last executing test programs:

2.333180964s ago: executing program 1 (id=1425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
semtimedop(0x0, 0x0, 0x0, 0x0)

2.018753745s ago: executing program 1 (id=1428):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c"], 0x30}}], 0x1, 0x4008804)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x800448d2, &(0x7f0000000100))

1.861173879s ago: executing program 1 (id=1431):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000280)=0x9, 0x4)

1.703311246s ago: executing program 4 (id=1435):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000207b8af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd26, 0x8000002, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xff, 0x1, 0x8001}, {0x8, 0x6a6, 0xffff, 0x5, 0x2, 0x2}}}, @TCF_EM_CONTAINER={0x10, 0x2, 0x0, 0x0, {{0xffff, 0x0, 0x7540}, '\"'}}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)

1.649824015s ago: executing program 1 (id=1436):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x22048854, &(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1005c, '\x00', 0x0, @cgroup_sock=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @value}, 0x94)
r2 = shmget$private(0x0, 0x1000, 0x59, &(0x7f0000ffe000/0x1000)=nil)
setreuid(0xee00, 0x0)
setreuid(0x0, 0x0)
shmat(r2, &(0x7f0000001000/0x3000)=nil, 0x2000)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x2, 0x1000001, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x4c4c}, @TCA_CAKE_RTT={0x8, 0x7, 0x7}]}}]}, 0x44}}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0xd000, 0x11, 0x0, 0x27)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000000000000cb000000cb000000030000000300000000000010100000000b0000000600000f03000000020000005ab8d997018000005905000002000000060000000200000001000000070000000200000005000000040000000300000004000000f8ffffff010000000300000009000000090000003f6da8020000000000001008000000010000000000001102000000020000000000000000000003000000000200000002000000000800000f0000000000001008000000100000000000000b01000000040000000000000e0300000000000000040000000000000b0000000000000000"], &(0x7f00000005c0)=""/220, 0xe7, 0xdc, 0x0, 0xfff, 0x0, @void, @value}, 0x28)
openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000740)={0x0, <r5=>0x0})
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
lchown(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r6, r7)
getpid()
sched_setscheduler(r5, 0x3, &(0x7f0000000200)=0x2008001)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
accept$inet6(r9, &(0x7f00000001c0)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000440)=0xfffffffffffffe13)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x20, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r9, 0x29, 0x1, &(0x7f0000000080), 0x4)
r10 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000040)={0x0, <r11=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="240000001a00010026bd7000fddbdf250a2000010000ff060029000008001900", @ANYRES32=r11, @ANYBLOB="ca43f8555a4605fc5deec6ddc59917efb643f0e8b280c667a29e7a005f3d8f2f5e2153b30bdbfbf54e3a8c4d9786b97ef48e2e4bf3bbad8aeaa17004e23ddedbfc50cb8fa58ba6853d4e965e608ad95276de225467efb0de94f485026bec69ff26932c7ba08326560ae7c0c11f1d02628c61ee785f50ecb428c07bbb3ab95ef49295bd207362205616a22557747788e96a554974fab06c336c9d4908af4ff62eb35b76330bdd6d98a7889e8d22e6fa7e7a3ca8fcc3cffa19a989fa1e788a4ff0309574689891248f3d8471fc5c0d57492b9992ef04acf7992e1a9dc81d8169765754d3d0a3110b"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x10)
getgid()

1.634883126s ago: executing program 2 (id=1437):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2000000)

1.437276161s ago: executing program 2 (id=1440):
socket$inet6_sctp(0xa, 0x1, 0x84)
writev(0xffffffffffffffff, &(0x7f0000001400)=[{0x0, 0x180}, {&(0x7f0000001280)="9f", 0x1}], 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='kfree\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x7}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x3, 0x0, 0x3, 0x2}]}]}, 0xfc}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xa0, 0x21, 0x1, 0xfffffffc, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x100000}, [@migrate={0x50, 0x11, [{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@dev={0xac, 0x14, 0x14, 0x2d}, @in6=@private2={0xfc, 0x2, '\x00', 0x2}, 0x3c, 0x0, 0x0, 0x3, 0x8, 0x2}]}]}, 0xa0}}, 0x0)

1.40542908s ago: executing program 4 (id=1441):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6})

1.384029303s ago: executing program 3 (id=1442):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000280)={0x0, 0x19, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)

1.189989466s ago: executing program 2 (id=1444):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r2, 0xffffffffffffffff, 0x100000000000000)

1.138828041s ago: executing program 4 (id=1445):
poll(0x0, 0x0, 0xfb)

1.125618391s ago: executing program 3 (id=1446):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_COOKIE(r0, 0x1, 0x47, 0x0, &(0x7f0000000080))

1.037210895s ago: executing program 3 (id=1447):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x121880, 0x0)
r1 = syz_io_uring_setup(0x3bbd, &(0x7f0000000780)={0x0, 0x942e, 0x10100, 0x6, 0x289}, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n'], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
io_uring_enter(r1, 0x567, 0x72, 0x0, 0x0, 0x0)

937.460583ms ago: executing program 2 (id=1449):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)='%pK    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
write$cgroup_int(r0, &(0x7f0000000000)=0x91e, 0x12)

936.744699ms ago: executing program 0 (id=1450):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="44010000100013072abd700000000000ffffffff000000000000000000000000ac1e000100b062e0676fbd371098a74f32d00000000000000000000000000004", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff0200000000000000000000000000010000000032000000ac1414aa000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000000000000100002000000000feffffff0000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00", @ANYBLOB='B'], 0x144}}, 0x0)

837.613003ms ago: executing program 3 (id=1451):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000700000e0000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a01080000000000000000010000000900020073797a32000000003400038030000080080003400000000224000b80200001800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30"], 0xe4}}, 0x0)

833.703626ms ago: executing program 0 (id=1452):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x9a, &(0x7f0000000180)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x64, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x2, 0x1, "bb577147f8c63bab95cc025f2c123662d48c6e01d8630bf2addfd0edf624317d", "8ab859c3d9fe9a2f9edb8e36339e135d", {"1f142a168a75d33e838bef40d2fcff6c", "b8d91538c6c53fafd6fea68a0e45b49f"}}}}}}}}, 0x0)

761.940394ms ago: executing program 3 (id=1453):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x2556, 0x1000, 0x2, 0x24d}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)=""/139, 0x8b}], 0x1})
io_uring_enter(r1, 0x29a4, 0x0, 0x1, 0x0, 0x0)

713.715531ms ago: executing program 4 (id=1454):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0)

642.20536ms ago: executing program 0 (id=1455):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x12, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xfff2, 0xfff3}, {0xb, 0x1}, {0x4}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x9}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0xff800}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008814}, 0x20000040)

