}, 0x94)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x19, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xd761}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_idx={0x18, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @call={0x85, 0x0, 0x0, 0x37}, @call={0x85, 0x0, 0x0, 0x95}, @jmp={0x5, 0x1, 0xd, 0xb, 0x5, 0x0, 0xfffffffffffffff0}, @jmp={0x5, 0x0, 0x3, 0x6, 0x6, 0x40, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0x2, 0x82, &(0x7f0000000280)=""/130, 0x40f00, 0x1, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000340)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x3, 0x414a, 0xffff}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000440)=[r7, r8], &(0x7f0000000480)=[{0x4, 0x1, 0x0, 0x7}, {0x4, 0x1, 0x4, 0x8}, {0x2, 0x4, 0x1, 0x5}, {0x3, 0x3, 0x2, 0x5}, {0x2, 0x3, 0xc, 0x5}, {0x1, 0x5, 0x6, 0x3}, {0x0, 0x5, 0x5, 0xa}, {0x2, 0x4, 0x4, 0x5}, {0x1, 0x3, 0x9}, {0x3, 0x5, 0x9, 0x4}], 0x10, 0x6}, 0x94)

932.298873ms ago: executing program 0 (id=1326):
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x1, {0x60, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff, 0x2}, {0x5}}}, 0x24}}, 0x44004)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000300))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.current\x00', 0xf000, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = io_uring_setup(0x115d, &(0x7f0000000440)={0x0, 0xdd3a, 0x80, 0x3, 0x117, 0x0, r2})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000640)=[{0x0}], 0x178)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff02000000711069000322000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94)
r5 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/smackfs/access\x00', 0x2, 0x0)
write$smackfs_access(r5, 0x0, 0xf)
io_uring_register$IORING_REGISTER_FILES(r4, 0x1e, &(0x7f0000000000)=[r4], 0x1)

254.213078ms ago: executing program 2 (id=1327):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x7, 0x0, 0x5, 0x1000, 0xe96})
syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x80080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, <r0=>0x0}, 0x2020)
setreuid(r0, 0xee01)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x1e01)

252.634404ms ago: executing program 0 (id=1328):
socket$inet_udp(0x2, 0x2, 0x0) (async)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
quotactl_fd$Q_SYNC(r0, 0xffffffff80000100, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x43400)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
r2 = socket$inet6(0xa, 0x3, 0x7)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) (async)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x20044014) (async)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
getpid() (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0xc00, 0xa, 0x0, 0x20}, {0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x4, 0xffffffff}, {0x0, 0x0, 0x0, 0x64b}, 0x0, 0x6e6bb9, 0x1, 0x0, 0x2}, {{@in=@local, 0xfffffffc, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x39}, 0x0, 0x0, 0x2, 0x7, 0x1200}}, 0xe8) (async)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r4, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) (async)
ftruncate(r4, 0x81ff)
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{0xfffffffc, 0x0, 0x0, 0x3, 0x64, 0x81, 0x0, 0x20, 0x3}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x61, 0xfd, 0x0, 0x0, 0x0, 0x42}, {0x200003, 0xa, 0x20, 0x80, 0x40, 0x0, 0x5f, 0x1, 0x2, 0x2, 0x0, 0x0, 0xfffffffffffffffd}], 0x1ffffff})
r6 = socket$key(0xf, 0x3, 0x2) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r6, &(0x7f0000000180), 0x3ef, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50)

105.591177ms ago: executing program 2 (id=1329):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prlimit64(0x0, 0x8, 0x0, 0x0)
open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='fscache_cache\x00', r1, 0x0, 0x8}, 0x18)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}], [], 0x6b}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0xfffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x9f1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6], [0x2, 0x0, 0x0, 0xffffbffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55], [0x0, 0x0, 0x0, 0x0, 0x0, 0xbd8f, 0x0, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10001, 0x810, 0x0, 0x0, 0x0, 0x800000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x2000000], [0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x8f4]}, 0x45c)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r6, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=@newtaction={0x98, 0x30, 0xb, 0x5, 0x0, {}, [{0x84, 0x1, [@m_ct={0x80, 0x1, 0x0, 0x0, {{0x7}, {0x58, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}}, @TCA_CT_LABELS={0x14, 0x7, "e142a1dc6b3a3dd0aaeb9317676b63d2"}, @TCA_CT_MARK={0x8, 0x5, 0x9}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e24}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xa, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x1}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44010}, 0x0)

0s ago: executing program 4 (id=1330):
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f36f0c7eb2700d609bcf41076d88144448ebe7994dd1b33d7c8787734cc315672f62261ceeede940774fd94d2767288cfb3a20882449d601ff878eedd3d57c9eb3a723b62102bd534c8a304a975d752e82cc8d5f969771c94a1d69cfd8694e29b9468fca5df65ece31ed7c209325604001fcd06adc3ac391f60a3523d6d0b4a8a"], 0x310)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20d6, 0xcb17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

kernel console output (not intermixed with test programs):

1 start 1601398130 is beyond EOD, truncated
[  369.757068][ T9283] loop2: p2 start 1702059890 is beyond EOD, truncated
[  369.828225][ T5893] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  369.853574][ T5942] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  369.880793][ T5942] usb 2-1: config 1 interface 0 has no altsetting 1
[  369.897796][ T5942] usb 2-1: New USB device found, idVendor=0536, idProduct=a4a8, bcdDevice= 0.40
[  369.907210][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.922885][ T9288] netlink: 100 bytes leftover after parsing attributes in process `syz.4.882'.
[  369.926309][ T5942] usb 2-1: Product: syz
[  369.942305][ T5942] usb 2-1: Manufacturer: syz
[  369.947166][ T5942] usb 2-1: SerialNumber: syz
[  369.999217][ T5893] usb 1-1: Using ep0 maxpacket: 32
[  370.016568][ T5893] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  370.037312][ T5893] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  370.055337][ T5893] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  370.192923][ T5995] kernel write not supported for file bpf-prog (pid: 5995 comm: kworker/1:9)
[  370.220957][ T9278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.234517][ T5893] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  370.243850][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  370.253562][ T5893] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  370.263254][ T5893] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  370.276518][ T5893] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  370.285737][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.290265][ T9278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.309823][ T5893] usb 1-1: config 0 descriptor??
[  370.407985][ T9295] netlink: 16 bytes leftover after parsing attributes in process `syz.2.881'.
[  370.545406][ T9280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.558266][ T9280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.814374][ T5995] usb 1-1: USB disconnect, device number 27
[  370.972286][   T43] usb 2-1: USB disconnect, device number 26
[  370.997417][ T9297] batman_adv: batadv0: Removing interface: team0
[  371.104636][ T9300] netlink: 388 bytes leftover after parsing attributes in process `syz.4.885'.
[  371.109192][ T9297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.415083][ T9297] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.596778][ T9297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.612137][ T9297] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.899075][   T43] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  371.969334][   T24] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  372.032958][ T9316] sctp: [Deprecated]: syz.0.890 (pid 9316) Use of int in max_burst socket option deprecated.
[  372.032958][ T9316] Use struct sctp_assoc_value instead
[  372.087803][   T43] usb 2-1: Using ep0 maxpacket: 32
[  372.108184][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  372.225622][   T24] usb 5-1: Using ep0 maxpacket: 8
[  372.237680][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  372.332658][   T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  372.357968][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  372.376493][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.385109][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  372.405888][   T24] usb 5-1: Product: syz
[  372.423326][   T24] usb 5-1: Manufacturer: syz
[  372.493807][   T43] usb 2-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  372.509533][   T24] usb 5-1: SerialNumber: syz
[  372.548173][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.619104][   T24] usb 5-1: config 0 descriptor??
[  372.643281][   T43] usb 2-1: Product: syz
[  372.681486][   T43] usb 2-1: Manufacturer: syz
[  372.702255][   T43] usb 2-1: SerialNumber: syz
[  372.733059][   T43] usb 2-1: config 0 descriptor??
[  372.744450][   T43] cypress_m8 2-1:0.0: HID->COM RS232 Adapter converter detected
[  372.786791][   T43] cyphidcom ttyUSB0: required endpoint is missing
[  372.883848][   T24] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  373.438722][ T9330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.788207][ T5893] usb 2-1: USB disconnect, device number 27
[  374.448119][   T24] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  374.839451][ T9330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.214788][ T5893] cypress_m8 2-1:0.0: device disconnected
[  375.251791][ T5896] libceph: connect (1)[c::]:6789 error -101
[  375.258148][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  375.324105][ T9339] ceph: No mds server is up or the cluster is laggy
[  375.344119][    T9] usb 5-1: USB disconnect, device number 29
[  376.621571][ T9374] 9pnet_fd: Insufficient options for proto=fd
[  377.159773][ T9374] siw: device registration error -23
[  377.432692][ T5896] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  377.667295][ T5896] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  377.721036][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  377.727915][ T5896] usb 4-1: config 0 has no interfaces?
[  377.734112][ T5896] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  377.911658][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.944560][ T5896] usb 4-1: config 0 descriptor??
[  378.328711][    T9] usb 3-1: Using ep0 maxpacket: 32
[  378.335922][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  378.363238][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  378.387895][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  378.399408][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  378.428053][    T9] usb 3-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  378.446068][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.475808][    T9] usb 3-1: Product: syz
[  378.489638][    T9] usb 3-1: Manufacturer: syz
[  378.494264][    T9] usb 3-1: SerialNumber: syz
[  378.549742][    T9] usb 3-1: config 0 descriptor??
[  378.577695][    T9] cypress_m8 3-1:0.0: HID->COM RS232 Adapter converter detected
[  378.619360][ T9385] syz.3.908(9385): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  378.644210][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.651000][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  378.654664][    T9] cyphidcom ttyUSB0: required endpoint is missing
[  378.788142][   T43] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  378.864691][    T9] usb 3-1: USB disconnect, device number 29
[  378.972510][   T43] usb 2-1: Using ep0 maxpacket: 16
[  378.975347][    T9] cypress_m8 3-1:0.0: device disconnected
[  379.063983][   T43] usb 2-1: too many endpoints for config 0 interface 0 altsetting 6: 65, using maximum allowed: 30
[  379.161048][   T43] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.193287][   T43] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  379.222703][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[  379.252285][   T43] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.40
[  379.296037][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.338973][   T43] usb 2-1: config 0 descriptor??
[  379.363387][ T9404] overlay: ./file0 is not a directory
[  379.580276][ T9398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.592204][ T9398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.675063][ T9409] overlayfs: failed to resolve './file1': -2
[  379.898090][   T43] kye 0003:0458:5013.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  379.960258][   T43] kye 0003:0458:5013.0007: unknown main item tag 0x0
[  380.007892][   T43] kye 0003:0458:5013.0007: unknown main item tag 0x0
[  380.030544][   T43] kye 0003:0458:5013.0007: unknown main item tag 0x0
[  380.060796][ T9424] syz_tun: entered allmulticast mode
[  380.076026][   T43] kye 0003:0458:5013.0007: hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0
[  380.090476][ T9424] syz_tun: left allmulticast mode
[  380.094586][   T43] kye 0003:0458:5013.0007: tablet-enabling feature report not found
[  380.106461][   T43] kye 0003:0458:5013.0007: tablet enabling failed
[  380.135594][   T43] usb 2-1: USB disconnect, device number 28
[  380.600655][    T9] usb 4-1: USB disconnect, device number 19
[  381.273365][ T9425] fido_id[9425]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  381.708663][ T9446] netlink: 'syz.2.926': attribute type 1 has an invalid length.
[  381.812345][   T43] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  381.875481][ T9448] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  381.922388][ T9448] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  381.964203][ T9453] 9pnet_fd: Insufficient options for proto=fd
[  381.978021][   T43] usb 2-1: Using ep0 maxpacket: 8
[  381.981081][ T9448] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  381.994878][   T43] usb 2-1: unable to get BOS descriptor or descriptor too short
[  382.012923][ T9453] siw: device registration error -23
[  382.036651][ T9448] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  382.038048][   T43] usb 2-1: config 2 has an invalid interface number: 86 but max is 0
[  382.091277][   T43] usb 2-1: config 2 has no interface number 0
[  382.102328][ T9448] bond1: (slave geneve2): making interface the new active one
[  382.124288][ T9448] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  382.145806][   T43] usb 2-1: config 2 interface 86 has no altsetting 0
[  382.167058][   T43] usb 2-1: New USB device found, idVendor=0421, idProduct=02e3, bcdDevice=4a.cb
[  382.176708][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.186430][   T43] usb 2-1: Product: syz
[  382.191025][   T43] usb 2-1: Manufacturer: syz
[  382.195720][   T43] usb 2-1: SerialNumber: syz
[  382.327973][ T5893] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  382.428265][   T43] usb 2-1: bad CDC descriptors
[  382.444024][   T43] cdc_acm 2-1:2.86: Zero length descriptor references
[  382.451378][   T43] cdc_acm 2-1:2.86: probe with driver cdc_acm failed with error -22
[  382.491118][   T43] usb 2-1: USB disconnect, device number 29
[  382.523108][ T5893] usb 5-1: not running at top speed; connect to a high speed hub
[  382.535303][ T5893] usb 5-1: config 10 has an invalid interface number: 205 but max is 0
[  382.560942][ T5893] usb 5-1: config 10 has no interface number 0
[  382.576104][ T5893] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=8e.2a
[  382.590741][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.608725][ T5893] usb 5-1: Product: syz
[  382.612915][ T5893] usb 5-1: Manufacturer: syz
[  382.617513][ T5893] usb 5-1: SerialNumber: syz
[  382.808547][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  382.968048][   T24] usb 4-1: Using ep0 maxpacket: 32
[  382.980548][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[  382.993403][   T24] usb 4-1: config 4 has an invalid interface number: 239 but max is 0
[  383.010977][   T24] usb 4-1: config 4 has no interface number 0
[  383.027376][   T24] usb 4-1: string descriptor 0 read error: -22
[  383.044074][   T24] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=48.59
[  383.066291][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.068090][ T5916] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  383.090755][ T9462] XFS (nullb0): Invalid superblock magic number
[  383.106023][   T24] usb 4-1: MBOX3: Invalid descriptor size=18.
[  383.300165][ T5916] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  383.327628][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  383.344148][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  383.358119][ T5916] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  383.369323][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.391580][ T5916] usb 3-1: Product: syz
[  383.395814][ T5916] usb 3-1: Manufacturer: syz
[  383.410756][ T5916] usb 3-1: SerialNumber: syz
[  383.440476][ T5916] usb 3-1: config 0 descriptor??
[  383.466001][ T5916] port100 3-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  383.597967][ T5893] usb 5-1: USB disconnect, device number 30
[  383.665593][ T9460] netlink: 'syz.2.931': attribute type 1 has an invalid length.
[  383.699580][    T9] usb 4-1: USB disconnect, device number 20
[  383.723764][ T9485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.866110][ T9485] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.895712][ T9460] 8021q: adding VLAN 0 to HW filter on device bond2
[  383.960183][ T9489] netlink: 'syz.1.936': attribute type 10 has an invalid length.
[  384.502704][   T43] usb 3-1: USB disconnect, device number 30
[  384.883336][ T9497] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[  386.941030][ T9512] 9pnet_fd: Insufficient options for proto=fd
[  386.948086][ T9512] siw: device registration error -23
[  387.021568][   T43] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  387.347948][   T43] usb 3-1: device descriptor read/64, error -71
[  388.440167][   T43] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  388.563685][ T9536] netlink: 'syz.1.948': attribute type 10 has an invalid length.
[  388.578138][   T43] usb 3-1: device descriptor read/64, error -71
[  388.753573][   T43] usb usb3-port1: attempt power cycle
[  389.379360][ T9544] netlink: 16 bytes leftover after parsing attributes in process `syz.1.951'.