641.843044ms ago: executing program 1 (id=1456):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e)
sendmmsg(r1, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="ab", 0x5ea}], 0x1}}], 0x484, 0x24048084)

622.3962ms ago: executing program 2 (id=1457):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r4, r3, r3, 0x0)
keyctl$KEYCTL_MOVE(0x4, r2, r2, 0x0, 0x0)

557.614932ms ago: executing program 4 (id=1458):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000025ad9835850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r2, &(0x7f00000002c0)={0x11, 0xf5, 0x0, 0x1, 0x1, 0x6, @multicast}, 0x14)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f5"], 0xfdef)

477.964685ms ago: executing program 0 (id=1459):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a00)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x200, 0x1, 0x1}, {0x9, 0x7, 0x1, 0x2, 0x3, 0x1, 0x2}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x9, 0x7, 0xff}, {{}, {0x2, 0x1, 0x1, 0x1}}}}]}]}]}}]}, 0x70}}, 0x0)

270.672931ms ago: executing program 2 (id=1460):
r0 = socket$inet6(0xa, 0x6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r1, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0xa6}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)
close_range(r0, 0xffffffffffffffff, 0x0)

157.775686ms ago: executing program 3 (id=1461):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
r4 = fsmount(r1, 0x0, 0x0)
fchdir(r4)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

156.463581ms ago: executing program 0 (id=1462):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x85, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040090)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1695458af2ac700, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000000000000000000000400", @ANYRES32=r1, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)

35.860402ms ago: executing program 1 (id=1463):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x50, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)

1.207719ms ago: executing program 0 (id=1464):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = io_uring_setup(0x1783, &(0x7f0000000640)={0x0, 0xfffffffe, 0x800, 0x1, 0x2de})
r3 = creat(&(0x7f0000000300)='./file0\x00', 0xed)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r3, &(0x7f0000001880)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e84b928ecb96e0e4e781bfca4c928c956321dd51400000000000020011584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26cfbb2eb91e40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a63d070000930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299dea6c08073dd0c47b9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8303985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725436101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35cfe7d498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c17d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de588503c84c490f4986aa26e7b63d4c5a30157cdf82e433a1b64496392a1990b2a46b910d9a16429736308f71d8e78824a26f25f21829546b973c0905b20c2ef751eb0064eaf831874f0b58ef8779cafd02bcf075a212e79e07c73c49fc240d6845877fda649d1ab59ea06b907ec5031299a0e1fa2f8cbc241a8531ad241302b569d4581dcc944f27799f25593b97ea7681ba74d6cde9c8f58840ac4c4be3aa90e6273a64e549c47c7232f423406604c9c210eabe3d6a2343bd6c2ae72ab013ce2af32467bcfa8cbf0769f", 0x45b)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45b], 0x0, 0x0, 0x1, 0x1, r5}}, 0x40)
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=1465):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
pwritev(r0, 0x0, 0x0, 0x7, 0x0)

kernel console output (not intermixed with test programs):