[  389.538929][ T9549] netlink: 12 bytes leftover after parsing attributes in process `syz.4.954'.
[  389.548238][ T9544] netlink: 40 bytes leftover after parsing attributes in process `syz.1.951'.
[  390.420399][ T9544] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  390.600011][ T9557] 9pnet_fd: Insufficient options for proto=fd
[  390.615143][ T9557] siw: device registration error -23
[  391.206081][ T9566] netlink: 'syz.0.956': attribute type 10 has an invalid length.
[  391.217233][ T9566] hsr0: entered promiscuous mode
[  391.314559][ T9566] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  391.326566][ T9566] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  391.339293][ T9566] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  391.777316][ T9573] netlink: 'syz.2.960': attribute type 1 has an invalid length.
[  391.882781][ T9577] netlink: 52 bytes leftover after parsing attributes in process `syz.1.962'.
[  391.892879][ T9573] bond3: entered promiscuous mode
[  391.922014][ T9573] 8021q: adding VLAN 0 to HW filter on device bond3
[  391.991493][ T9579] 8021q: adding VLAN 0 to HW filter on device bond3
[  392.001794][ T9579] bond3: (slave vcan0): The slave device specified does not support setting the MAC address
[  392.011933][ T9579] bond3: (slave vcan0): Setting fail_over_mac to active for active-backup mode
[  392.079933][ T9585] netlink: 'syz.4.961': attribute type 10 has an invalid length.
[  392.638697][ T9579] bond3: (slave vcan0): making interface the new active one
[  392.656343][ T9579] vcan0: entered promiscuous mode
[  392.664263][ T9579] bond3: (slave vcan0): Enslaving as an active interface with an up link
[  393.284752][ T9604] 9pnet_fd: Insufficient options for proto=fd
[  393.291426][ T9604] siw: device registration error -23
[  394.847551][   T43] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  394.971868][ T9641] netlink: 'syz.3.977': attribute type 10 has an invalid length.
[  395.028273][   T43] usb 3-1: Using ep0 maxpacket: 32
[  395.493317][   T43] usb 3-1: config 2 has an invalid interface number: 134 but max is 0
[  395.504363][   T43] usb 3-1: config 2 has no interface number 0
[  395.518252][   T43] usb 3-1: config 2 interface 134 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024
[  395.530780][   T43] usb 3-1: config 2 interface 134 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023
[  395.545377][   T43] usb 3-1: New USB device found, idVendor=0403, idProduct=a548, bcdDevice=b1.fa
[  395.555030][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.635538][   T43] usb 3-1: Product: syz
[  395.640121][   T43] usb 3-1: Manufacturer: syz
[  395.644735][   T43] usb 3-1: SerialNumber: syz
[  395.654444][ T9622] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  395.674373][ T9622] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  395.684211][   T43] ftdi_sio 3-1:2.134: FTDI USB Serial Device converter detected
[  395.695914][   T43] ftdi_sio ttyUSB0: unknown device type: 0xb1fa
[  395.891291][   T43] usb 3-1: USB disconnect, device number 34
[  395.912795][   T43] ftdi_sio 3-1:2.134: device disconnected
[  395.979375][ T9655] FAULT_INJECTION: forcing a failure.
[  395.979375][ T9655] name failslab, interval 1, probability 0, space 0, times 0
[  396.034053][ T9655] CPU: 1 UID: 0 PID: 9655 Comm: syz.1.981 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  396.034080][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  396.034091][ T9655] Call Trace:
[  396.034098][ T9655]  <TASK>
[  396.034106][ T9655]  dump_stack_lvl+0x189/0x250
[  396.034130][ T9655]  ? __pfx____ratelimit+0x10/0x10
[  396.034154][ T9655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.034172][ T9655]  ? __pfx__printk+0x10/0x10
[  396.034195][ T9655]  ? __pfx___might_resched+0x10/0x10
[  396.034213][ T9655]  ? fs_reclaim_acquire+0x7d/0x100
[  396.034235][ T9655]  should_fail_ex+0x414/0x560
[  396.034264][ T9655]  should_failslab+0xa8/0x100
[  396.034288][ T9655]  __kmalloc_noprof+0xcb/0x4f0
[  396.034309][ T9655]  ? tomoyo_encode+0x28b/0x550
[  396.034331][ T9655]  tomoyo_encode+0x28b/0x550
[  396.034354][ T9655]  tomoyo_realpath_from_path+0x58d/0x5d0
[  396.034373][ T9655]  ? tomoyo_domain+0xda/0x130
[  396.034396][ T9655]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  396.034419][ T9655]  tomoyo_path_number_perm+0x1e8/0x5a0
[  396.034445][ T9655]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  396.034484][ T9655]  ? __lock_acquire+0xab9/0xd20
[  396.034521][ T9655]  ? __fget_files+0x2a/0x420
[  396.034540][ T9655]  ? __fget_files+0x2a/0x420
[  396.034554][ T9655]  ? __fget_files+0x3a0/0x420
[  396.034568][ T9655]  ? __fget_files+0x2a/0x420
[  396.034587][ T9655]  security_file_ioctl+0xcb/0x2d0
[  396.034612][ T9655]  __se_sys_ioctl+0x47/0x170
[  396.034636][ T9655]  do_syscall_64+0xfa/0x3b0
[  396.034651][ T9655]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.034673][ T9655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.034689][ T9655]  ? clear_bhb_loop+0x60/0xb0
[  396.034710][ T9655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.034726][ T9655] RIP: 0033:0x7f7c96b8e929
[  396.034746][ T9655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.034760][ T9655] RSP: 002b:00007f7c97974038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  396.034780][ T9655] RAX: ffffffffffffffda RBX: 00007f7c96db6160 RCX: 00007f7c96b8e929
[  396.034792][ T9655] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  396.034803][ T9655] RBP: 00007f7c97974090 R08: 0000000000000000 R09: 0000000000000000
[  396.034813][ T9655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.034823][ T9655] R13: 0000000000000001 R14: 00007f7c96db6160 R15: 00007ffd29811368
[  396.034851][ T9655]  </TASK>
[  396.035269][ T9655] ERROR: Out of memory at tomoyo_realpath_from_path.
[  397.026560][ T9666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.986'.
[  397.128039][ T9672] netlink: 20 bytes leftover after parsing attributes in process `syz.1.986'.
[  397.212050][ T9680] program syz.0.989 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  397.738914][    T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  397.947997][    T9] usb 2-1: device descriptor read/64, error -71
[  397.982850][   T43] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  398.103932][ T9690] netlink: 'syz.2.990': attribute type 10 has an invalid length.
[  398.115871][ T5896] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  398.137990][   T43] usb 4-1: Using ep0 maxpacket: 16
[  398.178407][   T43] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  398.188939][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.197114][   T43] usb 4-1: Product: syz
[  398.206287][   T43] usb 4-1: Manufacturer: syz
[  398.213427][   T43] usb 4-1: SerialNumber: syz
[  398.308164][ T5896] usb 5-1: Using ep0 maxpacket: 8
[  398.328524][   T43] usb 4-1: config 0 descriptor??
[  398.467884][ T5896] usb 5-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  398.498350][ T5896] usb 5-1: config 1 interface 0 has no altsetting 0
[  398.514309][ T5896] usb 5-1: New USB device found, idVendor=22ed, idProduct=1010, bcdDevice= 0.40
[  398.532249][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.541206][ T5896] usb 5-1: Product: syz
[  398.545495][ T5896] usb 5-1: Manufacturer: ⍄༁ݔὐ詸㲹갦麵귖힮䋋香ஓᔍ❞㪿Nj綟ꎬ蚴釪뀝⾺튙⍇揤䔹䭤グ
[  398.559292][ T5896] usb 5-1: SerialNumber: syz
[  398.608196][    T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  398.648759][   T43] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  398.672289][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  398.833155][ T9669] netlink: 100 bytes leftover after parsing attributes in process `syz.4.988'.
[  398.857010][   T43] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  398.866634][   T43] usb 4-1: media controller created
[  398.878140][    T9] usb 2-1: device descriptor read/64, error -71
[  399.019740][    T9] usb usb2-port1: attempt power cycle
[  399.449361][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  399.503666][ T9698] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  399.549322][    T9] usb 2-1: device descriptor read/8, error -71
[  399.647132][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  399.714412][   T43] zl10353_read_register: readreg error (reg=127, ret==0)
[  399.736263][   T43] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  399.765902][   T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  399.838108][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  399.972289][   T43] usb 4-1: USB disconnect, device number 21
[  400.039851][    T9] usb 2-1: device descriptor read/8, error -71
[  400.708154][    T9] usb usb2-port1: unable to enumerate USB device
[  400.879957][   T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  400.915148][ T5896] usbhid 5-1:1.0: can't add hid device: -71
[  400.938885][ T5896] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  400.984470][ T5896] usb 5-1: USB disconnect, device number 31
[  401.147634][ T9724] FAULT_INJECTION: forcing a failure.
[  401.147634][ T9724] name failslab, interval 1, probability 0, space 0, times 0
[  401.273369][    T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  401.398230][ T9724] CPU: 0 UID: 0 PID: 9724 Comm: syz.3.998 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  401.398257][ T9724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  401.398267][ T9724] Call Trace:
[  401.398274][ T9724]  <TASK>
[  401.398282][ T9724]  dump_stack_lvl+0x189/0x250
[  401.398306][ T9724]  ? __pfx____ratelimit+0x10/0x10
[  401.398329][ T9724]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.398347][ T9724]  ? __pfx__printk+0x10/0x10
[  401.398374][ T9724]  ? __pfx___might_resched+0x10/0x10
[  401.398391][ T9724]  ? fs_reclaim_acquire+0x7d/0x100
[  401.398413][ T9724]  should_fail_ex+0x414/0x560
[  401.398441][ T9724]  should_failslab+0xa8/0x100
[  401.398466][ T9724]  __kmalloc_cache_noprof+0x70/0x3d0
[  401.398488][ T9724]  ? vhost_task_create+0xf6/0x290
[  401.398518][ T9724]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  401.398542][ T9724]  vhost_task_create+0xf6/0x290
[  401.398563][ T9724]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  401.398589][ T9724]  ? __pfx_vhost_task_create+0x10/0x10
[  401.398618][ T9724]  ? __pfx_vhost_task_fn+0x10/0x10
[  401.398650][ T9724]  ? kasan_save_track+0x4f/0x80
[  401.398668][ T9724]  ? kasan_save_track+0x3e/0x80
[  401.398694][ T9724]  kvm_mmu_post_init_vm+0x147/0x2b0
[  401.398715][ T9724]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  401.398744][ T9724]  ? __mutex_trylock_common+0x153/0x260
[  401.398767][ T9724]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  401.398792][ T9724]  ? rcu_is_watching+0x15/0xb0
[  401.398810][ T9724]  ? look_up_lock_class+0x74/0x170
[  401.398835][ T9724]  ? register_lock_class+0x51/0x320
[  401.398857][ T9724]  ? __lock_acquire+0xab9/0xd20
[  401.398903][ T9724]  kvm_vcpu_ioctl+0x95c/0xe90
[  401.398931][ T9724]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  401.398947][ T9724]  ? __lock_acquire+0xab9/0xd20
[  401.398967][ T9724]  ? __asan_memset+0x22/0x50
[  401.398985][ T9724]  ? smack_file_ioctl+0x302/0x340
[  401.399009][ T9724]  ? __pfx_smack_file_ioctl+0x10/0x10
[  401.399041][ T9724]  ? __fget_files+0x2a/0x420
[  401.399056][ T9724]  ? __fget_files+0x3a0/0x420
[  401.399069][ T9724]  ? __fget_files+0x2a/0x420
[  401.399089][ T9724]  ? bpf_lsm_file_ioctl+0x9/0x20
[  401.399103][ T9724]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  401.399123][ T9724]  __se_sys_ioctl+0xf9/0x170
[  401.399145][ T9724]  do_syscall_64+0xfa/0x3b0
[  401.399164][ T9724]  ? lockdep_hardirqs_on+0x9c/0x150
[  401.399186][ T9724]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.399202][ T9724]  ? clear_bhb_loop+0x60/0xb0
[  401.399222][ T9724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.399238][ T9724] RIP: 0033:0x7f3fa078e929
[  401.399252][ T9724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.399267][ T9724] RSP: 002b:00007f3f9e5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  401.399285][ T9724] RAX: ffffffffffffffda RBX: 00007f3fa09b6080 RCX: 00007f3fa078e929
[  401.399298][ T9724] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  401.399308][ T9724] RBP: 00007f3f9e5f6090 R08: 0000000000000000 R09: 0000000000000000
[  401.399318][ T9724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.399328][ T9724] R13: 0000000000000001 R14: 00007f3fa09b6080 R15: 00007ffc7d9fd928
[  401.399357][ T9724]  </TASK>
[  401.926212][    T9] usb 2-1: device descriptor read/64, error -71
[  402.440966][ T9730] i2c i2c-0: Invalid block write size 35
[  402.544964][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  402.936208][    T9] usb 2-1: device descriptor read/64, error -71
[  403.069067][    T9] usb usb2-port1: attempt power cycle
[  403.599838][ T9747] netlink: 'syz.3.1003': attribute type 10 has an invalid length.
[  403.868092][    T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  404.026977][    T9] usb 2-1: device descriptor read/8, error -71
[  404.121513][ T5916] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  404.298438][ T5916] usb 1-1: Using ep0 maxpacket: 8
[  404.338904][   T43] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  404.377057][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.468306][ T5916] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 10
[  404.547926][   T43] usb 4-1: Using ep0 maxpacket: 32
[  404.555980][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  404.594233][ T9765] netlink: 'syz.4.1006': attribute type 11 has an invalid length.
[  404.602219][ T9765] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1006'.
[  404.660066][   T43] usb 4-1: config 0 has an invalid interface number: 82 but max is 1
[  404.710923][   T43] usb 4-1: config 0 has an invalid interface number: 159 but max is 1
[  404.794672][ T5916] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  404.810327][ T5916] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.819637][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.829686][ T5916] usb 1-1: Product: syz
[  404.833877][ T5916] usb 1-1: Manufacturer: syz
[  404.839770][ T5916] usb 1-1: SerialNumber: syz
[  404.847281][ T5916] usb 1-1: config 0 descriptor??
[  404.978108][   T43] usb 4-1: config 0 has no interface number 0
[  404.984414][   T43] usb 4-1: config 0 has no interface number 1
[  404.991696][   T43] usb 4-1: config 0 interface 82 has no altsetting 0
[  405.003600][   T43] usb 4-1: config 0 interface 159 has no altsetting 0
[  405.008376][ T5916] cdc_ncm 1-1:0.0: CDC Union missing and no IAD found
[  405.019680][   T43] usb 4-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=b2.1d
[  405.020496][ T5916] cdc_ncm 1-1:0.0: bind() failure
[  405.048096][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.056103][   T43] usb 4-1: Product: syz
[  405.131245][   T43] usb 4-1: Manufacturer: syz
[  405.137942][   T43] usb 4-1: SerialNumber: syz
[  405.154637][   T43] usb 4-1: config 0 descriptor??
[  405.169498][ T5896] usb 1-1: USB disconnect, device number 28
[  405.221592][ T9774] FAULT_INJECTION: forcing a failure.
[  405.221592][ T9774] name failslab, interval 1, probability 0, space 0, times 0
[  405.261927][ T9774] CPU: 0 UID: 0 PID: 9774 Comm: syz.1.1011 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  405.261954][ T9774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  405.261964][ T9774] Call Trace:
[  405.261971][ T9774]  <TASK>
[  405.261979][ T9774]  dump_stack_lvl+0x189/0x250
[  405.262002][ T9774]  ? __pfx____ratelimit+0x10/0x10
[  405.262027][ T9774]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.262044][ T9774]  ? __pfx__printk+0x10/0x10
[  405.262067][ T9774]  ? __pfx___might_resched+0x10/0x10
[  405.262085][ T9774]  ? fs_reclaim_acquire+0x7d/0x100
[  405.262107][ T9774]  should_fail_ex+0x414/0x560
[  405.262135][ T9774]  should_failslab+0xa8/0x100
[  405.262160][ T9774]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  405.262184][ T9774]  ? dup_task_struct+0x52/0x860
[  405.262207][ T9774]  dup_task_struct+0x52/0x860
[  405.262225][ T9774]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.262250][ T9774]  copy_process+0x544/0x3b80
[  405.262295][ T9774]  ? __pfx_copy_process+0x10/0x10
[  405.262325][ T9774]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  405.262349][ T9774]  vhost_task_create+0x1c4/0x290
[  405.262369][ T9774]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  405.262393][ T9774]  ? __pfx_vhost_task_create+0x10/0x10
[  405.262421][ T9774]  ? __pfx_vhost_task_fn+0x10/0x10
[  405.262452][ T9774]  ? kasan_save_track+0x4f/0x80
[  405.262471][ T9774]  ? kasan_save_track+0x3e/0x80
[  405.262496][ T9774]  kvm_mmu_post_init_vm+0x147/0x2b0
[  405.262518][ T9774]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  405.262551][ T9774]  ? __mutex_trylock_common+0x153/0x260
[  405.262572][ T9774]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  405.262596][ T9774]  ? rcu_is_watching+0x15/0xb0
[  405.262613][ T9774]  ? look_up_lock_class+0x74/0x170
[  405.262637][ T9774]  ? register_lock_class+0x51/0x320
[  405.262657][ T9774]  ? __lock_acquire+0xab9/0xd20
[  405.262702][ T9774]  kvm_vcpu_ioctl+0x95c/0xe90
[  405.262727][ T9774]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  405.262744][ T9774]  ? __lock_acquire+0xab9/0xd20
[  405.262763][ T9774]  ? __asan_memset+0x22/0x50
[  405.262781][ T9774]  ? smack_file_ioctl+0x302/0x340
[  405.262804][ T9774]  ? __pfx_smack_file_ioctl+0x10/0x10
[  405.262835][ T9774]  ? __fget_files+0x2a/0x420
[  405.262850][ T9774]  ? __fget_files+0x3a0/0x420
[  405.262864][ T9774]  ? __fget_files+0x2a/0x420
[  405.262882][ T9774]  ? bpf_lsm_file_ioctl+0x9/0x20
[  405.262897][ T9774]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  405.262924][ T9774]  __se_sys_ioctl+0xf9/0x170
[  405.262946][ T9774]  do_syscall_64+0xfa/0x3b0
[  405.262960][ T9774]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.262981][ T9774]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.262997][ T9774]  ? clear_bhb_loop+0x60/0xb0
[  405.263017][ T9774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.263033][ T9774] RIP: 0033:0x7f7c96b8e929
[  405.263049][ T9774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.263063][ T9774] RSP: 002b:00007f7c97995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  405.263082][ T9774] RAX: ffffffffffffffda RBX: 00007f7c96db6080 RCX: 00007f7c96b8e929
[  405.263094][ T9774] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  405.263103][ T9774] RBP: 00007f7c97995090 R08: 0000000000000000 R09: 0000000000000000
[  405.263113][ T9774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.263123][ T9774] R13: 0000000000000000 R14: 00007f7c96db6080 R15: 00007ffd29811368
[  405.263152][ T9774]  </TASK>
[  405.697917][ T5942] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  405.776230][   T43] usb 4-1: USB disconnect, device number 22
[  405.902231][ T5942] usb 5-1: Using ep0 maxpacket: 32
[  405.984490][ T5942] usb 5-1: config 0 interface 0 has no altsetting 0
[  406.133894][ T5942] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  406.349926][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.523107][ T5942] usb 5-1: Product: syz
[  406.527323][ T5942] usb 5-1: Manufacturer: syz
[  406.565123][ T5942] usb 5-1: SerialNumber: syz
[  406.571571][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.159/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  407.195708][ T5942] usb 5-1: config 0 descriptor??
[  407.796980][ T9808] netlink: 'syz.3.1017': attribute type 10 has an invalid length.
[  408.445574][ T5942] gs_usb 5-1:0.0: Configuring for 163 interfaces
[  408.462209][ T5942] gs_usb 5-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  408.597181][ T5942] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22
[  408.609783][ T5942] usb 5-1: USB disconnect, device number 32
[  408.985911][ T9822] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  408.992675][ T9822] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  409.001239][ T9822] vhci_hcd vhci_hcd.0: Device attached
[  409.068035][    T9] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  409.388757][ T9823] vhci_hcd: connection closed
[  409.395979][   T49] vhci_hcd: stop threads
[  409.468800][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  409.484882][   T49] vhci_hcd: release socket
[  409.532370][   T49] vhci_hcd: disconnect device
[  409.600095][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  409.707650][    T9] usb 4-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[  409.816529][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.109057][    T9] usb 4-1: config 0 descriptor??
[  410.595514][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  410.628173][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  410.753012][    T9] usb 4-1: USB disconnect, device number 23
[  410.926075][ T5896] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  411.096982][ T5896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  411.729832][ T9851] IPv6: NLM_F_CREATE should be specified when creating new route
[  411.755388][ T5896] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  411.769969][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.794919][ T5896] usb 5-1: config 0 descriptor??
[  411.801860][ T9836] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  412.329350][ T5896] hid-udraw 0003:20D6:CB17.0008: unknown main item tag 0x0
[  412.342100][ T5896] hid-udraw 0003:20D6:CB17.0008: item fetching failed at offset 3/5
[  412.361464][ T5896] hid-udraw 0003:20D6:CB17.0008: parse failed
[  412.367745][ T5896] hid-udraw 0003:20D6:CB17.0008: probe with driver hid-udraw failed with error -22
[  412.749508][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  412.923380][ T5896] usb 5-1: USB disconnect, device number 33
[  412.952821][ T9876] loop2: detected capacity change from 0 to 7
[  412.973011][ T9876] Dev loop2: unable to read RDB block 7
[  412.994022][ T9876]  loop2: AHDI p1 p2 p3
[  413.050362][ T9876] loop2: partition table partially beyond EOD, truncated
[  413.061959][ T9876] loop2: p1 start 1601398130 is beyond EOD, truncated
[  413.065739][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.071845][ T9876] loop2: p2 start 1702059890 is beyond EOD, truncated
[  413.089918][    T9] usb 3-1: config 0 has no interfaces?
[  413.101950][    T9] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  413.149476][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.163572][    T9] usb 3-1: config 0 descriptor??
[  413.390024][ T9873] 9pnet_fd: Insufficient options for proto=fd
[  413.401412][ T9873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.410218][ T9873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.147607][ T5942] usb 3-1: USB disconnect, device number 35
[  418.044230][ T5157] Bluetooth: hci4: command 0x0405 tx timeout
[  418.178812][ T9915] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  418.185625][ T9915] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  418.191883][ T9915] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  418.204927][ T9931] loop2: detected capacity change from 0 to 7
[  418.216785][ T5839] Dev loop2: unable to read RDB block 7
[  418.220030][ T9915] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  418.225454][ T5839]  loop2: AHDI p1 p2 p3
[  418.232679][ T5839] loop2: partition table partially beyond EOD, truncated
[  418.240309][ T5839] loop2: p1 start 1601398130 is beyond EOD, truncated
[  418.272867][ T5839] loop2: p2 start 1702059890 is beyond EOD, truncated
[  418.302830][ T9931] Dev loop2: unable to read RDB block 7
[  418.330906][ T9931]  loop2: AHDI p1 p2 p3
[  418.377573][ T9931] loop2: partition table partially beyond EOD, truncated
[  418.512979][ T9931] loop2: p1 start 1601398130 is beyond EOD, truncated
[  418.552909][ T9931] loop2: p2 start 1702059890 is beyond EOD, truncated
[  418.978762][ T5207] Dev loop2: unable to read RDB block 7
[  418.987377][ T5207]  loop2: AHDI p1 p2 p3
[  419.007290][ T5207] loop2: partition table partially beyond EOD, truncated
[  419.035032][ T5207] loop2: p1 start 1601398130 is beyond EOD, truncated
[  419.047895][ T5207] loop2: p2 start 1702059890 is beyond EOD, truncated
[  419.078680][ T9948] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  419.339677][ T9951] 9pnet_fd: Insufficient options for proto=fd
[  419.376219][ T9955] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1053'.
[  419.385328][ T9955] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1053'.
[  420.238068][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  420.238243][ T5841] Bluetooth: hci4: command 0x0405 tx timeout
[  420.244103][ T5844] Bluetooth: hci3: command 0x0406 tx timeout
[  420.250099][ T5157] Bluetooth: hci0: command 0x0406 tx timeout
[  420.727417][ T9994] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  420.739865][ T5942] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  420.898245][ T5942] usb 5-1: Using ep0 maxpacket: 16
[  420.927351][ T5942] usb 5-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.03
[  421.007145][T10001] netlink: 'syz.3.1057': attribute type 10 has an invalid length.
[  421.016816][T10001] netlink: 'syz.3.1057': attribute type 10 has an invalid length.
[  421.024731][T10001] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1057'.
[  421.034091][T10001] team0: entered promiscuous mode
[  421.039275][T10001] team_slave_0: entered promiscuous mode
[  421.045430][T10001] team_slave_1: entered promiscuous mode
[  421.054956][T10001] 8021q: adding VLAN 0 to HW filter on device team0
[  421.062234][T10001] batman_adv: batadv0: Interface activated: team0
[  421.069190][T10001] batman_adv: batadv0: Interface deactivated: team0
[  421.075878][T10001] batman_adv: batadv0: Removing interface: team0
[  421.544732][T10002] FAULT_INJECTION: forcing a failure.
[  421.544732][T10002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.618848][T10002] CPU: 1 UID: 0 PID: 10002 Comm: syz.0.1059 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  421.618881][T10002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.618891][T10002] Call Trace:
[  421.618900][T10002]  <TASK>
[  421.618908][T10002]  dump_stack_lvl+0x189/0x250
[  421.618932][T10002]  ? __pfx____ratelimit+0x10/0x10
[  421.618955][T10002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.618974][T10002]  ? __pfx__printk+0x10/0x10
[  421.618994][T10002]  ? __might_fault+0xb0/0x130
[  421.619028][T10002]  should_fail_ex+0x414/0x560
[  421.619055][T10002]  _copy_from_user+0x2d/0xb0
[  421.619074][T10002]  do_sock_getsockopt+0x1cd/0x650
[  421.619098][T10002]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  421.619117][T10002]  ? do_syscall_64+0x40/0x3b0
[  421.619132][T10002]  ? __fget_files+0x3a0/0x420
[  421.619147][T10002]  ? __fget_files+0x2a/0x420
[  421.619169][T10002]  __x64_sys_getsockopt+0x1a5/0x250
[  421.619188][T10002]  ? do_syscall_64+0x40/0x3b0
[  421.619205][T10002]  ? do_syscall_64+0x40/0x3b0
[  421.619223][T10002]  do_syscall_64+0xfa/0x3b0
[  421.619238][T10002]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.619260][T10002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.619281][T10002]  ? clear_bhb_loop+0x60/0xb0
[  421.619302][T10002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.619317][T10002] RIP: 0033:0x7f00d8d8e929
[  421.619334][T10002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.619348][T10002] RSP: 002b:00007f00d6bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  421.619367][T10002] RAX: ffffffffffffffda RBX: 00007f00d8fb6160 RCX: 00007f00d8d8e929
[  421.619379][T10002] RDX: 0000000000000002 RSI: 000000000000006b RDI: 0000000000000008
[  421.619390][T10002] RBP: 00007f00d6bb4090 R08: 0000200000000080 R09: 0000000000000000
[  421.619401][T10002] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  421.619412][T10002] R13: 0000000000000000 R14: 00007f00d8fb6160 R15: 00007ffc23ddcc18
[  421.619440][T10002]  </TASK>
[  421.620950][T10002] netlink: 'syz.0.1059': attribute type 10 has an invalid length.
[  421.681499][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  421.681525][ T5942] usb 5-1: SerialNumber: syz
[  421.719333][ T5942] usb 5-1: config 0 descriptor??
[  421.853138][T10000] netlink: 'syz.0.1059': attribute type 10 has an invalid length.
[  421.860993][T10000] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1059'.
[  421.889633][T10001] bridge0: port 3(team0) entered blocking state
[  421.896038][T10001] bridge0: port 3(team0) entered disabled state
[  421.902635][T10001] team0: entered allmulticast mode
[  421.907794][T10001] team_slave_0: entered allmulticast mode
[  421.913739][T10001] team_slave_1: entered allmulticast mode
[  421.923180][T10001] bridge0: port 3(team0) entered blocking state
[  421.929566][T10001] bridge0: port 3(team0) entered forwarding state
[  422.008174][T10000] team0: entered promiscuous mode
[  422.013267][T10000] team_slave_0: entered promiscuous mode
[  422.019243][T10000] team_slave_1: entered promiscuous mode
[  422.026075][T10000] 8021q: adding VLAN 0 to HW filter on device team0
[  422.034031][T10000] batman_adv: batadv0: Interface activated: team0
[  422.040522][T10000] batman_adv: batadv0: Interface deactivated: team0
[  422.047118][T10000] batman_adv: batadv0: Removing interface: team0
[  422.072453][T10000] bridge0: port 3(team0) entered blocking state
[  422.078851][T10000] bridge0: port 3(team0) entered disabled state
[  422.085198][T10000] team0: entered allmulticast mode
[  422.090454][T10000] team_slave_0: entered allmulticast mode
[  422.096168][T10000] team_slave_1: entered allmulticast mode
[  422.103509][T10000] bridge0: port 3(team0) entered blocking state
[  422.109888][T10000] bridge0: port 3(team0) entered forwarding state
[  422.872660][T10014] loop2: detected capacity change from 0 to 7
[  422.889811][T10014] Dev loop2: unable to read RDB block 7
[  422.899954][T10014]  loop2: AHDI p1 p2 p3
[  422.904177][T10014] loop2: partition table partially beyond EOD, truncated
[  422.913787][T10014] loop2: p1 start 1601398130 is beyond EOD, truncated
[  422.958999][T10014] loop2: p2 start 1702059890 is beyond EOD, truncated
[  423.018049][  T979] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  423.214085][T10020] 9pnet_fd: Insufficient options for proto=fd
[  423.868860][ T5942] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  423.880065][  T979] usb 1-1: Using ep0 maxpacket: 32
[  423.893346][  T979] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  423.909486][ T5942] usb 5-1: Detected SIO
[  423.913773][  T979] usb 1-1: config 0 has no interface number 0
[  423.929568][ T5942] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  423.941573][  T979] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  423.966007][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.990080][ T5942] usb 5-1: USB disconnect, device number 34
[  424.036291][  T979] usb 1-1: Product: syz
[  424.041540][ T5942] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  424.061283][  T979] usb 1-1: Manufacturer: syz
[  424.065913][  T979] usb 1-1: SerialNumber: syz
[  424.111290][ T5942] ftdi_sio 5-1:0.0: device disconnected
[  425.106972][  T979] usb 1-1: config 0 descriptor??
[  425.767891][T10028] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  425.935745][ T5916] libceph: connect (1)[c::]:6789 error -101
[  426.144657][  T979] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  426.172020][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  426.318222][  T979] usb 1-1: qt2_attach - failed to power on unit: -71
[  426.390368][  T979] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71
[  426.400140][T10032] ceph: No mds server is up or the cluster is laggy
[  426.422970][  T979] usb 1-1: USB disconnect, device number 29
[  426.501090][ T5942] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  426.658307][ T5942] usb 5-1: Using ep0 maxpacket: 8
[  426.695341][ T5942] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  426.725027][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.774040][ T5942] usb 5-1: Product: syz
[  426.788360][ T5942] usb 5-1: Manufacturer: syz
[  426.801584][ T5942] usb 5-1: SerialNumber: syz
[  426.952707][T10051] netlink: 'syz.2.1072': attribute type 10 has an invalid length.