 size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  442.706004][ T9222] netlink: 788 bytes leftover after parsing attributes in process `syz.2.943'.
[  443.294246][ T6172] tipc: Node number set to 2886997007
[  443.709274][ T9229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.944'.
[  443.775747][ T9229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.944'.
[  444.391534][ T9232] Invalid logical block size (150994944)
[  445.908947][ T9255] xt_connbytes: Forcing CT accounting to be enabled
[  445.916489][ T9255] --map-set only usable from mangle table
[  446.367371][  T992] net_ratelimit: 14 callbacks suppressed
[  446.367392][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  446.387642][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  446.401980][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  446.416433][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  447.458857][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  447.473490][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  447.487903][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  447.503116][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  447.666786][ T9277] netlink: 16215 bytes leftover after parsing attributes in process `syz.4.959'.
[  447.758099][ T9284] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  447.944367][ T9285] loop2: detected capacity change from 0 to 7
[  447.994028][ T9285] Dev loop2: unable to read RDB block 7
[  447.999659][ T9285]  loop2: AHDI p1 p2 p3
[  448.652651][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  448.667160][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  448.667697][ T9285] loop2: partition table partially beyond EOD, truncated
[  448.754443][ T9285] loop2: p1 start 1601398130 is beyond EOD, truncated
[  448.993685][ T9285] loop2: p2 start 1702059890 is beyond EOD, truncated
[  449.103326][ T9290] i2c i2c-0: Invalid block write size 33
[  449.187175][ T9290] ip6tnl1: entered promiscuous mode
[  449.192453][ T9290] ip6tnl1: entered allmulticast mode
[  449.206692][   T30] audit: type=1400 audit(1746636249.853:74): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9293 comm="syz.0.964"
[  449.226775][ T9290] team0: Device ip6tnl1 is of different type
[  450.011835][ T9304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.966'.
[  450.304063][ T3597] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  450.606533][ T3597] usb 1-1: Using ep0 maxpacket: 8
[  450.643610][ T3597] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  450.685836][ T3597] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.702737][ T3597] usb 1-1: Product: syz
[  450.743854][ T3597] usb 1-1: Manufacturer: syz
[  450.749648][ T3597] usb 1-1: SerialNumber: syz
[  450.774257][ T3597] usb 1-1: config 0 descriptor??
[  450.789373][ T9310] tipc: Enabling of bearer <et‚:g> rejected, media not registered
[  451.299932][ T3597] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  452.067545][   T68] net_ratelimit: 18 callbacks suppressed
[  452.067562][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  452.098181][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  452.118124][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  452.132720][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  452.511855][ T9324] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  452.740493][ T3597] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  452.844126][    T9] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  452.869767][ T3597] usb 1-1: USB disconnect, device number 39
[  452.915801][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  452.931207][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  452.946348][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  452.960874][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  453.222257][    T9] usb 5-1: device descriptor read/64, error -71
[  453.832155][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  453.846347][   T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  453.846391][   T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  453.846406][   T55] Workqueue: hci1 hci_rx_work
[  453.846438][   T55] Call Trace:
[  453.846446][   T55]  <TASK>
[  453.846456][   T55]  dump_stack_lvl+0x189/0x250
[  453.846490][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.846519][   T55]  ? __pfx__printk+0x10/0x10
[  453.846551][   T55]  ? kernfs_path_from_node+0x2b/0x260
[  453.846572][   T55]  ? kernfs_path_from_node+0x2b/0x260
[  453.846590][   T55]  ? kernfs_path_from_node+0x2b/0x260
[  453.846612][   T55]  ? kernfs_path_from_node+0x216/0x260
[  453.846635][   T55]  sysfs_create_dir_ns+0x259/0x280
[  453.846670][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  453.846705][   T55]  ? do_raw_spin_unlock+0x122/0x240
[  453.846732][   T55]  kobject_add_internal+0x59f/0xb40
[  453.846770][   T55]  kobject_add+0x155/0x220
[  453.846802][   T55]  ? __pfx_kobject_add+0x10/0x10
[  453.846828][   T55]  ? _raw_spin_unlock+0x28/0x50
[  453.846852][   T55]  ? get_device_parent+0x366/0x3a0
[  453.846880][   T55]  device_add+0x408/0xb50
[  453.846908][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  453.846936][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  453.846983][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  453.847017][   T55]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  453.847038][   T55]  ? __asan_memcpy+0x40/0x70
[  453.847065][   T55]  ? __pfx___mutex_lock+0x10/0x10
[  453.847089][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  453.847111][   T55]  ? skb_pull_data+0xfb/0x200
[  453.847147][   T55]  hci_le_conn_complete_evt+0x187/0x450
[  453.847187][   T55]  hci_event_packet+0x7a2/0x1270
[  453.847219][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  453.847250][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  453.847278][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  453.847301][   T55]  ? lockdep_hardirqs_on+0x20/0x150
[  453.847327][   T55]  ? hci_send_to_monitor+0xd7/0x4f0
[  453.847370][   T55]  hci_rx_work+0x46a/0xe80
[  453.847407][   T55]  ? process_scheduled_works+0x9ec/0x17a0
[  453.847440][   T55]  process_scheduled_works+0xadb/0x17a0
[  453.847503][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  453.847552][   T55]  worker_thread+0x8a0/0xda0
[  453.847614][   T55]  kthread+0x70e/0x8a0
[  453.847640][   T55]  ? __pfx_worker_thread+0x10/0x10
[  453.847670][   T55]  ? __pfx_kthread+0x10/0x10
[  453.847694][   T55]  ? __pfx_kthread+0x10/0x10
[  453.847715][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.847735][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  453.847757][   T55]  ? __pfx_kthread+0x10/0x10
[  453.847778][   T55]  ret_from_fork+0x4b/0x80
[  453.847796][   T55]  ? __pfx_kthread+0x10/0x10
[  453.847818][   T55]  ret_from_fork_asm+0x1a/0x30
[  453.847867][   T55]  </TASK>
[  453.847897][   T55] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  454.134325][   T55] Bluetooth: hci1: failed to register connection device
[  454.139828][    T9] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  454.159274][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  454.173806][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  454.543857][    T9] usb 5-1: device descriptor read/64, error -71
[  455.283537][    T9] usb usb5-port1: attempt power cycle
[  455.853890][    T9] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  456.186502][    T9] usb 5-1: device not accepting address 35, error -71
[  457.134980][   T36] net_ratelimit: 14 callbacks suppressed
[  457.135001][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  457.155116][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  457.169539][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  457.183904][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  457.533936][ T9358] syz_tun: entered allmulticast mode
[  457.852061][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  457.866855][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  457.881258][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  457.895578][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  457.979656][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.984'.
[  458.706465][ T9353] syz_tun: left allmulticast mode
[  458.785859][ T9366] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  458.945036][ T9371] FAULT_INJECTION: forcing a failure.
[  458.945036][ T9371] name failslab, interval 1, probability 0, space 0, times 0
[  459.033224][ T9371] CPU: 0 UID: 0 PID: 9371 Comm: syz.4.989 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  459.033257][ T9371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  459.033270][ T9371] Call Trace:
[  459.033278][ T9371]  <TASK>
[  459.033287][ T9371]  dump_stack_lvl+0x189/0x250
[  459.033322][ T9371]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.033349][ T9371]  ? __pfx__printk+0x10/0x10