[  427.839234][ T5942] usb 5-1: config 0 descriptor??
[  431.038754][ T5942] usb 5-1: can't set config #0, error -71
[  431.159509][ T5942] usb 5-1: USB disconnect, device number 35
[  431.924983][T10061] netlink: 'syz.4.1073': attribute type 10 has an invalid length.
[  431.938761][T10061] netlink: 'syz.4.1073': attribute type 10 has an invalid length.
[  431.946659][T10061] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1073'.
[  431.956342][T10061] team0: entered promiscuous mode
[  431.961507][T10061] team_slave_0: entered promiscuous mode
[  431.969357][T10061] team_slave_1: entered promiscuous mode
[  431.983791][T10061] 8021q: adding VLAN 0 to HW filter on device team0
[  431.992330][T10061] batman_adv: batadv0: Interface activated: team0
[  431.999157][T10061] batman_adv: batadv0: Interface deactivated: team0
[  432.005990][T10061] batman_adv: batadv0: Removing interface: team0
[  432.685991][T10061] bridge0: port 3(team0) entered blocking state
[  432.692369][T10061] bridge0: port 3(team0) entered disabled state
[  432.698751][T10061] team0: entered allmulticast mode
[  432.703856][T10061] team_slave_0: entered allmulticast mode
[  432.709603][T10061] team_slave_1: entered allmulticast mode
[  432.717054][T10061] bridge0: port 3(team0) entered blocking state
[  432.723380][T10061] bridge0: port 3(team0) entered forwarding state
[  435.671708][T10080] ceph: No mds server is up or the cluster is laggy
[  435.693625][T10088] 9pnet_fd: Insufficient options for proto=fd
[  435.754236][ T5942] libceph: connect (1)[c::]:6789 error -101
[  435.838635][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  437.233995][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  437.243387][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  437.257249][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  437.267250][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  437.287742][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  439.388918][ T5844] Bluetooth: hci5: command tx timeout
[  439.634045][ T9973] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.885026][T10126] Cannot find add_set index 0 as target
[  439.893730][T10126] program syz.4.1090 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  440.220144][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  440.226471][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  440.273333][T10100] lo speed is unknown, defaulting to 1000
[  440.942947][ T9973] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.468240][ T5844] Bluetooth: hci5: command tx timeout
[  441.843774][T10136] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  442.701421][ T9973] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.198066][T10100] chnl_net:caif_netlink_parms(): no params data found
[  443.352432][   T43] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  443.567376][T10170] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  443.567376][T10170] The task syz.2.1099 (10170) triggered the difference, watch for misbehavior.
[  443.628488][ T5844] Bluetooth: hci5: command tx timeout
[  443.710462][   T43] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  443.752706][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.081988][   T43] usb 5-1: config 0 descriptor??
[  444.099474][   T43] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  444.418359][ T5995] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  444.639146][   T24] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  444.665561][ T5995] usb 3-1: device descriptor read/64, error -71
[  444.864622][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  444.880235][T10100] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.899863][T10100] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.903770][   T24] usb 1-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  444.907197][T10100] bridge_slave_0: entered allmulticast mode
[  444.941238][T10100] bridge_slave_0: entered promiscuous mode
[  444.965906][T10100] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.980279][T10100] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.015574][T10100] bridge_slave_1: entered allmulticast mode
[  445.054872][T10100] bridge_slave_1: entered promiscuous mode
[  445.143895][ T5995] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  445.161735][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.175995][   T24] usb 1-1: config 0 descriptor??
[  445.182004][T10180] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  445.318027][ T5995] usb 3-1: device descriptor read/64, error -71
[  445.484706][ T5995] usb usb3-port1: attempt power cycle
[  445.635454][ T5903] libceph: connect (1)[c::]:6789 error -101
[  445.688175][ T5844] Bluetooth: hci5: command tx timeout
[  445.722050][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  445.750711][T10186] ceph: No mds server is up or the cluster is laggy
[  445.812446][T10100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.886210][T10100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.921765][   T43] usb 5-1: Detected FT232A
[  445.936473][   T43] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  445.953272][   T43] usb 5-1: USB disconnect, device number 36
[  445.963818][   T43] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  445.980835][ T5995] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  445.994923][   T43] ftdi_sio 5-1:0.0: device disconnected
[  446.124019][T10100] team0: Port device team_slave_0 added
[  446.172665][T10100] team0: Port device team_slave_1 added
[  446.190928][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  446.199521][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  446.211085][   T24] usb 1-1: USB disconnect, device number 30
[  446.246933][ T9973] gretap0: left allmulticast mode
[  446.405399][T10199] netlink: 'syz.4.1105': attribute type 10 has an invalid length.
[  446.495476][T10200] netlink: 'syz.4.1105': attribute type 10 has an invalid length.
[  446.503439][T10200] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1105'.
[  446.523434][ T5903] usb 4-1: new low-speed USB device number 24 using dummy_hcd
[  446.735068][ T9973] gretap0: left promiscuous mode
[  446.742078][ T9973] bridge0: port 3(gretap0) entered disabled state
[  446.760038][ T9973] bridge_slave_1: left allmulticast mode
[  446.765762][ T9973] bridge_slave_1: left promiscuous mode
[  446.771990][ T9973] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.788907][ T9973] bridge_slave_0: left promiscuous mode
[  446.794687][ T9973] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.884879][T10197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.898468][T10197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.917126][ T5903] usb 4-1: unable to get BOS descriptor or descriptor too short
[  446.936030][ T5903] usb 4-1: unable to read config index 0 descriptor/start: -71
[  446.957990][ T5903] usb 4-1: can't read configurations, error -71
[  446.990276][ T5995] usb 3-1: device descriptor read/8, error -71
[  447.370539][ T9973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  447.395078][ T9973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  447.412558][ T9973] bond0 (unregistering): Released all slaves
[  447.460446][T10199] bridge0: port 3(team0) entered disabled state
[  447.476112][T10199] team0: left allmulticast mode
[  447.484911][T10199] team_slave_0: left allmulticast mode
[  447.491045][T10199] team_slave_1: left allmulticast mode
[  447.496514][T10199] team0: left promiscuous mode
[  447.501339][T10199] team_slave_0: left promiscuous mode
[  447.506836][T10199] team_slave_1: left promiscuous mode
[  447.513427][T10199] bridge0: port 3(team0) entered disabled state
[  447.530465][T10199] batman_adv: batadv0: Adding interface: team0
[  447.536691][T10199] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  447.562312][T10199] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  447.573259][T10200] team0: entered promiscuous mode
[  447.578360][T10200] team_slave_0: entered promiscuous mode
[  447.586605][T10200] team_slave_1: entered promiscuous mode
[  447.596930][T10200] 8021q: adding VLAN 0 to HW filter on device team0
[  447.604702][T10200] batman_adv: batadv0: Interface activated: team0
[  447.611306][T10200] batman_adv: batadv0: Interface deactivated: team0
[  447.617995][T10200] batman_adv: batadv0: Removing interface: team0
[  447.625298][T10200] bridge0: port 3(team0) entered blocking state
[  447.632627][T10200] bridge0: port 3(team0) entered disabled state
[  447.639085][T10200] team0: entered allmulticast mode
[  447.644224][T10200] team_slave_0: entered allmulticast mode
[  447.650032][T10200] team_slave_1: entered allmulticast mode
[  447.658127][T10200] bridge0: port 3(team0) entered blocking state
[  447.664508][T10200] bridge0: port 3(team0) entered forwarding state
[  447.814410][T10100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  447.845402][T10100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  447.846888][T10217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1112'.
[  447.883032][T10100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  447.895033][ T9973] : left promiscuous mode
[  447.949793][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1112'.
[  448.469192][T10100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.476468][T10100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.504099][T10100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  449.436388][T10220] loop6: detected capacity change from 0 to 7
[  449.448505][T10220] Dev loop6: unable to read RDB block 7
[  449.458215][T10220]  loop6: unable to read partition table
[  449.476177][T10220] loop6: partition table beyond EOD, truncated
[  449.487990][T10220] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  449.508529][T10232] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1117'.
[  449.584032][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  449.584049][   T30] audit: type=1326 audit(1751955060.325:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.623043][   T30] audit: type=1326 audit(1751955060.325:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.650760][T10238] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1118'.
[  449.664467][   T30] audit: type=1326 audit(1751955060.365:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.693104][   T30] audit: type=1326 audit(1751955060.365:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.742878][   T30] audit: type=1326 audit(1751955060.365:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.765539][   T30] audit: type=1326 audit(1751955060.385:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.791307][   T30] audit: type=1326 audit(1751955060.385:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.813822][   T30] audit: type=1326 audit(1751955060.385:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.835695][   T30] audit: type=1326 audit(1751955060.385:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.857713][   T30] audit: type=1326 audit(1751955060.385:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10237 comm="syz.2.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff524d8e929 code=0x7ffc0000
[  449.877972][T10100] hsr_slave_0: entered promiscuous mode
[  449.894174][T10100] hsr_slave_1: entered promiscuous mode
[  449.900853][T10100] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  449.909857][T10100] Cannot create hsr debugfs directory
[  449.916995][T10245] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1121'.
[  450.027924][ T5963] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  450.187342][ T9973] hsr_slave_0: left promiscuous mode
[  450.196382][ T9973] hsr_slave_1: left promiscuous mode
[  450.208556][ T9973] batman_adv: batadv0: Removing interface: team0
[  450.220452][ T9973] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  450.252717][ T5963] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  450.271567][ T9973] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.285094][ T5963] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  450.296756][ T5963] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  450.424617][ T9973] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  450.433382][ T9973] batman_adv: batadv0: Removing interface: batadv_slave_1
[  450.436099][ T5963] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  450.471204][ T5963] usb 1-1: SerialNumber: syz
[  450.670511][ T9973] veth1_macvtap: left promiscuous mode
[  450.687928][ T5916] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  450.696885][ T9973] veth0_macvtap: left promiscuous mode
[  450.715726][ T9973] veth1_vlan: left promiscuous mode
[  450.723953][ T9973] veth0_vlan: left promiscuous mode
[  450.840058][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  450.862694][ T5916] usb 4-1: unable to get BOS descriptor or descriptor too short
[  450.873810][ T5963] usb 1-1: 0:2 : does not exist
[  450.880627][ T5916] usb 4-1: config 11 has an invalid interface number: 244 but max is 0
[  450.898530][ T5916] usb 4-1: config 11 has no interface number 0
[  450.904749][ T5916] usb 4-1: config 11 interface 244 altsetting 5 endpoint 0x3 has invalid wMaxPacketSize 0
[  450.912445][ T5963] usb 1-1: USB disconnect, device number 31
[  450.931618][ T5916] usb 4-1: config 11 interface 244 has no altsetting 0
[  450.954510][ T5916] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=57.8a
[  450.971446][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.980422][ T5916] usb 4-1: Product: syz
[  450.984922][ T5916] usb 4-1: Manufacturer: syz
[  450.989887][ T5916] usb 4-1: SerialNumber: syz
[  451.622780][T10256] netlink: 'syz.3.1123': attribute type 10 has an invalid length.
[  451.673732][T10271] netlink: 'syz.3.1123': attribute type 10 has an invalid length.
[  451.682097][T10271] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1123'.
[  453.036998][ T9973] team0 (unregistering): Port device team_slave_1 removed
[  453.081538][ T9973] team0 (unregistering): Port device team_slave_0 removed
[  453.198083][  T979] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  453.372115][  T979] usb 1-1: Using ep0 maxpacket: 8
[  453.383728][  T979] usb 1-1: config 8 has an invalid interface number: 125 but max is 0
[  453.392748][  T979] usb 1-1: config 8 has no interface number 0
[  453.402500][  T979] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=26.ec
[  453.411684][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.420104][  T979] usb 1-1: Product: syz
[  453.424316][  T979] usb 1-1: Manufacturer: syz
[  453.435024][  T979] usb 1-1: SerialNumber: syz
[  453.449886][  T979] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  453.589630][T10256] bridge0: port 3(team0) entered disabled state
[  453.597299][T10256] team0: left allmulticast mode
[  453.602444][T10256] team_slave_0: left allmulticast mode
[  453.608019][T10256] team_slave_1: left allmulticast mode
[  453.613510][T10256] team0: left promiscuous mode
[  453.618342][T10256] team_slave_0: left promiscuous mode
[  453.624052][T10256] team_slave_1: left promiscuous mode
[  453.629948][T10256] bridge0: port 3(team0) entered disabled state
[  453.664004][T10256] batman_adv: batadv0: Adding interface: team0
[  453.670660][T10256] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.698571][T10256] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  453.710150][T10271] team0: entered promiscuous mode
[  453.715251][T10271] team_slave_0: entered promiscuous mode
[  453.721154][T10271] team_slave_1: entered promiscuous mode
[  453.728789][T10271] 8021q: adding VLAN 0 to HW filter on device team0
[  453.735661][T10271] batman_adv: batadv0: Interface activated: team0
[  453.742172][T10271] batman_adv: batadv0: Interface deactivated: team0
[  453.748843][T10271] batman_adv: batadv0: Removing interface: team0
[  453.759530][T10271] bridge0: port 3(team0) entered blocking state
[  453.765947][T10271] bridge0: port 3(team0) entered disabled state
[  453.772492][T10271] team0: entered allmulticast mode
[  453.778008][T10271] team_slave_0: entered allmulticast mode
[  453.785877][T10271] team_slave_1: entered allmulticast mode
[  453.794099][T10271] bridge0: port 3(team0) entered blocking state
[  453.800521][T10271] bridge0: port 3(team0) entered forwarding state
[  453.946763][ T5916] usb 4-1: USB disconnect, device number 26
[  454.153504][  T979] gspca_m5602: Failed to find a sensor
[  454.162794][  T979] ALi m5602 1-1:8.125: ALi m5602 webcam failed
[  454.352930][T10297] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  454.585103][  T979] usb 1-1: USB disconnect, device number 32
[  454.832816][   T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  455.140136][   T24] usb 3-1: Using ep0 maxpacket: 32
[  455.264762][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  455.306854][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  455.343606][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  455.372977][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  455.395658][   T24] usb 3-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  455.415676][T10100] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  455.425731][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.434997][   T24] usb 3-1: Product: syz
[  455.749234][   T24] usb 3-1: Manufacturer: syz
[  455.754344][   T24] usb 3-1: SerialNumber: syz
[  455.761983][   T24] usb 3-1: config 0 descriptor??
[  455.769554][   T24] cypress_m8 3-1:0.0: HID->COM RS232 Adapter converter detected
[  455.778630][   T24] cyphidcom ttyUSB0: required endpoint is missing
[  455.787247][T10100] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  455.810868][T10100] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  455.832363][T10100] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  455.877948][  T979] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  456.125096][  T979] usb 4-1: Using ep0 maxpacket: 16
[  456.192450][  T979] usb 4-1: unable to read config index 0 descriptor/start: -61
[  456.239982][  T979] usb 4-1: can't read configurations, error -61
[  456.372674][ T5916] usb 3-1: USB disconnect, device number 40
[  456.462605][  T979] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  456.512261][ T5916] cypress_m8 3-1:0.0: device disconnected
[  457.050092][  T979] usb 4-1: Using ep0 maxpacket: 16
[  457.070269][  T979] usb 4-1: unable to read config index 0 descriptor/start: -61
[  457.081724][  T979] usb 4-1: can't read configurations, error -61
[  457.092955][  T979] usb usb4-port1: attempt power cycle
[  457.720344][T10333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1144'.
[  457.736307][T10333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1144'.
[  457.773461][T10100] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.948373][T10335] netlink: 'syz.4.1143': attribute type 10 has an invalid length.
[  457.958517][  T979] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  457.960286][T10335] bridge0: port 3(team0) entered disabled state
[  457.972805][T10335] team0: left allmulticast mode
[  457.978113][T10335] team_slave_0: left allmulticast mode
[  457.982148][  T979] usb 4-1: Using ep0 maxpacket: 16
[  457.983798][T10335] team_slave_1: left allmulticast mode
[  457.994221][T10335] team0: left promiscuous mode
[  457.996764][  T979] usb 4-1: unable to read config index 0 descriptor/start: -61
[  457.999044][T10335] team_slave_0: left promiscuous mode
[  457.999275][T10335] team_slave_1: left promiscuous mode
[  457.999614][T10335] bridge0: port 3(team0) entered disabled state
[  458.010122][  T979] usb 4-1: can't read configurations, error -61
[  458.031012][T10338] netlink: 'syz.4.1143': attribute type 10 has an invalid length.
[  458.038931][T10338] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1143'.
[  458.052211][T10335] batman_adv: batadv0: Adding interface: team0
[  458.058630][T10335] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.084221][T10335] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  458.099198][T10100] 8021q: adding VLAN 0 to HW filter on device team0
[  458.106195][T10338] team0: entered promiscuous mode
[  458.113534][T10338] team_slave_0: entered promiscuous mode
[  458.119513][T10338] team_slave_1: entered promiscuous mode
[  458.127893][T10338] 8021q: adding VLAN 0 to HW filter on device team0
[  458.134759][T10338] batman_adv: batadv0: Interface activated: team0
[  458.141339][T10338] batman_adv: batadv0: Interface deactivated: team0
[  458.148002][T10338] batman_adv: batadv0: Removing interface: team0
[  458.155256][T10338] bridge0: port 3(team0) entered blocking state
[  458.162341][T10338] bridge0: port 3(team0) entered disabled state
[  458.168811][T10338] team0: entered allmulticast mode
[  458.173943][T10338] team_slave_0: entered allmulticast mode
[  458.181494][T10338] team_slave_1: entered allmulticast mode
[  458.189828][T10338] bridge0: port 3(team0) entered blocking state
[  458.196198][T10338] bridge0: port 3(team0) entered forwarding state
[  458.239740][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.248055][ T9962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  458.269053][  T979] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  458.331843][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.339124][ T9962] bridge0: port 2(bridge_slave_1) entered forwarding state
[  458.347101][  T979] usb 4-1: device descriptor read/8, error -71
[  458.458245][  T979] usb usb4-port1: unable to enumerate USB device
[  458.496763][T10351] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  458.518179][T10353] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  458.590149][T10359] fuse: Bad value for 'fd'
[  459.195802][T10367] loop2: detected capacity change from 0 to 7
[  459.329184][T10367] Dev loop2: unable to read RDB block 7
[  459.381979][T10367]  loop2: AHDI p1 p2 p3
[  459.424090][T10367] loop2: partition table partially beyond EOD, truncated
[  459.476611][T10367] loop2: p1 start 1601398130 is beyond EOD, truncated
[  459.532360][T10367] loop2: p2 start 1702059890 is beyond EOD, truncated
[  461.124707][T10100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  462.693107][T10398] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[  463.301534][T10404] FAULT_INJECTION: forcing a failure.
[  463.301534][T10404] name failslab, interval 1, probability 0, space 0, times 0
[  463.331773][T10404] CPU: 1 UID: 0 PID: 10404 Comm: syz.2.1159 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  463.331800][T10404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  463.331814][T10404] Call Trace:
[  463.331824][T10404]  <TASK>
[  463.331831][T10404]  dump_stack_lvl+0x189/0x250
[  463.331854][T10404]  ? __pfx____ratelimit+0x10/0x10
[  463.331877][T10404]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.331895][T10404]  ? __pfx__printk+0x10/0x10
[  463.331912][T10404]  ? ipt_do_table+0x2a3/0x1630
[  463.331934][T10404]  ? iptable_mangle_hook+0x189/0x4c0
[  463.331957][T10404]  should_fail_ex+0x414/0x560
[  463.331982][T10404]  should_failslab+0xa8/0x100
[  463.332007][T10404]  kmem_cache_alloc_noprof+0x73/0x3c0
[  463.332027][T10404]  ? dst_alloc+0x105/0x170
[  463.332058][T10404]  dst_alloc+0x105/0x170
[  463.332082][T10404]  rt_dst_clone+0x52/0x680
[  463.332107][T10404]  ip_mc_finish_output+0x10a/0x5f0
[  463.332133][T10404]  ip_mc_output+0x3a3/0x590
[  463.332159][T10404]  ip_send_skb+0x74/0x100
[  463.332182][T10404]  udp_send_skb+0xaf1/0x14c0
[  463.332217][T10404]  udp_sendmsg+0x195b/0x2300
[  463.332244][T10404]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  463.332264][T10404]  ? __pfx_udp_sendmsg+0x10/0x10
[  463.332284][T10404]  ? __lock_acquire+0xab9/0xd20
[  463.332299][T10404]  ? smack_socket_sendmsg+0x1a7/0x520
[  463.332320][T10404]  ? __lock_acquire+0xab9/0xd20
[  463.332347][T10404]  ? __lock_acquire+0xab9/0xd20
[  463.332368][T10404]  ? sock_rps_record_flow+0x19/0x410
[  463.332386][T10404]  ? inet_sendmsg+0x29c/0x370
[  463.332400][T10404]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  463.332425][T10404]  __sock_sendmsg+0x19c/0x270
[  463.332452][T10404]  ____sys_sendmsg+0x52d/0x830
[  463.332477][T10404]  ? __pfx_____sys_sendmsg+0x10/0x10
[  463.332506][T10404]  ? import_iovec+0x74/0xa0
[  463.332526][T10404]  ___sys_sendmsg+0x21f/0x2a0
[  463.332547][T10404]  ? __pfx____sys_sendmsg+0x10/0x10
[  463.332599][T10404]  ? __fget_files+0x2a/0x420
[  463.332613][T10404]  ? __fget_files+0x3a0/0x420
[  463.332636][T10404]  __sys_sendmmsg+0x227/0x430
[  463.332660][T10404]  ? __pfx___sys_sendmmsg+0x10/0x10
[  463.332676][T10404]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  463.332716][T10404]  ? ksys_write+0x22a/0x250
[  463.332739][T10404]  ? __pfx_ksys_write+0x10/0x10
[  463.332756][T10404]  ? rcu_is_watching+0x15/0xb0
[  463.332779][T10404]  __x64_sys_sendmmsg+0xa0/0xc0
[  463.332800][T10404]  do_syscall_64+0xfa/0x3b0
[  463.332814][T10404]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.332835][T10404]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.332851][T10404]  ? clear_bhb_loop+0x60/0xb0
[  463.332871][T10404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.332886][T10404] RIP: 0033:0x7ff524d8e929
[  463.332902][T10404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.332917][T10404] RSP: 002b:00007ff522bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  463.332936][T10404] RAX: ffffffffffffffda RBX: 00007ff524fb5fa0 RCX: 00007ff524d8e929
[  463.332948][T10404] RDX: 0000000000000002 RSI: 0000200000002d80 RDI: 0000000000000003
[  463.332959][T10404] RBP: 00007ff522bf6090 R08: 0000000000000000 R09: 0000000000000000
[  463.332969][T10404] R10: 0000000000004f00 R11: 0000000000000246 R12: 0000000000000001
[  463.332979][T10404] R13: 0000000000000000 R14: 00007ff524fb5fa0 R15: 00007ffc680bf0b8
[  463.333004][T10404]  </TASK>
[  463.708645][T10408] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1160'.
[  463.717676][T10408] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1160'.
[  463.796661][T10100] veth0_vlan: entered promiscuous mode
[  463.938518][T10413] loop2: detected capacity change from 0 to 7
[  463.979970][T10413] Dev loop2: unable to read RDB block 7
[  463.985710][T10413]  loop2: AHDI p1 p2 p3
[  463.993184][T10413] loop2: partition table partially beyond EOD, truncated
[  464.003355][T10413] loop2: p1 start 1601398130 is beyond EOD, truncated
[  464.017433][T10413] loop2: p2 start 1702059890 is beyond EOD, truncated
[  464.034873][T10100] veth1_vlan: entered promiscuous mode
[  464.187636][T10100] veth0_macvtap: entered promiscuous mode
[  465.041082][T10100] veth1_macvtap: entered promiscuous mode
[  465.063095][T10100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  465.075340][T10100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  465.086186][T10100] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  465.094962][T10100] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  465.103742][T10100] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  465.112513][T10100] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  466.498158][   T24] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  466.713065][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  466.813801][   T24] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  466.847554][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.858013][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.865855][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.887310][   T24] usb 5-1: config 0 descriptor??
[  466.913229][T10458] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  466.949730][T10472] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  466.961370][ T6028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.988186][ T6028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  467.111098][T10480] loop2: detected capacity change from 0 to 7
[  467.169873][T10283] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  467.193632][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  467.207389][T10480] Dev loop2: unable to read RDB block 7
[  467.237980][T10480]  loop2: AHDI p1 p2 p3
[  467.238234][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  467.242405][T10480] loop2: partition table partially beyond EOD, truncated
[  467.264520][T10480] loop2: p1 start 1601398130 is beyond EOD, truncated
[  467.272774][T10480] loop2: p2 start 1702059890 is beyond EOD, truncated
[  467.279460][   T24] usb 5-1: USB disconnect, device number 37
[  467.349739][T10283] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  467.375355][T10283] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  467.446040][T10283] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86
[  467.521592][T10283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  467.585049][T10283] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  467.743260][T10283] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  467.837701][T10283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.926958][T10283] usb 4-1: Product: syz
[  467.965620][T10283] usb 4-1: Manufacturer: syz
[  468.005597][T10283] usb 4-1: SerialNumber: syz
[  468.137793][T10283] usb 4-1: config 0 descriptor??
[  468.262997][T10283] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  468.932756][T10283] input: gspca_pac7302 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input12
[  469.359028][T10283] usb 4-1: USB disconnect, device number 31
[  470.304488][T10514] FAULT_INJECTION: forcing a failure.
[  470.304488][T10514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.347923][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  470.347941][   T30] audit: type=1326 audit(1751955081.085:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.366196][T10514] CPU: 1 UID: 0 PID: 10514 Comm: syz.0.1183 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  470.366221][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  470.366231][T10514] Call Trace:
[  470.366238][T10514]  <TASK>
[  470.366246][T10514]  dump_stack_lvl+0x189/0x250
[  470.366269][T10514]  ? __pfx____ratelimit+0x10/0x10
[  470.366293][T10514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.366310][T10514]  ? __pfx__printk+0x10/0x10
[  470.366330][T10514]  ? __might_fault+0xb0/0x130
[  470.366362][T10514]  should_fail_ex+0x414/0x560
[  470.366389][T10514]  _copy_from_user+0x2d/0xb0
[  470.366407][T10514]  ___sys_sendmsg+0x158/0x2a0
[  470.366430][T10514]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.366490][T10514]  ? __might_fault+0xb0/0x130
[  470.366514][T10514]  __sys_sendmmsg+0x227/0x430
[  470.366539][T10514]  ? __pfx___sys_sendmmsg+0x10/0x10
[  470.366555][T10514]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  470.366595][T10514]  ? ksys_write+0x22a/0x250
[  470.366617][T10514]  ? __pfx_ksys_write+0x10/0x10
[  470.366635][T10514]  ? rcu_is_watching+0x15/0xb0
[  470.366659][T10514]  __x64_sys_sendmmsg+0xa0/0xc0
[  470.366681][T10514]  do_syscall_64+0xfa/0x3b0
[  470.366695][T10514]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.366716][T10514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.366731][T10514]  ? clear_bhb_loop+0x60/0xb0
[  470.366750][T10514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.366766][T10514] RIP: 0033:0x7f00d8d8e929
[  470.366782][T10514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.366796][T10514] RSP: 002b:00007f00d6bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  470.366814][T10514] RAX: ffffffffffffffda RBX: 00007f00d8fb5fa0 RCX: 00007f00d8d8e929
[  470.366825][T10514] RDX: 0000000000000002 RSI: 0000200000002d80 RDI: 0000000000000003
[  470.366836][T10514] RBP: 00007f00d6bf6090 R08: 0000000000000000 R09: 0000000000000000
[  470.366846][T10514] R10: 0000000000004f00 R11: 0000000000000246 R12: 0000000000000001
[  470.366856][T10514] R13: 0000000000000000 R14: 00007f00d8fb5fa0 R15: 00007ffc23ddcc18
[  470.366882][T10514]  </TASK>
[  470.606763][   T30] audit: type=1326 audit(1751955081.085:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.633681][   T30] audit: type=1326 audit(1751955081.085:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.659293][   T30] audit: type=1326 audit(1751955081.085:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.682590][   T30] audit: type=1326 audit(1751955081.085:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.760040][   T30] audit: type=1326 audit(1751955081.085:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.808644][   T30] audit: type=1326 audit(1751955081.085:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.833229][   T30] audit: type=1326 audit(1751955081.085:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.870552][   T30] audit: type=1326 audit(1751955081.085:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.902618][   T30] audit: type=1326 audit(1751955081.085:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10515 comm="syz.4.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b898e929 code=0x7ffc0000
[  470.975527][T10537] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  471.007922][T10283] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  471.163294][T10283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  471.170376][T10547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1193'.
[  471.178578][T10545] netlink: 'syz.0.1192': attribute type 29 has an invalid length.
[  471.191445][T10547] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1193'.
[  471.256941][T10545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1192'.
[  471.308250][ T5844] Bluetooth: hci5: ISO packet too small
[  471.805806][T10283] usb 4-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  471.814991][T10283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.825746][T10283] usb 4-1: config 0 descriptor??
[  471.835645][T10535] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  473.313504][T10283] usbhid 4-1:0.0: can't add hid device: -71
[  473.324474][T10283] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  473.338119][T10283] usb 4-1: USB disconnect, device number 32
[  474.376493][ T5995] libceph: connect (1)[c::]:6789 error -101
[  475.030925][T10573] ceph: No mds server is up or the cluster is laggy
[  475.115342][ T5995] libceph: mon0 (1)[c::]:6789 connect error
[  475.211542][T10581] xt_l2tp: unknown flags: 17
[  475.326694][T10581] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  476.979800][ T5844] Bluetooth: hci3: ISO packet too small
[  477.557040][T10613] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1212'.
[  477.788290][ T5995] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  477.990474][ T5896] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  478.054574][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  478.101191][ T5995] usb 6-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  478.117922][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.154445][ T5995] usb 6-1: config 0 descriptor??
[  478.169493][T10611] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  478.238232][ T5896] usb 1-1: Using ep0 maxpacket: 16
[  478.245975][ T5896] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  478.279026][ T5896] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  478.287768][ T5896] usb 1-1: config 1 has an invalid descriptor of length 117, skipping remainder of the config
[  478.301319][ T5896] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  478.353675][ T5896] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  478.366399][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.386316][ T5896] usb 1-1: Product: syz
[  478.391356][ T5896] usb 1-1: Manufacturer: ဉ
[  478.396193][ T5896] usb 1-1: SerialNumber: syz
[  478.401219][ T5995] usbhid 6-1:0.0: can't add hid device: -71
[  478.407205][ T5995] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  478.428438][ T5995] usb 6-1: USB disconnect, device number 2
[  478.984887][ T5893] libceph: connect (1)[c::]:6789 error -101
[  479.056813][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  479.370997][T10644] ceph: No mds server is up or the cluster is laggy
[  479.618447][ T5896] usb 1-1: 0:2 : does not exist
[  479.627480][T10652] FAULT_INJECTION: forcing a failure.