[  459.033386][ T9371]  ? __pfx___might_resched+0x10/0x10
[  459.033421][ T9371]  should_fail_ex+0x414/0x560
[  459.033458][ T9371]  should_failslab+0xa8/0x100
[  459.033490][ T9371]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  459.033521][ T9371]  ? __alloc_skb+0x112/0x2d0
[  459.033549][ T9371]  __alloc_skb+0x112/0x2d0
[  459.033575][ T9371]  netlink_sendmsg+0x5c6/0xb30
[  459.033595][ T9371]  ? is_bpf_text_address+0x26/0x2b0
[  459.033630][ T9371]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.033673][ T9371]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  459.033693][ T9371]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.033716][ T9371]  __sock_sendmsg+0x219/0x270
[  459.033753][ T9371]  ____sys_sendmsg+0x505/0x830
[  459.033784][ T9371]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.033820][ T9371]  ? import_iovec+0x74/0xa0
[  459.033850][ T9371]  ___sys_sendmsg+0x21f/0x2a0
[  459.033878][ T9371]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.033946][ T9371]  ? __fget_files+0x2a/0x420
[  459.033975][ T9371]  ? __fget_files+0x3a0/0x420
[  459.034016][ T9371]  __x64_sys_sendmsg+0x19b/0x260
[  459.034045][ T9371]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  459.034087][ T9371]  ? do_syscall_64+0xba/0x210
[  459.034114][ T9371]  do_syscall_64+0xf6/0x210
[  459.034138][ T9371]  ? clear_bhb_loop+0x45/0xa0
[  459.034162][ T9371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.034181][ T9371] RIP: 0033:0x7f715b98e969
[  459.034200][ T9371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.034217][ T9371] RSP: 002b:00007f715c818038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.034239][ T9371] RAX: ffffffffffffffda RBX: 00007f715bbb5fa0 RCX: 00007f715b98e969
[  459.034254][ T9371] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  459.034267][ T9371] RBP: 00007f715c818090 R08: 0000000000000000 R09: 0000000000000000
[  459.034279][ T9371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.034290][ T9371] R13: 0000000000000000 R14: 00007f715bbb5fa0 R15: 00007ffea54aab48
[  459.034322][ T9371]  </TASK>
[  459.289987][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  459.291968][   T30] audit: type=1400 audit(1746636259.953:75): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9373 comm="syz.0.991" daddr=fe80::bb
[  459.304471][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  460.177950][ T9391] ±˙: renamed from team_slave_1 (while UP)
[  460.263954][ T5865] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  460.423859][ T5865] usb 5-1: Using ep0 maxpacket: 8
[  460.445245][ T5865] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  460.478869][ T5865] usb 5-1: config 0 has no interface number 0
[  460.529986][ T5865] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  460.576878][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.598205][ T5865] usb 5-1: Product: syz
[  460.612655][ T5865] usb 5-1: Manufacturer: syz
[  460.648702][ T5865] usb 5-1: SerialNumber: syz
[  460.677188][ T5865] usb 5-1: config 0 descriptor??
[  461.950658][ T9408] FAULT_INJECTION: forcing a failure.
[  461.950658][ T9408] name failslab, interval 1, probability 0, space 0, times 0
[  462.024622][ T9408] CPU: 0 UID: 0 PID: 9408 Comm: syz.1.1000 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  462.024654][ T9408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  462.024667][ T9408] Call Trace:
[  462.024675][ T9408]  <TASK>
[  462.024684][ T9408]  dump_stack_lvl+0x189/0x250
[  462.024720][ T9408]  ? __pfx_dump_stack_lvl+0x10/0x10
[  462.024748][ T9408]  ? __pfx__printk+0x10/0x10
[  462.024785][ T9408]  ? __pfx___might_resched+0x10/0x10
[  462.024814][ T9408]  ? fs_reclaim_acquire+0x7d/0x100
[  462.024841][ T9408]  should_fail_ex+0x414/0x560
[  462.024878][ T9408]  should_failslab+0xa8/0x100
[  462.024911][ T9408]  __kmalloc_noprof+0xcb/0x4f0
[  462.024939][ T9408]  ? sock_kmalloc+0xd6/0x160
[  462.024971][ T9408]  sock_kmalloc+0xd6/0x160
[  462.025001][ T9408]  hash_accept_parent+0x80/0x370
[  462.025022][ T9408]  ? __pfx_hash_accept_parent+0x10/0x10
[  462.025054][ T9408]  af_alg_accept+0x174/0x520
[  462.025089][ T9408]  hash_accept+0x16a/0x390
[  462.025111][ T9408]  do_accept+0x48c/0x680
[  462.025139][ T9408]  ? __pfx_do_accept+0x10/0x10
[  462.025186][ T9408]  __sys_accept4+0x11c/0x1c0
[  462.025211][ T9408]  ? __pfx___sys_accept4+0x10/0x10
[  462.025229][ T9408]  ? ksys_write+0x1f0/0x250
[  462.025277][ T9408]  __x64_sys_accept4+0x9a/0xb0
[  462.025301][ T9408]  do_syscall_64+0xf6/0x210
[  462.025326][ T9408]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  462.025345][ T9408]  ? clear_bhb_loop+0x45/0xa0
[  462.025370][ T9408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.025389][ T9408] RIP: 0033:0x7f2b3b38e969
[  462.025407][ T9408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.025425][ T9408] RSP: 002b:00007f2b3c10e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  462.025447][ T9408] RAX: ffffffffffffffda RBX: 00007f2b3b5b5fa0 RCX: 00007f2b3b38e969
[  462.025462][ T9408] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004
[  462.025474][ T9408] RBP: 00007f2b3c10e090 R08: 0000000000000000 R09: 0000000000000000
[  462.025487][ T9408] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  462.025499][ T9408] R13: 0000000000000000 R14: 00007f2b3b5b5fa0 R15: 00007ffdffafdd78
[  462.025532][ T9408]  </TASK>
[  462.253325][    C0] vkms_vblank_simulate: vblank timer overrun
[  462.471221][ T5865] usb 5-1: Found UVC 0.04 device syz (046d:08c3)
[  462.499294][ T5865] uvcvideo 5-1:0.31: Entity type for entity Output 6 was not initialized!
[  462.547401][  T992] net_ratelimit: 14 callbacks suppressed
[  462.547421][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  462.570566][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  462.585036][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  462.599362][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  462.614955][ T5894] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  462.634013][ T5865] usb 5-1: Failed to create links for entity 5
[  462.640237][ T5865] usb 5-1: Failed to register entities (-22).
[  462.684396][ T5865] usb 5-1: USB disconnect, device number 37
[  462.717192][    C0] Unknown status report in ack skb
[  462.783927][ T5894] usb 1-1: Using ep0 maxpacket: 32
[  462.792293][ T5894] usb 1-1: config 0 has an invalid interface number: 29 but max is 0
[  462.801863][ T5894] usb 1-1: config 0 has no interface number 0
[  462.831577][ T5894] usb 1-1: config 0 interface 29 has no altsetting 0
[  462.852495][ T5894] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9316, bcdDevice=bd.5e
[  462.864660][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.872820][ T5894] usb 1-1: Product: syz
[  462.882363][ T5894] usb 1-1: Manufacturer: syz
[  462.888406][ T5894] usb 1-1: SerialNumber: syz
[  462.923153][ T5894] usb 1-1: config 0 descriptor??
[  463.172486][ T9411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.183888][   T30] audit: type=1400 audit(1746636263.833:76): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9415 comm="syz.3.1004" daddr=fe80::bb
[  463.184691][ T9411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.295523][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  463.310047][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  463.324615][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  463.338987][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  463.382701][ T9411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.559238][ T9411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.160316][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  464.174809][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  464.314227][ T5894] ftdi_sio 1-1:0.29: FTDI USB Serial Device converter detected
[  464.323685][ T5894] ftdi_sio ttyUSB0: unknown device type: 0xbd5e
[  464.822226][    T9] usb 1-1: USB disconnect, device number 40
[  464.829514][    T9] ftdi_sio 1-1:0.29: device disconnected
[  465.026977][   T30] audit: type=1400 audit(1746636265.693:77): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9436 comm="syz.0.1008" daddr=fe80::11
[  465.027549][ T9438] FAULT_INJECTION: forcing a failure.
[  465.027549][ T9438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.269263][ T9438] CPU: 0 UID: 0 PID: 9438 Comm: syz.0.1008 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  465.269294][ T9438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  465.269307][ T9438] Call Trace:
[  465.269314][ T9438]  <TASK>
[  465.269323][ T9438]  dump_stack_lvl+0x189/0x250
[  465.269357][ T9438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.269384][ T9438]  ? __pfx__printk+0x10/0x10
[  465.269427][ T9438]  should_fail_ex+0x414/0x560
[  465.269463][ T9438]  _copy_to_user+0x31/0xb0
[  465.269491][ T9438]  simple_read_from_buffer+0xe1/0x170
[  465.269524][ T9438]  proc_fail_nth_read+0x1df/0x250
[  465.269548][ T9438]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  465.269571][ T9438]  ? rw_verify_area+0x258/0x650
[  465.269595][ T9438]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  465.269615][ T9438]  vfs_read+0x1fd/0x980
[  465.269646][ T9438]  ? __pfx___mutex_lock+0x10/0x10
[  465.269669][ T9438]  ? __pfx_vfs_read+0x10/0x10
[  465.269696][ T9438]  ? __fget_files+0x2a/0x420
[  465.269730][ T9438]  ? __fget_files+0x3a0/0x420
[  465.269757][ T9438]  ? __fget_files+0x2a/0x420
[  465.269796][ T9438]  ksys_read+0x145/0x250
[  465.269819][ T9438]  ? rcu_is_watching+0x15/0xb0
[  465.269848][ T9438]  ? __pfx_ksys_read+0x10/0x10
[  465.269877][ T9438]  ? do_syscall_64+0xba/0x210
[  465.269904][ T9438]  do_syscall_64+0xf6/0x210
[  465.269928][ T9438]  ? clear_bhb_loop+0x45/0xa0
[  465.269953][ T9438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.269971][ T9438] RIP: 0033:0x7f16e738d37c
[  465.269989][ T9438] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  465.270005][ T9438] RSP: 002b:00007f16e824a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  465.270026][ T9438] RAX: ffffffffffffffda RBX: 00007f16e75b5fa0 RCX: 00007f16e738d37c
[  465.270040][ T9438] RDX: 000000000000000f RSI: 00007f16e824a0a0 RDI: 0000000000000004
[  465.270053][ T9438] RBP: 00007f16e824a090 R08: 0000000000000000 R09: 0000000000000000
[  465.270064][ T9438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.270076][ T9438] R13: 0000000000000000 R14: 00007f16e75b5fa0 R15: 00007ffe5c82b058
[  465.270108][ T9438]  </TASK>
[  465.488551][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.978757][ T9451] input: syz1 as /devices/virtual/input/input20
[  466.111191][ T9453] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1014'.
[  466.190486][ T9453] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1014'.
[  467.468882][ T9467] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  467.475461][ T9467] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  467.494517][ T9470] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  467.504532][ T9467] vhci_hcd vhci_hcd.0: Device attached
[  467.744115][ T3597] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  467.924303][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  467.929265][   T68] net_ratelimit: 23 callbacks suppressed
[  467.929288][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  467.952249][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  467.966642][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  467.981698][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  468.165252][   T30] audit: type=1400 audit(1746636268.833:78): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9479 comm="syz.4.1022" daddr=::ffff:172.20.20.170 dest=20005
[  468.203980][    T9] usb 4-1: device descriptor read/64, error -71
[  468.211087][   T30] audit: type=1400 audit(1746636268.863:79): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9479 comm="syz.4.1022" dest=2
[  468.434063][ T5865] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  468.482448][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  468.689900][ T5865] usb 5-1: config 0 has an invalid interface number: 120 but max is 0
[  468.801490][ T9471] vhci_hcd: connection reset by peer
[  468.834725][ T5865] usb 5-1: config 0 has no interface number 0
[  468.840893][ T5865] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  468.842840][ T7770] vhci_hcd: stop threads
[  468.858167][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  468.872512][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  468.886964][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  468.901599][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  468.963887][ T7770] vhci_hcd: release socket
[  468.968885][ T5865] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  468.973937][    T9] usb 4-1: device descriptor read/64, error -71
[  468.991807][ T5865] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice=55.58
[  468.994881][ T7770] vhci_hcd: disconnect device
[  469.038725][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.067825][ T5865] usb 5-1: Product: syz
[  469.072527][ T5865] usb 5-1: Manufacturer: syz
[  469.080926][ T5865] usb 5-1: SerialNumber: syz
[  469.091271][ T5865] usb 5-1: config 0 descriptor??
[  469.125327][    T9] usb usb4-port1: attempt power cycle
[  469.125780][ T5865] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.120/input/input21
[  469.466642][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  469.509204][    T9] usb 4-1: device descriptor read/8, error -71
[  469.584922][ T9498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'.
[  469.655729][ T9498] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1029'.
[  470.023806][ T9499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  470.139041][ T9499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.244310][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  470.258757][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  470.373906][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  470.531495][ T9509] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  471.228160][    T9] usb 4-1: device not accepting address 26, error -71
[  471.247978][    T9] usb usb4-port1: unable to enumerate USB device
[  471.378772][   T24] usb 5-1: USB disconnect, device number 38
[  472.508205][   T30] audit: type=1400 audit(1746636273.143:80): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9526 comm="syz.2.1038" daddr=fe80::bb
[  472.560796][   T24] usb 1-1: new full-speed USB device number 41 using dummy_hcd
[  472.825646][ T9541] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1042'.
[  472.995156][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1041'.
[  473.315214][ T9543] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1041'.
[  473.438835][ T3597] vhci_hcd: vhci_device speed not set
[  473.456603][   T24] usb 1-1: config 8 has an invalid interface number: 243 but max is 0
[  473.460830][   T12] net_ratelimit: 10 callbacks suppressed
[  473.460851][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  473.485503][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  473.500497][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  473.515362][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  473.648126][   T24] usb 1-1: config 8 has no interface number 0
[  473.678577][   T24] usb 1-1: config 8 interface 243 has no altsetting 0
[  473.794449][ T9547] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  474.249678][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  474.264371][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  474.278770][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  474.293176][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  474.587245][   T24] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=99.35
[  474.596411][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.604490][   T24] usb 1-1: Product: syz
[  474.608688][   T24] usb 1-1: Manufacturer: syz
[  474.613326][   T24] usb 1-1: SerialNumber: syz
[  474.936207][   T24] usb 1-1: selecting invalid altsetting 3
[  474.943118][   T24] comedi comedi0: could not set alternate setting 3 in high speed
[  474.974356][   T24] usbdux 1-1:8.243: driver 'usbdux' failed to auto-configure device.
[  475.081580][   T24] usbdux 1-1:8.243: probe with driver usbdux failed with error -22
[  475.185478][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  475.200366][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  475.271380][   T24] usb 1-1: USB disconnect, device number 41
[  475.431315][ T6042] udevd[6042]: setting owner of /dev/bus/usb/001/041 to uid=0, gid=0 failed: No such file or directory
[  475.969665][ T9558] input: syz1 as /devices/virtual/input/input22
[  477.652191][ T9583] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  478.534918][   T68] net_ratelimit: 18 callbacks suppressed
[  478.534940][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  478.555240][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  478.569877][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  478.584245][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  478.696028][ T9585] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  478.797771][ T9589] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744071970837394)
[  478.837738][ T9589] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[  479.214215][ T5894] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  479.367572][ T5894] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  479.403013][ T5894] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  479.429066][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  479.460169][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  479.463537][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  479.485879][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  479.486205][ T5894] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  479.500223][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  479.500258][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  479.753846][ T5894] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  479.762955][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.822482][ T5894] usb 4-1: config 0 descriptor??