[  479.627480][T10652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  479.647915][T10652] CPU: 1 UID: 0 PID: 10652 Comm: syz.3.1222 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  479.647940][T10652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  479.647954][T10652] Call Trace:
[  479.647961][T10652]  <TASK>
[  479.647970][T10652]  dump_stack_lvl+0x189/0x250
[  479.647993][T10652]  ? __pfx____ratelimit+0x10/0x10
[  479.648017][T10652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.648035][T10652]  ? __pfx__printk+0x10/0x10
[  479.648056][T10652]  ? __might_fault+0xb0/0x130
[  479.648091][T10652]  should_fail_ex+0x414/0x560
[  479.648118][T10652]  _copy_from_user+0x2d/0xb0
[  479.648138][T10652]  kstrtouint_from_user+0xc4/0x170
[  479.648164][T10652]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  479.648201][T10652]  proc_fail_nth_write+0x88/0x240
[  479.648219][T10652]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.648241][T10652]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.648259][T10652]  vfs_write+0x27b/0xa90
[  479.648290][T10652]  ? __pfx_vfs_write+0x10/0x10
[  479.648313][T10652]  ? __fget_files+0x2a/0x420
[  479.648332][T10652]  ? __fget_files+0x3a0/0x420
[  479.648346][T10652]  ? __fget_files+0x2a/0x420
[  479.648371][T10652]  ksys_write+0x145/0x250
[  479.648395][T10652]  ? __pfx_ksys_write+0x10/0x10
[  479.648413][T10652]  ? rcu_is_watching+0x15/0xb0
[  479.648436][T10652]  ? do_syscall_64+0xbe/0x3b0
[  479.648455][T10652]  do_syscall_64+0xfa/0x3b0
[  479.648468][T10652]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.648490][T10652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.648506][T10652]  ? clear_bhb_loop+0x60/0xb0
[  479.648526][T10652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.648542][T10652] RIP: 0033:0x7f3fa078d3df
[  479.648558][T10652] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  479.648580][T10652] RSP: 002b:00007f3fa1511030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  479.648597][T10652] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3fa078d3df
[  479.648609][T10652] RDX: 0000000000000001 RSI: 00007f3fa15110a0 RDI: 0000000000000004
[  479.648619][T10652] RBP: 00007f3fa1511090 R08: 0000000000000000 R09: 0000000000000000
[  479.648629][T10652] R10: 0000000000004f00 R11: 0000000000000293 R12: 0000000000000002
[  479.648639][T10652] R13: 0000000000000000 R14: 00007f3fa09b5fa0 R15: 00007ffc7d9fd928
[  479.648667][T10652]  </TASK>
[  479.649321][ T5896] usb 1-1: USB disconnect, device number 33
[  480.205742][T10661] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  480.236312][T10661] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1224'.
[  481.228514][T10666] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1226'.
[  481.299370][T10670] ipt_ECN: cannot use operation on non-tcp rule
[  481.728110][ T5893] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  482.846206][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  482.862601][ T5893] usb 4-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  482.872509][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.890889][ T5893] usb 4-1: config 0 descriptor??
[  482.919479][T10676] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  483.133931][T10691] overlay: filesystem on ./bus not supported as upperdir
[  483.142302][ T5893] usbhid 4-1:0.0: can't add hid device: -71
[  483.148404][ T5893] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  483.253807][ T5893] usb 4-1: USB disconnect, device number 33
[  483.372385][T10691] overlay: filesystem on ./bus not supported as upperdir
[  483.521893][  T979] libceph: connect (1)[c::]:6789 error -101
[  483.641586][  T979] libceph: mon0 (1)[c::]:6789 connect error
[  483.950793][T10694] ceph: No mds server is up or the cluster is laggy
[  484.102526][  T979] libceph: connect (1)[c::]:6789 error -101
[  484.116278][  T979] libceph: mon0 (1)[c::]:6789 connect error
[  484.952450][  T979] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  485.134654][T10716] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1240'.
[  485.237350][  T979] usb 3-1: unable to get BOS descriptor or descriptor too short
[  485.256990][  T979] usb 3-1: config 1 has an invalid interface number: 83 but max is 0
[  485.298450][  T979] usb 3-1: config 1 has no interface number 0
[  485.304616][  T979] usb 3-1: config 1 interface 83 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  485.379842][  T979] usb 3-1: config 1 interface 83 has no altsetting 0
[  485.400197][  T979] usb 3-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=a2.c5
[  485.428287][  T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.467564][  T979] usb 3-1: Product: syz
[  485.487449][  T979] usb 3-1: Manufacturer: syz
[  485.497588][  T979] usb 3-1: SerialNumber: syz
[  486.442523][  T979] usb 3-1: probing VID:PID(2201:012C)   
[  486.472798][  T979] usb 3-1: vub300 testing UNKNOWN EndPoint(0) 08
[  486.488824][  T979] usb 3-1: vub300 ignoring EndPoint(0) 08
[  486.531257][  T979] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  487.172277][  T979] vub300 3-1:1.83: probe with driver vub300 failed with error -22
[  487.202544][  T979] usb 3-1: USB disconnect, device number 41
[  488.192352][T10749] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  488.287913][  T979] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  489.049435][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  489.068056][  T979] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  489.081583][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.142999][T10760] Cannot find add_set index 3 as target
[  489.147455][  T979] usb 5-1: config 0 descriptor??
[  489.155144][T10744] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  489.641072][  T979] usbhid 5-1:0.0: can't add hid device: -71
[  489.647177][  T979] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  489.721828][  T979] usb 5-1: USB disconnect, device number 38
[  489.976505][T10776] loop9: detected capacity change from 0 to 7
[  489.984335][T10776] buffer_io_error: 11 callbacks suppressed
[  489.984350][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  489.998212][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.006190][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.014279][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.022370][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.031967][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.040364][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.048511][T10776] ldm_validate_partition_table(): Disk read failed.
[  490.055426][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.063821][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.093428][T10776] Buffer I/O error on dev loop9, logical block 0, async page read
[  490.102134][T10776] Dev loop9: unable to read RDB block 0
[  490.108748][T10776]  loop9: unable to read partition table
[  490.115267][T10776] loop9: partition table beyond EOD, truncated
[  490.121643][T10776] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  490.121643][T10776] 
) failed (rc=-5)
[  491.225646][T10787] FAULT_INJECTION: forcing a failure.
[  491.225646][T10787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.239104][T10787] CPU: 1 UID: 0 PID: 10787 Comm: syz.3.1258 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  491.239126][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.239136][T10787] Call Trace:
[  491.239143][T10787]  <TASK>
[  491.239151][T10787]  dump_stack_lvl+0x189/0x250
[  491.239174][T10787]  ? __pfx____ratelimit+0x10/0x10
[  491.239197][T10787]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.239216][T10787]  ? __pfx__printk+0x10/0x10
[  491.239249][T10787]  should_fail_ex+0x414/0x560
[  491.239277][T10787]  _copy_to_user+0x31/0xb0
[  491.239298][T10787]  simple_read_from_buffer+0xe1/0x170
[  491.239326][T10787]  proc_fail_nth_read+0x1df/0x250
[  491.239353][T10787]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  491.239373][T10787]  ? rw_verify_area+0x258/0x650
[  491.239392][T10787]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  491.239409][T10787]  vfs_read+0x1fd/0x980
[  491.239433][T10787]  ? __pfx___mutex_lock+0x10/0x10
[  491.239450][T10787]  ? __pfx_vfs_read+0x10/0x10
[  491.239472][T10787]  ? __fget_files+0x2a/0x420
[  491.239492][T10787]  ? __fget_files+0x3a0/0x420
[  491.239506][T10787]  ? __fget_files+0x2a/0x420
[  491.239529][T10787]  ksys_read+0x145/0x250
[  491.239553][T10787]  ? __pfx_ksys_read+0x10/0x10
[  491.239571][T10787]  ? rcu_is_watching+0x15/0xb0
[  491.239595][T10787]  ? do_syscall_64+0xbe/0x3b0
[  491.239614][T10787]  do_syscall_64+0xfa/0x3b0
[  491.239627][T10787]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.239649][T10787]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.239665][T10787]  ? clear_bhb_loop+0x60/0xb0
[  491.239685][T10787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.239701][T10787] RIP: 0033:0x7f3fa078d33c
[  491.239716][T10787] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  491.239734][T10787] RSP: 002b:00007f3f9e5c3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  491.239752][T10787] RAX: ffffffffffffffda RBX: 00007f3fa09b6080 RCX: 00007f3fa078d33c
[  491.239764][T10787] RDX: 000000000000000f RSI: 00007f3f9e5c30a0 RDI: 000000000000000f
[  491.239774][T10787] RBP: 00007f3f9e5c3090 R08: 0000000000000000 R09: 0000000000000000
[  491.239784][T10787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  491.239794][T10787] R13: 0000000000000000 R14: 00007f3fa09b6080 R15: 00007ffc7d9fd928
[  491.239822][T10787]  </TASK>
[  492.708357][T10803] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  493.492143][T10815] netlink: 8236 bytes leftover after parsing attributes in process `syz.4.1266'.
[  493.553940][T10819] loop2: detected capacity change from 0 to 7
[  493.665509][T10819] Dev loop2: unable to read RDB block 7
[  493.697271][T10819]  loop2: AHDI p1 p2 p3
[  493.703289][T10820] netlink: 'syz.4.1266': attribute type 10 has an invalid length.
[  493.720888][T10820] bridge0: port 3(team0) entered disabled state
[  493.727466][T10820] team0: left allmulticast mode
[  493.732385][T10820] team_slave_0: left allmulticast mode
[  493.738029][T10820] team_slave_1: left allmulticast mode
[  493.743480][T10820] team0: left promiscuous mode
[  493.748275][T10820] team_slave_0: left promiscuous mode
[  493.753843][T10820] team_slave_1: left promiscuous mode
[  493.754811][T10823] netlink: 'syz.4.1266': attribute type 10 has an invalid length.
[  493.759649][T10820] bridge0: port 3(team0) entered disabled state
[  493.774288][T10823] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1266'.
[  493.792377][T10819] loop2: partition table partially beyond EOD, truncated
[  493.801328][T10820] batman_adv: batadv0: Adding interface: team0
[  493.807541][T10820] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  493.834593][T10820] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  493.845622][T10823] team0: entered promiscuous mode
[  493.850911][T10823] team_slave_0: entered promiscuous mode
[  493.856758][T10823] team_slave_1: entered promiscuous mode
[  493.864352][T10823] 8021q: adding VLAN 0 to HW filter on device team0
[  493.868318][T10819] loop2: p1 start 1601398130 is beyond EOD, truncated
[  493.871222][T10823] batman_adv: batadv0: Interface activated: team0
[  493.882920][T10819] loop2: p2 start 1702059890 is beyond EOD, 
[  493.884366][T10823] batman_adv: batadv0: Interface deactivated: team0
[  493.884428][T10819] truncated
[  493.890507][T10823] batman_adv: batadv0: Removing interface: team0
[  493.907622][T10823] bridge0: port 3(team0) entered blocking state
[  493.914065][T10823] bridge0: port 3(team0) entered disabled state
[  493.921664][T10823] team0: entered allmulticast mode
[  493.926813][T10823] team_slave_0: entered allmulticast mode
[  493.932600][T10823] team_slave_1: entered allmulticast mode
[  493.941524][T10823] bridge0: port 3(team0) entered blocking state
[  493.947900][T10823] bridge0: port 3(team0) entered forwarding state
[  494.096358][T10830] netlink: 'syz.5.1270': attribute type 11 has an invalid length.
[  494.136424][T10830] netlink: 'syz.5.1270': attribute type 11 has an invalid length.
[  495.251829][  T979] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  495.409822][  T979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  495.429569][  T979] usb 6-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  495.443874][  T979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.455579][  T979] usb 6-1: config 0 descriptor??
[  495.466165][T10835] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  495.515190][T10850] netlink: 'syz.3.1277': attribute type 6 has an invalid length.
[  495.749230][ T5893] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  495.766123][  T979] usbhid 6-1:0.0: can't add hid device: -71
[  495.773046][  T979] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  495.786736][  T979] usb 6-1: USB disconnect, device number 3
[  496.018391][ T5893] usb 3-1: Using ep0 maxpacket: 32
[  496.084073][ T5893] usb 3-1: unable to get BOS descriptor or descriptor too short
[  496.095521][ T5893] usb 3-1: config 12 has an invalid interface number: 184 but max is 0
[  496.111028][ T5893] usb 3-1: config 12 has no interface number 0
[  496.118134][ T5893] usb 3-1: config 12 interface 184 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  496.133914][ T5893] usb 3-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2
[  496.145157][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.153484][ T5893] usb 3-1: Product: syz
[  496.162092][ T5893] usb 3-1: Manufacturer: syz
[  496.163242][T10867] loop2: detected capacity change from 0 to 7
[  496.166694][ T5893] usb 3-1: SerialNumber: syz
[  496.191816][T10867] Dev loop2: unable to read RDB block 7
[  496.197630][T10867]  loop2: AHDI p1 p2 p3
[  496.204575][T10867] loop2: partition table partially beyond EOD, truncated
[  496.212345][T10867] loop2: p1 start 1601398130 is beyond EOD, truncated
[  496.222401][T10867] loop2: p2 start 1702059890 is beyond EOD, truncated
[  496.470850][T10869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1283'.
[  496.881258][ T5893] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  497.010188][ T5893] usb 3-1: USB disconnect, device number 42
[  498.101257][T10887] wg1: entered promiscuous mode
[  498.107013][T10887] wg1: entered allmulticast mode
[  498.323335][T10893] netlink: 'syz.3.1285': attribute type 10 has an invalid length.
[  498.334584][T10893] bridge0: port 3(team0) entered disabled state
[  498.341384][T10893] team0: left allmulticast mode
[  498.346295][T10893] team_slave_0: left allmulticast mode
[  498.351940][T10893] team_slave_1: left allmulticast mode
[  498.357411][T10893] team0: left promiscuous mode
[  498.362222][T10893] team_slave_0: left promiscuous mode
[  498.368155][T10893] team_slave_1: left promiscuous mode
[  498.373933][T10893] bridge0: port 3(team0) entered disabled state
[  498.386412][T10899] netlink: 'syz.3.1285': attribute type 10 has an invalid length.
[  498.394319][T10899] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1285'.
[  498.441345][T10893] batman_adv: batadv0: Adding interface: team0
[  498.447899][T10893] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  498.474020][T10893] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  498.501286][T10899] team0: entered promiscuous mode
[  498.506386][T10899] team_slave_0: entered promiscuous mode
[  498.512531][T10899] team_slave_1: entered promiscuous mode
[  498.526847][T10899] 8021q: adding VLAN 0 to HW filter on device team0
[  498.533806][T10899] batman_adv: batadv0: Interface activated: team0
[  498.540560][T10899] batman_adv: batadv0: Interface deactivated: team0
[  498.564798][T10899] batman_adv: batadv0: Removing interface: team0
[  498.578004][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  498.630586][T10902] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1291'.