[  479.843477][ T9590] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  479.843815][   T30] audit: type=1400 audit(1746636280.503:81): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9601 comm="syz.2.1063" daddr=ff02::1 dest=20004
[  480.097909][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  480.112668][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  480.315357][ T5894] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd
[  480.400406][ T9612] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  480.515992][ T5894] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  480.577512][ T5894] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  480.883271][ T9615] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  481.814080][    T9] usb 4-1: USB disconnect, device number 27
[  482.388089][ T9626] xt_TCPMSS: Only works on TCP SYN packets
[  482.455254][ T9627] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1067'.
[  482.466138][ T9626] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1067'.
[  483.999128][   T12] net_ratelimit: 18 callbacks suppressed
[  483.999151][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  484.019498][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  484.034037][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  484.048660][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  485.141875][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  485.156419][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  485.170770][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  485.186025][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  485.235530][ T9643] FAULT_INJECTION: forcing a failure.
[  485.235530][ T9643] name failslab, interval 1, probability 0, space 0, times 0
[  485.304601][ T9643] CPU: 0 UID: 0 PID: 9643 Comm: syz.3.1076 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  485.304632][ T9643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  485.304646][ T9643] Call Trace:
[  485.304654][ T9643]  <TASK>
[  485.304663][ T9643]  dump_stack_lvl+0x189/0x250
[  485.304701][ T9643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.304729][ T9643]  ? __pfx__printk+0x10/0x10
[  485.304768][ T9643]  ? ref_tracker_alloc+0x318/0x460
[  485.304793][ T9643]  should_fail_ex+0x414/0x560
[  485.304830][ T9643]  should_failslab+0xa8/0x100
[  485.304863][ T9643]  kmem_cache_alloc_noprof+0x73/0x3c0
[  485.304893][ T9643]  ? skb_clone+0x212/0x3a0
[  485.304925][ T9643]  skb_clone+0x212/0x3a0
[  485.304956][ T9643]  __netlink_deliver_tap+0x404/0x850
[  485.304992][ T9643]  ? netlink_deliver_tap+0x2e/0x1b0
[  485.305015][ T9643]  netlink_deliver_tap+0x19c/0x1b0
[  485.305038][ T9643]  netlink_unicast+0x72f/0x8d0
[  485.305082][ T9643]  netlink_sendmsg+0x805/0xb30
[  485.305114][ T9643]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.305145][ T9643]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  485.305166][ T9643]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.305189][ T9643]  __sock_sendmsg+0x219/0x270
[  485.305224][ T9643]  __sys_sendto+0x3bd/0x520
[  485.305250][ T9643]  ? __pfx___sys_sendto+0x10/0x10
[  485.305269][ T9643]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  485.305308][ T9643]  ? __fget_files+0x3a0/0x420
[  485.305351][ T9643]  ? ksys_write+0x1f0/0x250
[  485.305376][ T9643]  ? rcu_is_watching+0x15/0xb0
[  485.305415][ T9643]  __x64_sys_sendto+0xde/0x100
[  485.305440][ T9643]  do_syscall_64+0xf6/0x210
[  485.305478][ T9643]  ? clear_bhb_loop+0x45/0xa0
[  485.305503][ T9643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.305522][ T9643] RIP: 0033:0x7f0ca0f8e969
[  485.305541][ T9643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  485.305559][ T9643] RSP: 002b:00007f0ca1e9c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  485.305580][ T9643] RAX: ffffffffffffffda RBX: 00007f0ca11b5fa0 RCX: 00007f0ca0f8e969
[  485.305595][ T9643] RDX: 0000000000010a73 RSI: 0000200000000000 RDI: 0000000000000003
[  485.305608][ T9643] RBP: 00007f0ca1e9c090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[  485.305622][ T9643] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  485.305633][ T9643] R13: 0000000000000000 R14: 00007f0ca11b5fa0 R15: 00007ffe4e6dae98
[  485.305671][ T9643]  </TASK>
[  485.305719][ T9643] netlink: 16215 bytes leftover after parsing attributes in process `syz.3.1076'.
[  485.848487][ T9655] No source specified
[  485.914625][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  485.929371][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  486.074302][ T3597] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  486.400760][ T3597] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  487.036017][ T3597] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.174594][ T3597] usb 4-1: config 0 descriptor??
[  487.187182][ T3597] cp210x 4-1:0.0: cp210x converter detected
[  487.946921][ T9672] dlm: Unknown command passed to DLM device : 0
[  487.946921][ T9672] 
[  488.182383][ T3597] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[  488.193953][ T3597] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  488.209720][ T3597] usb 4-1: cp210x converter now attached to ttyUSB0
[  488.226451][ T3597] usb 4-1: USB disconnect, device number 28
[  488.238301][ T3597] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  488.258126][ T3597] cp210x 4-1:0.0: device disconnected
[  488.980591][ T9681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1087'.
[  489.056476][ T9681] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1087'.
[  489.238767][ T9683] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1083'.
[  489.489171][ T7770] net_ratelimit: 14 callbacks suppressed
[  489.489192][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  489.509617][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  489.524230][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  489.538827][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  490.153608][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1090'.
[  490.171538][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1090'.
[  490.182098][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  490.196794][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  490.211493][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  490.226047][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  490.247463][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1090'.
[  490.612852][ T9697] lo speed is unknown, defaulting to 1000
[  491.025704][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  491.040133][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  491.099858][ T9700] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1091'.
[  491.180639][ T9700] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1091'.
[  491.851013][ T9700] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1091'.
[  492.159323][ T9700] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1091'.
[  492.213870][   T30] audit: type=1800 audit(1746636292.873:82): pid=9711 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1095" name="[kvm-gmem]" dev="anon_inodefs" ino=24569 res=0 errno=0
[  492.914057][ T5865] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  493.164123][ T5865] usb 5-1: Using ep0 maxpacket: 16
[  493.270466][ T5865] usb 5-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config
[  493.338514][ T5865] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  493.510771][ T5865] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  493.523596][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.585670][ T5865] usb 5-1: config 0 descriptor??
[  494.302065][ T5865] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  494.814678][ T5861] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  494.966878][  T992] net_ratelimit: 18 callbacks suppressed
[  494.966899][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  494.986944][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  495.001350][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  495.016168][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  495.173891][ T5861] usb 1-1: Using ep0 maxpacket: 8
[  495.181851][ T5861] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  495.248781][ T5861] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  495.274162][ T5861] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  495.360158][ T9747] __nla_validate_parse: 2 callbacks suppressed
[  495.360202][ T9747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1103'.
[  495.447086][ T9747] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1103'.
[  495.881690][ T5861] usb 1-1: Product: syz
[  495.886002][ T5861] usb 1-1: Manufacturer: syz
[  495.900194][ T5861] usb 1-1: SerialNumber: syz
[  495.983589][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  495.998129][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  496.012671][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  496.027628][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  496.907475][ T5861] usb 1-1: palm_os_3_probe - error -110 getting connection information
[  496.916680][ T5861] visor 1-1:1.0: probe with driver visor failed with error -110
[  496.987583][ T5861] usb 1-1: USB disconnect, device number 42
[  497.086484][ T9757] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1107'.
[  497.765695][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  497.780998][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  497.920351][ T9719] rtc_cmos 00:00: Alarms can be up to one day in the future
[  497.971787][ T5861] usb 5-1: USB disconnect, device number 39
[  498.680478][ T9758] delete_channel: no stack
[  498.753599][ T3597] rtc_cmos 00:00: Alarms can be up to one day in the future
[  498.774368][ T3597] rtc_cmos 00:00: Alarms can be up to one day in the future
[  498.802707][ T3597] rtc_cmos 00:00: Alarms can be up to one day in the future
[  498.818864][ T3597] rtc_cmos 00:00: Alarms can be up to one day in the future
[  498.965270][ T3597] rtc rtc0: __rtc_set_alarm: err=-22
[  499.924122][ T9770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1111'.
[  499.940025][ T9771] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1111'.
[  500.038233][  T992] net_ratelimit: 6 callbacks suppressed
[  500.038255][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  500.058572][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  500.072874][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  500.087368][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  501.107464][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  501.107502][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  501.107526][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  501.107556][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  501.383082][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  501.551200][ T9789] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  502.540586][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  502.555177][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  505.109948][   T13] net_ratelimit: 10 callbacks suppressed
[  505.109970][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  505.130533][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  505.145614][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  505.160618][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  505.536750][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1124'.
[  505.606988][ T9822] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1124'.
[  505.925945][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  505.940385][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  505.955972][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  505.971205][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  507.101832][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  507.116406][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  508.145349][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880284e5c00: rx timeout, send abort
[  508.164739][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880284e5c00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  509.286594][ T9856] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  510.258242][   T13] net_ratelimit: 10 callbacks suppressed
[  510.258263][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  510.279469][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  510.293963][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  510.308289][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  510.354177][ T9863] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1138'.
[  510.561393][ T9860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1139'.
[  510.629281][ T9866] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1139'.
[  510.813522][ T9863] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1138'.
[  511.255221][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  511.269703][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  511.284134][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  511.298845][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  512.216802][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  512.231382][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  513.194437][ T9881] overlay: ./file0 is not a directory
[  514.018097][   T30] audit: type=1400 audit(1746636314.683:83): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9891 comm="syz.0.1148" dest=20001
[  515.245618][ T6172] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  516.438986][   T13] net_ratelimit: 14 callbacks suppressed
[  516.439010][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  516.459241][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  516.473707][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  516.488460][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  516.544215][ T6172] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.634291][ T6172] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  516.647099][ T6172] usb 1-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00
[  516.656265][ T6172] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.675197][ T6172] usb 1-1: config 0 descriptor??
[  517.174289][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  517.188897][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  517.203675][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  517.218150][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  517.299840][ T6172] uclogic 0003:5543:0003.0007: item fetching failed at offset 5/7
[  517.310741][ T9915] loop2: detected capacity change from 0 to 7
[  517.325241][ T6172] uclogic 0003:5543:0003.0007: parse failed
[  517.325810][ T9915] Dev loop2: unable to read RDB block 7
[  517.343906][ T6172] uclogic 0003:5543:0003.0007: probe with driver uclogic failed with error -22
[  517.401158][ T9915]  loop2: AHDI p1 p2 p3
[  517.408319][ T9915] loop2: partition table partially beyond EOD, truncated
[  517.424132][ T9918] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1140'.
[  517.551706][ T9915] loop2: p1 start 1601398130 is beyond EOD, truncated
[  517.646949][ T5865] usb 1-1: USB disconnect, device number 43
[  517.929963][ T9915] loop2: p2 start 1702059890 is beyond EOD, truncated
[  518.212370][ T9921] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1155'.
[  518.436942][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  518.451362][   T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  519.605384][ T9933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.934941][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1153'.
[  520.004430][ T9942] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1153'.
[  521.153513][   T30] audit: type=1326 audit(1746636321.813:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  521.399437][   T30] audit: type=1326 audit(1746636321.813:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  521.465793][   T30] audit: type=1326 audit(1746636321.843:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0ca0f8d2d0 code=0x7ffc0000
[  522.206136][   T36] net_ratelimit: 14 callbacks suppressed
[  522.206159][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  522.226732][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  522.241107][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  522.256664][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  522.448255][   T30] audit: type=1326 audit(1746636321.843:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0ca0f90197 code=0x7ffc0000
[  522.450972][ T9946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1162'.
[  522.469860][   T30] audit: type=1326 audit(1746636321.843:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  522.521026][   T30] audit: type=1326 audit(1746636321.843:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0ca0f90197 code=0x7ffc0000
[  522.548284][   T30] audit: type=1326 audit(1746636321.843:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0ca0f8d5ca code=0x7ffc0000
[  522.571936][   T30] audit: type=1326 audit(1746636321.843:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  522.602107][   T30] audit: type=1326 audit(1746636321.843:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  522.956989][   T30] audit: type=1326 audit(1746636321.863:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9948 comm="syz.3.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0ca0f8d2d0 code=0x7ffc0000