[  498.898693][ T5893] libceph: connect (1)[c::]:6789 error -101
[  498.905689][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  498.997425][    T9] usb 6-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid maxpacket 1032, setting to 1024
[  499.101481][T10904] ceph: No mds server is up or the cluster is laggy
[  499.118451][T10899] bridge0: port 3(team0) entered blocking state
[  499.124825][T10899] bridge0: port 3(team0) entered disabled state
[  499.131276][T10899] team0: entered allmulticast mode
[  499.136437][T10899] team_slave_0: entered allmulticast mode
[  499.143496][T10899] team_slave_1: entered allmulticast mode
[  499.152984][T10899] bridge0: port 3(team0) entered blocking state
[  499.159374][T10899] bridge0: port 3(team0) entered forwarding state
[  499.167946][    T9] usb 6-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid wMaxPacketSize 0
[  499.301779][    T9] usb 6-1: config 16 interface 0 has no altsetting 0
[  499.309094][    T9] usb 6-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  499.322200][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.334569][T10896] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  499.539798][T10915] loop2: detected capacity change from 0 to 7
[  499.552766][T10896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.567130][T10915] Dev loop2: unable to read RDB block 7
[  499.572003][T10896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.591609][T10915]  loop2: AHDI p1 p2 p3
[  499.595817][T10915] loop2: partition table partially beyond EOD, truncated
[  499.597438][    T9] usb 6-1: string descriptor 0 read error: -71
[  499.626432][    T9] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  499.627961][T10915] loop2: p1 start 1601398130 is beyond EOD, truncated
[  499.644698][    T9] imon 6-1:16.0: unable to initialize intf0, err -19
[  499.658045][   T24] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  499.662871][    T9] imon:imon_probe: failed to initialize context!
[  499.681591][T10915] loop2: p2 start 1702059890 is beyond EOD, truncated
[  499.682275][    T9] imon 6-1:16.0: unable to register, err -19
[  499.725384][    T9] usb 6-1: USB disconnect, device number 4
[  499.831612][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  499.852913][   T24] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  499.880632][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.903483][   T24] usb 5-1: config 0 descriptor??
[  499.925495][T10913] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  500.058682][  T979] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  500.137380][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  500.155891][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  500.176469][   T24] usb 5-1: USB disconnect, device number 39
[  500.249694][  T979] usb 1-1: config 0 has an invalid interface number: 229 but max is 0
[  500.259782][  T979] usb 1-1: config 0 has no interface number 0
[  500.267341][  T979] usb 1-1: config 0 interface 229 altsetting 0 endpoint 0x85 has invalid maxpacket 1023, setting to 64
[  500.300852][  T979] usb 1-1: config 0 interface 229 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  500.313306][  T979] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  500.331398][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.339589][  T979] usb 1-1: Product: syz
[  500.347927][  T979] usb 1-1: Manufacturer: syz
[  500.352551][  T979] usb 1-1: SerialNumber: syz
[  500.373454][  T979] usb 1-1: config 0 descriptor??
[  500.389695][T10917] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  500.397175][T10927] syz_tun: entered allmulticast mode
[  500.404295][T10927] syz_tun: left allmulticast mode
[  500.614180][  T979] usb 1-1: USB disconnect, device number 34
[  500.707447][T10929] netlink: 'syz.3.1301': attribute type 10 has an invalid length.
[  500.726483][T10929] bridge0: port 3(team0) entered disabled state
[  500.734727][T10929] team0: left allmulticast mode
[  500.739714][T10929] team_slave_0: left allmulticast mode
[  500.745236][T10929] team_slave_1: left allmulticast mode
[  500.750802][T10929] team0: left promiscuous mode
[  500.755616][T10929] team_slave_0: left promiscuous mode
[  500.762454][T10929] team_slave_1: left promiscuous mode
[  500.769858][T10929] bridge0: port 3(team0) entered disabled state
[  500.811317][T10930] netlink: 'syz.3.1301': attribute type 10 has an invalid length.
[  500.819234][T10930] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1301'.
[  500.832739][ T5896] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  500.917026][T10929] batman_adv: batadv0: Adding interface: team0
[  500.923289][T10929] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  500.948689][T10929] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  500.984320][T10930] team0: entered promiscuous mode
[  500.989564][T10930] team_slave_0: entered promiscuous mode
[  500.996778][T10930] team_slave_1: entered promiscuous mode
[  501.011259][T10930] 8021q: adding VLAN 0 to HW filter on device team0
[  501.019898][T10930] batman_adv: batadv0: Interface activated: team0
[  501.026684][T10930] batman_adv: batadv0: Interface deactivated: team0
[  501.033480][T10930] batman_adv: batadv0: Removing interface: team0
[  501.060510][T10930] bridge0: port 3(team0) entered blocking state
[  501.066912][T10930] bridge0: port 3(team0) entered disabled state
[  501.073443][T10930] team0: entered allmulticast mode
[  501.078659][T10930] team_slave_0: entered allmulticast mode
[  501.085549][T10930] team_slave_1: entered allmulticast mode
[  501.093753][T10930] bridge0: port 3(team0) entered blocking state
[  501.100140][T10930] bridge0: port 3(team0) entered forwarding state
[  501.199126][ T5896] usb 6-1: Using ep0 maxpacket: 32
[  501.207230][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  501.334050][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  501.345196][ T5896] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  501.364715][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.455571][ T5896] usb 6-1: config 0 descriptor??
[  501.472583][ T5896] hub 6-1:0.0: USB hub found
[  501.619872][T10935] netlink: 'syz.4.1303': attribute type 11 has an invalid length.
[  501.645141][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.655307][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  501.693430][ T5896] hub 6-1:0.0: 1 port detected
[  501.750847][T10941] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1304'.
[  501.872588][ T5963] libceph: connect (1)[c::]:6789 error -101
[  501.958328][   T24] usb 1-1: new low-speed USB device number 35 using dummy_hcd
[  502.035232][ T5963] libceph: mon0 (1)[c::]:6789 connect error
[  502.280109][   T24] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  502.295631][   T24] usb 1-1: config 0 has no interface number 0
[  502.303754][T10941] ceph: No mds server is up or the cluster is laggy
[  502.316843][   T24] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  502.329410][   T24] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  502.340643][   T24] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  502.352748][   T24] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  502.364430][   T24] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  502.375701][   T24] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  502.404084][ T5896] hub 6-1:0.0: activate --> -90
[  502.414173][   T24] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  502.440403][T10949] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received
[  502.452350][ T5963] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  502.467767][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.500615][   T24] usb 1-1: config 0 descriptor??
[  502.506968][T10940] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  502.528259][T10940] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  502.545037][   T24] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  502.658082][ T5963] usb 5-1: Using ep0 maxpacket: 16
[  502.676934][ T5963] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  502.687500][ T5963] usb 5-1: config 0 has no interface number 0
[  502.818268][   T24] usb 6-1: USB disconnect, device number 5
[  502.847074][ T5963] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  502.861883][ T5963] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.863838][  T979] usb 1-1: USB disconnect, device number 35
[  502.870589][ T5963] usb 5-1: Product: syz
[  502.883491][ T5963] usb 5-1: Manufacturer: syz
[  502.890737][ T5963] usb 5-1: SerialNumber: syz
[  502.892903][  T979] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  503.049313][ T5896] usb 6-1-port1: config error
[  503.070774][ T5963] usb 5-1: config 0 descriptor??
[  503.177082][ T5963] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  503.319879][ T5963] gspca_spca1528: reg_w err -71
[  503.348003][ T5963] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71
[  503.360913][ T5963] usb 5-1: USB disconnect, device number 40
[  503.440869][ T5893] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  503.488051][  T979] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  503.620900][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  503.681338][T10977] netlink: 'syz.5.1315': attribute type 10 has an invalid length.
[  503.724470][T10977] batman_adv: batadv0: Adding interface: team0
[  503.730755][T10977] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  503.756824][T10977] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  503.782999][T10977] netlink: 'syz.5.1315': attribute type 10 has an invalid length.
[  503.790925][T10977] netlink: 2 bytes leftover after parsing attributes in process `syz.5.1315'.
[  503.800630][T10977] team0: entered promiscuous mode
[  503.805708][T10977] team_slave_0: entered promiscuous mode
[  503.812812][T10977] team_slave_1: entered promiscuous mode
[  503.827029][T10977] 8021q: adding VLAN 0 to HW filter on device team0
[  503.835397][T10977] batman_adv: batadv0: Interface activated: team0
[  503.842205][T10977] batman_adv: batadv0: Interface deactivated: team0
[  503.849914][T10977] batman_adv: batadv0: Removing interface: team0
[  503.861610][T10977] bridge0: port 3(team0) entered blocking state
[  503.868568][T10977] bridge0: port 3(team0) entered disabled state
[  503.875759][T10977] team0: entered allmulticast mode
[  503.880967][T10977] team_slave_0: entered allmulticast mode
[  503.886731][T10977] team_slave_1: entered allmulticast mode
[  503.908113][T10977] bridge0: port 3(team0) entered blocking state
[  503.914484][T10977] bridge0: port 3(team0) entered forwarding state
[  503.994803][ T5893] usb 3-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  504.004532][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.007936][ T5963] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  504.018224][  T979] usb 4-1: Using ep0 maxpacket: 8
[  504.025298][ T5893] usb 3-1: config 0 descriptor??
[  504.031543][T10962] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  504.039426][  T979] usb 4-1: unable to get BOS descriptor or descriptor too short
[  504.056649][  T979] usb 4-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[  504.067060][  T979] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  504.079662][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  504.090642][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 2675, setting to 64
[  504.101665][  T979] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  504.117690][  T979] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  504.127085][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.135157][  T979] usb 4-1: Product: syz
[  504.139453][    T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  504.147133][  T979] usb 4-1: Manufacturer: syz
[  504.151866][  T979] usb 4-1: SerialNumber: syz
[  504.163385][  T979] usb 4-1: config 0 descriptor??
[  504.171486][  T979] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  504.188041][ T5963] usb 5-1: Using ep0 maxpacket: 8
[  504.198732][ T5963] usb 5-1: config 6 has an invalid interface number: 51 but max is 1
[  504.203502][  T979] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  504.207751][ T5963] usb 5-1: config 6 has no interface number 1
[  504.264044][ T5893] usbhid 3-1:0.0: can't add hid device: -71
[  504.273155][ T5893] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  504.284026][ T5893] usb 3-1: USB disconnect, device number 43
[  504.308055][    T9] usb 1-1: Using ep0 maxpacket: 32
[  504.320587][    T9] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  504.322304][ T5963] usb 5-1: config 6 interface 0 has no altsetting 0
[  504.336316][ T5963] usb 5-1: config 6 interface 51 has no altsetting 0
[  504.350315][ T5963] usb 5-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=30.ad
[  504.353598][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.359569][ T5963] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.376675][ T5963] usb 5-1: Product: syz
[  504.387863][ T5963] usb 5-1: Manufacturer: syz
[  504.392421][ T5916] usb 4-1: USB disconnect, device number 34
[  504.392471][ T5963] usb 5-1: SerialNumber: syz
[  504.412976][    T9] usb 1-1: Product: syz
[  504.417182][    T9] usb 1-1: Manufacturer: syz
[  504.425949][    T9] usb 1-1: SerialNumber: syz
[  504.437712][    T9] usb 1-1: config 0 descriptor??
[  504.445418][    T9] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  504.629349][ T5963] xr_serial 5-1:6.51: xr_serial converter detected
[  504.646696][ T5963] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[  504.654394][ T5963] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  504.670932][ T5963] usb 5-1: USB disconnect, device number 41
[  504.685937][ T5963] xr_serial 5-1:6.0: device disconnected
[  505.364944][    T9] gspca_stk1135: reg_w 0x0 err -110
[  505.377879][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  505.398751][    T9] gspca_stk1135: Sensor write failed
[  505.405188][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  505.407323][ T5963] libceph: connect (1)[c::]:6789 error -101
[  505.411674][    T9] gspca_stk1135: Sensor write failed
[  505.448223][T10990] ceph: No mds server is up or the cluster is laggy
[  505.470483][ T5963] libceph: mon0 (1)[c::]:6789 connect error
[  505.617918][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  505.624308][    T9] gspca_stk1135: Sensor read failed
[  505.637888][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  505.644248][    T9] gspca_stk1135: Sensor read failed
[  505.762330][    T9] gspca_stk1135: Detected sensor type unknown (0x0)
[  505.967121][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  506.029927][    T9] gspca_stk1135: Sensor read failed
[  506.035299][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  506.077924][    T9] gspca_stk1135: Sensor read failed
[  506.083196][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  506.109904][    T9] gspca_stk1135: Sensor write failed
[  506.116787][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  506.126314][    T9] gspca_stk1135: Sensor write failed
[  506.150169][    T9] stk1135 1-1:0.0: probe with driver stk1135 failed with error -110
[  506.205470][T11011] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  506.528316][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  506.700362][   T24] usb 6-1: Using ep0 maxpacket: 8
[  506.717347][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  506.788069][T11015] netlink: 'syz.2.1325': attribute type 10 has an invalid length.
[  506.791694][   T24] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  506.841450][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  506.854862][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  506.866617][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  506.879393][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  506.925253][   T24] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  506.934403][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.942701][   T24] usb 6-1: Product: syz
[  506.946985][   T24] usb 6-1: Manufacturer: syz
[  506.953926][   T24] usb 6-1: SerialNumber: syz
[  506.982940][   T24] usb 6-1: config 0 descriptor??
[  506.989604][T11011] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  507.071637][T11015] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  507.120196][    T9] usb 1-1: USB disconnect, device number 36
[  613.087841][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  613.094827][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9964/1:b..l P11004/2:b..l
[  613.104456][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=37933, q=328 ncpus=2)
[  613.112196][    C0] task:syz.3.1322      state:R  running task     stack:23864 pid:11004 tgid:11003 ppid:5838   task_flags:0x2040044c flags:0x00004002
[  613.126958][    C0] Call Trace:
[  613.130254][    C0]  <TASK>
[  613.133198][    C0]  __schedule+0x16a2/0x4cb0
[  613.137757][    C0]  ? preempt_schedule_irq+0xb5/0x150
[  613.143074][    C0]  ? __pfx___schedule+0x10/0x10
[  613.147954][    C0]  ? __lock_acquire+0xab9/0xd20
[  613.152819][    C0]  ? preempt_schedule_irq+0xaa/0x150
[  613.158136][    C0]  preempt_schedule_irq+0xb5/0x150
[  613.163272][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  613.169022][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  613.174847][    C0]  irqentry_exit+0x6f/0x90
[  613.179281][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  613.185269][    C0] RIP: 0010:lock_release+0x2b5/0x3e0
[  613.190578][    C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 3b af fe 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[  613.210202][    C0] RSP: 0018:ffffc9000462e750 EFLAGS: 00000206
[  613.216283][    C0] RAX: c0abeb809f03db00 RBX: 0000000000000202 RCX: c0abeb809f03db00
[  613.224268][    C0] RDX: 0000000000000001 RSI: ffffffff8db707c4 RDI: ffffffff8be1c200
[  613.232251][    C0] RBP: ffff888024c74718 R08: ffffc9000462ef10 R09: 0000000000000000
[  613.240229][    C0] R10: ffffc9000462e8d8 R11: fffff520008c5d1d R12: 0000000000000001
[  613.248213][    C0] R13: 0000000000000001 R14: ffffffff8e13ee60 R15: ffff888024c73c00
[  613.256224][    C0]  ? unwind_next_frame+0xa5/0x2390
[  613.261440][    C0]  ? unwind_next_frame+0xa5/0x2390
[  613.266561][    C0]  unwind_next_frame+0x19a9/0x2390
[  613.271683][    C0]  ? unwind_next_frame+0xa5/0x2390
[  613.276800][    C0]  ? blk_mq_dispatch_queue_requests+0x414/0x800
[  613.283059][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  613.289229][    C0]  arch_stack_walk+0x11c/0x150
[  613.294009][    C0]  ? blk_mq_flush_plug_list+0x432/0x550
[  613.299579][    C0]  stack_trace_save+0x9c/0xe0
[  613.304271][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  613.309649][    C0]  ? blk_mq_flush_plug_list+0x432/0x550
[  613.315222][    C0]  ? submit_bio_noacct_nocheck+0x4ab/0xb50
[  613.321036][    C0]  ? __block_write_full_folio+0x810/0xe10
[  613.326761][    C0]  ? blkdev_writepages+0xd1/0x170
[  613.331786][    C0]  ? do_writepages+0x32b/0x550
[  613.336550][    C0]  ? bdev_release+0x192/0x650
[  613.341227][    C0]  ? blkdev_release+0x15/0x20
[  613.345906][    C0]  ? __fput+0x44c/0xa70
[  613.350067][    C0]  ? do_exit+0x6b5/0x22e0
[  613.354404][    C0]  ? do_group_exit+0x21c/0x2d0
[  613.359177][    C0]  kasan_save_track+0x3e/0x80
[  613.363861][    C0]  ? kasan_save_track+0x3e/0x80
[  613.368716][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  613.373489][    C0]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  613.379046][    C0]  ? kmem_cache_free+0x166/0x400
[  613.383990][    C0]  ? blk_update_request+0x5eb/0xe70
[  613.389192][    C0]  ? blk_mq_end_request+0x3e/0x70
[  613.394219][    C0]  ? null_queue_rq+0xbfe/0xe30
[  613.398990][    C0]  ? null_queue_rqs+0x123/0x270
[  613.403854][    C0]  ? blk_mq_dispatch_queue_requests+0x414/0x800
[  613.410157][    C0]  __kasan_kmalloc+0x93/0xb0
[  613.414760][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[  613.420140][    C0]  ? kmem_cache_free+0x166/0x400
[  613.425087][    C0]  ? blk_update_request+0x5eb/0xe70
[  613.430292][    C0]  kmem_cache_free+0x166/0x400
[  613.435069][    C0]  blk_update_request+0x5eb/0xe70
[  613.440116][    C0]  blk_mq_end_request+0x3e/0x70
[  613.444974][    C0]  null_queue_rq+0xbfe/0xe30
[  613.449592][    C0]  null_queue_rqs+0x123/0x270
[  613.454288][    C0]  ? blk_mq_dispatch_queue_requests+0x11a/0x800
[  613.460544][    C0]  blk_mq_dispatch_queue_requests+0x414/0x800
[  613.466627][    C0]  blk_mq_flush_plug_list+0x432/0x550
[  613.472018][    C0]  ? update_io_ticks+0x21f/0x260
[  613.476970][    C0]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  613.482884][    C0]  blk_add_rq_to_plug+0x175/0x450
[  613.487931][    C0]  blk_mq_submit_bio+0xbd3/0x22d0
[  613.493007][    C0]  ? __pfx_blk_mq_submit_bio+0x10/0x10
[  613.498533][    C0]  __submit_bio+0x207/0x5a0
[  613.503062][    C0]  ? blk_add_trace_bio+0x2c/0x2e0
[  613.508098][    C0]  ? __pfx___submit_bio+0x10/0x10
[  613.513139][    C0]  ? blk_add_trace_bio+0x2c/0x2e0
[  613.518199][    C0]  submit_bio_noacct_nocheck+0x4ab/0xb50
[  613.523851][    C0]  ? bio_associate_blkg+0x6d/0x230
[  613.528984][    C0]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  613.535159][    C0]  ? submit_bio_noacct+0xd65/0x1a70
[  613.540391][    C0]  __block_write_full_folio+0x810/0xe10
[  613.545953][    C0]  ? __pfx_blkdev_get_block+0x10/0x10
[  613.551346][    C0]  blkdev_writepages+0xd1/0x170
[  613.556209][    C0]  ? __pfx_blkdev_writepages+0x10/0x10
[  613.561691][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  613.566907][    C0]  ? __pfx_blkdev_writepages+0x10/0x10
[  613.572373][    C0]  do_writepages+0x32b/0x550
[  613.576984][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  613.582196][    C0]  filemap_write_and_wait_range+0x217/0x310
[  613.588099][    C0]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[  613.594587][    C0]  ? __pfx___fsnotify_parent+0x10/0x10
[  613.600069][    C0]  ? do_raw_spin_lock+0x121/0x290
[  613.605112][    C0]  bdev_release+0x192/0x650
[  613.609637][    C0]  ? __pfx_blkdev_release+0x10/0x10
[  613.614850][    C0]  blkdev_release+0x15/0x20
[  613.619381][    C0]  __fput+0x44c/0xa70
[  613.623395][    C0]  task_work_run+0x1d4/0x260
[  613.628008][    C0]  ? __pfx_task_work_run+0x10/0x10
[  613.633146][    C0]  do_exit+0x6b5/0x22e0
[  613.637320][    C0]  ? do_raw_spin_lock+0x121/0x290
[  613.642361][    C0]  ? __pfx_do_exit+0x10/0x10
[  613.646982][    C0]  do_group_exit+0x21c/0x2d0
[  613.651588][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.656804][    C0]  get_signal+0x125e/0x1310
[  613.661343][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  613.666915][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  613.673084][    C0]  ? __fput_deferred+0x215/0x390
[  613.678043][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  613.683594][    C0]  exit_to_user_mode_loop+0x75/0x110
[  613.688921][    C0]  do_syscall_64+0x2bd/0x3b0
[  613.693530][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.698745][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.704822][    C0]  ? clear_bhb_loop+0x60/0xb0
[  613.709511][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.715463][    C0] RIP: 0033:0x7f3fa078e929
[  613.719887][    C0] RSP: 002b:00007f3fa1511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  613.728320][    C0] RAX: fffffffffffffe00 RBX: 00007f3fa09b5fa0 RCX: 00007f3fa078e929
[  613.736304][    C0] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000004
[  613.744278][    C0] RBP: 00007f3fa0810b39 R08: 0000200000000180 R09: 0000000000000000
[  613.752270][    C0] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  613.760266][    C0] R13: 0000000000000000 R14: 00007f3fa09b5fa0 R15: 00007ffc7d9fd928
[  613.768273][    C0]  </TASK>
[  613.771297][    C0] task:kworker/u8:16   state:R  running task     stack:22888 pid:9964  tgid:9964  ppid:2      task_flags:0x4208060 flags:0x00004000
[  613.784891][    C0] Workqueue: bat_events batadv_nc_worker
[  613.790547][    C0] Call Trace:
[  613.793831][    C0]  <TASK>
[  613.796770][    C0]  __schedule+0x16a2/0x4cb0
[  613.801311][    C0]  ? preempt_schedule_irq+0xb5/0x150
[  613.806618][    C0]  ? __pfx___schedule+0x10/0x10
[  613.811503][    C0]  ? preempt_schedule_irq+0xaa/0x150
[  613.816806][    C0]  preempt_schedule_irq+0xb5/0x150
[  613.821935][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  613.827677][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  613.833494][    C0]  irqentry_exit+0x6f/0x90
[  613.837920][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  613.843382][    C0] RIP: 0010:lock_acquire+0x0/0x360
[  613.848505][    C0] Code: 05 55 c3 fe 10 a9 00 ff ff 00 0f 95 c0 c3 cc cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 60 4d 89 ce 45
[  613.868136][    C0] RSP: 0018:ffffc900033c7a10 EFLAGS: 00000246
[  613.874223][    C0] RAX: 0000000000000001 RBX: ffff88802d8e0380 RCX: 0000000000000002
[  613.882217][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e13ee60
[  613.890199][    C0] RBP: ffff88807722c938 R08: 0000000000000000 R09: 0000000000000000
[  613.898178][    C0] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: dffffc0000000000
[  613.906155][    C0] R13: ffffffff8b35bfc2 R14: ffff888030634d80 R15: 0000000000000127
[  613.914133][    C0]  ? batadv_nc_worker+0xd2/0x610
[  613.919098][    C0]  batadv_nc_worker+0xef/0x610
[  613.923868][    C0]  ? batadv_nc_worker+0xd2/0x610
[  613.928816][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  613.934541][    C0]  process_scheduled_works+0xade/0x17b0
[  613.940141][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  613.946162][    C0]  worker_thread+0x8a0/0xda0
[  613.950796][    C0]  kthread+0x711/0x8a0
[  613.954889][    C0]  ? __pfx_worker_thread+0x10/0x10
[  613.960015][    C0]  ? __pfx_kthread+0x10/0x10
[  613.964625][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  613.969849][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.975061][    C0]  ? __pfx_kthread+0x10/0x10
[  613.979669][    C0]  ret_from_fork+0x3fc/0x770
[  613.984268][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  613.989406][    C0]  ? __switch_to_asm+0x39/0x70
[  613.994189][    C0]  ? __switch_to_asm+0x33/0x70
[  613.998964][    C0]  ? __pfx_kthread+0x10/0x10
[  614.003579][    C0]  ret_from_fork_asm+0x1a/0x30
[  614.008372][    C0]  </TASK>
[  614.011409][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10582 jiffies! g37933 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  614.023740][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=28266
[  614.031629][    C0] rcu: rcu_preempt kthread starved for 10583 jiffies! g37933 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  614.043021][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  614.053005][    C0] rcu: RCU grace-period kthread stack dump:
[  614.058896][    C0] task:rcu_preempt     state:I stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  614.070832][    C0] Call Trace:
[  614.074119][    C0]  <TASK>
[  614.077059][    C0]  __schedule+0x16a2/0x4cb0
[  614.081730][    C0]  ? schedule+0x165/0x360
[  614.086087][    C0]  ? __pfx___schedule+0x10/0x10
[  614.090971][    C0]  ? schedule+0x91/0x360
[  614.095231][    C0]  schedule+0x165/0x360
[  614.099403][    C0]  schedule_timeout+0x12b/0x270
[  614.104269][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  614.109658][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  614.115568][    C0]  ? __pfx_process_timeout+0x10/0x10
[  614.120873][    C0]  ? prepare_to_swait_event+0x341/0x380
[  614.126442][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  614.131314][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.136523][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  614.142689][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  614.147979][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  614.153711][    C0]  ? finish_swait+0xcd/0x1f0
[  614.158328][    C0]  rcu_gp_kthread+0x99/0x390
[  614.162937][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  614.168145][    C0]  ? __kthread_parkme+0x7b/0x200
[  614.173100][    C0]  ? __kthread_parkme+0x1a1/0x200
[  614.178140][    C0]  kthread+0x711/0x8a0
[  614.182221][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  614.187420][    C0]  ? __pfx_kthread+0x10/0x10
[  614.192021][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  614.197234][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.202444][    C0]  ? __pfx_kthread+0x10/0x10
[  614.207045][    C0]  ret_from_fork+0x3fc/0x770
[  614.211651][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  614.216772][    C0]  ? __switch_to_asm+0x39/0x70
[  614.221541][    C0]  ? __switch_to_asm+0x33/0x70
[  614.226310][    C0]  ? __pfx_kthread+0x10/0x10
[  614.230913][    C0]  ret_from_fork_asm+0x1a/0x30
[  614.235697][    C0]  </TASK>
[  614.238716][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  614.245062][    C0] Sending NMI from CPU 0 to CPUs 1:
[  614.250287][    C1] NMI backtrace for cpu 1
[  614.250301][    C1] CPU: 1 UID: 0 PID: 11030 Comm: syz.2.1329 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  614.250321][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.250331][    C1] RIP: 0010:check_preemption_disabled+0x40/0x120
[  614.250351][    C1] Code: 08 65 8b 05 26 de 34 07 65 8b 0d 1b de 34 07 f7 c1 ff ff ff 7f 74 23 65 48 8b 0d fb dd 34 07 48 3b 4c 24 08 0f 85 cc 00 00 00 <48> 83 c4 10 5b 41 5e 41 5f 5d c3 cc cc cc cc cc 48 c7 04 24 00 00
[  614.250365][    C1] RSP: 0018:ffffc900040b6f48 EFLAGS: 00000246
[  614.250386][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: adf2ecc79ea82100
[  614.250397][    C1] RDX: ffff8880256b0000 RSI: ffffffff8be1c1e0 RDI: ffffffff8be1c1a0
[  614.250409][    C1] RBP: 0000000000000001 R08: ffff8880256b0000 R09: 0000000000000002
[  614.250419][    C1] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000fffffff1
[  614.250430][    C1] R13: dffffc0000000000 R14: ffff888035f1a000 R15: ffff88807b356000
[  614.250443][    C1] FS:  00007ff522bb46c0(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  614.250457][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  614.250468][    C1] CR2: 000000110c3b7c21 CR3: 0000000058bb4000 CR4: 00000000003526f0
[  614.250482][    C1] Call Trace:
[  614.250490][    C1]  <TASK>
[  614.250500][    C1]  rcu_lockdep_current_cpu_online+0x37/0x120
[  614.250522][    C1]  rcu_read_lock_held+0x1e/0x50
[  614.250540][    C1]  qdisc_lookup_rcu+0x68/0x6d0
[  614.250564][    C1]  qdisc_tree_reduce_backlog+0x1b2/0x480
[  614.250587][    C1]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[  614.250610][    C1]  fq_change+0x1519/0x1f50
[  614.250637][    C1]  ? __pfx_fq_change+0x10/0x10
[  614.250668][    C1]  ? __hrtimer_setup+0x187/0x210
[  614.250688][    C1]  fq_init+0x699/0x960
[  614.250711][    C1]  ? __pfx_fq_init+0x10/0x10
[  614.250731][    C1]  ? lockdep_rtnl_is_held+0x26/0x40
[  614.250750][    C1]  ? qdisc_lookup+0x590/0x6d0
[  614.250770][    C1]  ? __pfx_fq_init+0x10/0x10
[  614.250789][    C1]  qdisc_create+0x7ac/0xea0
[  614.250807][    C1]  tc_modify_qdisc+0x1426/0x2010
[  614.250837][    C1]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  614.250874][    C1]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  614.250895][    C1]  rtnetlink_rcv_msg+0x779/0xb70
[  614.250913][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  614.250928][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  614.250943][    C1]  ? ref_tracker_free+0x63a/0x7d0
[  614.250964][    C1]  ? __copy_skb_header+0xa7/0x550
[  614.250984][    C1]  ? __pfx_ref_tracker_free+0x10/0x10
[  614.251011][    C1]  netlink_rcv_skb+0x208/0x470
[  614.251029][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  614.251046][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  614.251069][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  614.251085][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  614.251106][    C1]  netlink_unicast+0x75b/0x8d0
[  614.251127][    C1]  netlink_sendmsg+0x805/0xb30
[  614.251150][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.251171][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  614.251192][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.251210][    C1]  __sock_sendmsg+0x21c/0x270
[  614.251234][    C1]  ____sys_sendmsg+0x505/0x830
[  614.251256][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.251279][    C1]  ? import_iovec+0x74/0xa0
[  614.251298][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  614.251317][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.251355][    C1]  ? __fget_files+0x2a/0x420
[  614.251375][    C1]  ? __fget_files+0x3a0/0x420
[  614.251394][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  614.251414][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  614.251438][    C1]  ? rcu_is_watching+0x15/0xb0
[  614.251457][    C1]  ? do_syscall_64+0xbe/0x3b0
[  614.251473][    C1]  do_syscall_64+0xfa/0x3b0
[  614.251487][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.251508][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.251523][    C1]  ? clear_bhb_loop+0x60/0xb0
[  614.251541][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.251556][    C1] RIP: 0033:0x7ff524d8e929
[  614.251571][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.251585][    C1] RSP: 002b:00007ff522bb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  614.251601][    C1] RAX: ffffffffffffffda RBX: 00007ff524fb6160 RCX: 00007ff524d8e929
[  614.251613][    C1] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 000000000000000d
[  614.251623][    C1] RBP: 00007ff524e10b39 R08: 0000000000000000 R09: 0000000000000000
[  614.251634][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  614.251643][    C1] R13: 0000000000000000 R14: 00007ff524fb6160 R15: 00007ffc680bf0b8
[  614.251663][    C1]  </TASK>
[  614.717895][    C0] hrtimer: interrupt took 1630070863 ns