[  523.004098][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  523.018699][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  523.033075][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  523.047714][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  524.411378][ T6172] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  524.485475][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  524.500305][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  524.613973][ T6172] usb 4-1: Using ep0 maxpacket: 16
[  524.695098][ T9976] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  525.111297][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1172'.
[  525.182381][ T9980] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1172'.
[  525.923879][ T6172] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.943808][ T6172] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.968170][ T6172] usb 4-1: config 0 interface 0 has no altsetting 0
[  525.974944][ T6172] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  525.986632][ T6172] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.039593][ T6172] usb 4-1: config 0 descriptor??
[  526.451660][ T9968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.536684][ T9968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  527.072884][ T6172] hid (null): invalid report_count 993845251
[  527.079098][ T6172] hid (null): global environment stack underflow
[  527.109243][ T6172] usb 4-1: USB disconnect, device number 29
[  527.609578][  T992] net_ratelimit: 14 callbacks suppressed
[  527.609601][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  527.629844][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  527.644578][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  527.658978][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  528.475799][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  528.475820][   T30] audit: type=1400 audit(1746636329.093:119): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=9998 comm="syz.0.1179" daddr=fe80::aa dest=3
[  528.486078][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  528.515570][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  528.530183][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  528.544843][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  529.325299][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1182'.
[  529.391711][T10013] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1182'.
[  529.412071][ T5865] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  529.603942][ T5865] usb 2-1: Using ep0 maxpacket: 8
[  529.865701][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  529.880146][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  530.073023][ T5865] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  530.083383][ T5865] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  530.094285][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.107252][ T5865] usb 2-1: config 0 descriptor??
[  530.149089][ T5865] gspca_main: vc032x-2.14.0 probing 046d:0892
[  531.860452][ T5865] gspca_vc032x: reg_r err -110
[  531.887866][ T5865] vc032x 2-1:0.0: probe with driver vc032x failed with error -110
[  532.360947][T10020] syz.3.1184: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  532.387205][T10020] CPU: 1 UID: 0 PID: 10020 Comm: syz.3.1184 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  532.387240][T10020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  532.387255][T10020] Call Trace:
[  532.387264][T10020]  <TASK>
[  532.387274][T10020]  dump_stack_lvl+0x189/0x250
[  532.387312][T10020]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.387341][T10020]  ? __pfx__printk+0x10/0x10
[  532.387374][T10020]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  532.387408][T10020]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  532.387442][T10020]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  532.387478][T10020]  warn_alloc+0x214/0x310
[  532.387506][T10020]  ? __pfx_warn_alloc+0x10/0x10
[  532.387537][T10020]  ? __get_vm_area_node+0x1c5/0x2d0
[  532.387568][T10020]  ? __get_vm_area_node+0x25a/0x2d0
[  532.387607][T10020]  __vmalloc_node_range_noprof+0x5f2/0x12c0
[  532.387627][T10020]  ? do_syscall_64+0xf6/0x210
[  532.387684][T10020]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  532.387706][T10020]  ? __kasan_kmalloc_large+0x1a/0xa0
[  532.387741][T10020]  ? rcu_is_watching+0x15/0xb0
[  532.387772][T10020]  ? hash_ipmac_create+0x358/0xfe0
[  532.387796][T10020]  ? hash_ipmac_create+0x358/0xfe0
[  532.387826][T10020]  __kvmalloc_node_noprof+0x3a0/0x5e0
[  532.387860][T10020]  ? hash_ipmac_create+0x358/0xfe0
[  532.387886][T10020]  ? hash_ipmac_create+0x2fe/0xfe0
[  532.387916][T10020]  hash_ipmac_create+0x358/0xfe0
[  532.387950][T10020]  ? __nla_parse+0x40/0x60
[  532.387973][T10020]  ? __pfx_hash_ipmac_create+0x10/0x10
[  532.388001][T10020]  ip_set_create+0xa94/0x1940
[  532.388028][T10020]  ? ip_set_create+0x4a2/0x1940
[  532.388067][T10020]  ? __pfx_ip_set_create+0x10/0x10
[  532.388134][T10020]  nfnetlink_rcv_msg+0xb4a/0x1130
[  532.388163][T10020]  ? __kernel_text_address+0xd/0x40
[  532.388187][T10020]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  532.388236][T10020]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  532.388319][T10020]  netlink_rcv_skb+0x219/0x490
[  532.388343][T10020]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  532.388372][T10020]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  532.388410][T10020]  ? safesetid_security_capable+0xa9/0x1a0
[  532.388434][T10020]  ? bpf_lsm_capable+0x9/0x20
[  532.388460][T10020]  ? security_capable+0x7e/0x2e0
[  532.388496][T10020]  nfnetlink_rcv+0x273/0x2530
[  532.388525][T10020]  ? __dev_queue_xmit+0x27e/0x3a70
[  532.388553][T10020]  ? __dev_queue_xmit+0x27e/0x3a70
[  532.388578][T10020]  ? __dev_queue_xmit+0x27e/0x3a70
[  532.388607][T10020]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  532.388647][T10020]  ? __dev_queue_xmit+0x27e/0x3a70
[  532.388675][T10020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.388701][T10020]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  532.388736][T10020]  ? __pfx___dev_queue_xmit+0x10/0x10
[  532.388781][T10020]  ? ref_tracker_free+0x63a/0x7d0
[  532.388800][T10020]  ? __copy_skb_header+0xa7/0x550
[  532.388837][T10020]  ? __pfx_ref_tracker_free+0x10/0x10
[  532.388879][T10020]  ? skb_clone+0x246/0x3a0
[  532.388911][T10020]  ? __netlink_deliver_tap+0x807/0x850
[  532.388933][T10020]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.388962][T10020]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.388982][T10020]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.389010][T10020]  netlink_unicast+0x758/0x8d0
[  532.389053][T10020]  netlink_sendmsg+0x805/0xb30
[  532.389086][T10020]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.389117][T10020]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  532.389139][T10020]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.389162][T10020]  __sock_sendmsg+0x219/0x270
[  532.389199][T10020]  ____sys_sendmsg+0x505/0x830
[  532.389233][T10020]  ? __pfx_____sys_sendmsg+0x10/0x10
[  532.389270][T10020]  ? import_iovec+0x74/0xa0
[  532.389313][T10020]  ___sys_sendmsg+0x21f/0x2a0
[  532.389341][T10020]  ? __pfx____sys_sendmsg+0x10/0x10
[  532.389406][T10020]  ? __fget_files+0x2a/0x420
[  532.389435][T10020]  ? __fget_files+0x3a0/0x420
[  532.389476][T10020]  __x64_sys_sendmsg+0x19b/0x260
[  532.389505][T10020]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  532.389549][T10020]  ? do_syscall_64+0xba/0x210
[  532.389576][T10020]  do_syscall_64+0xf6/0x210
[  532.389601][T10020]  ? clear_bhb_loop+0x45/0xa0
[  532.389625][T10020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.389645][T10020] RIP: 0033:0x7f0ca0f8e969
[  532.389665][T10020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.389683][T10020] RSP: 002b:00007f0ca1e9c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.389704][T10020] RAX: ffffffffffffffda RBX: 00007f0ca11b5fa0 RCX: 00007f0ca0f8e969
[  532.389720][T10020] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  532.389733][T10020] RBP: 00007f0ca1010ab1 R08: 0000000000000000 R09: 0000000000000000
[  532.389746][T10020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  532.389758][T10020] R13: 0000000000000000 R14: 00007f0ca11b5fa0 R15: 00007ffe4e6dae98
[  532.389790][T10020]  </TASK>
[  532.389808][T10020] Mem-Info:
[  532.894152][T10020] active_anon:2501 inactive_anon:15937 isolated_anon:0
[  532.894152][T10020]  active_file:18736 inactive_file:38134 isolated_file:0
[  532.894152][T10020]  unevictable:768 dirty:217 writeback:0
[  532.894152][T10020]  slab_reclaimable:10560 slab_unreclaimable:103789
[  532.894152][T10020]  mapped:30319 shmem:13343 pagetables:1051
[  532.894152][T10020]  sec_pagetables:0 bounce:0
[  532.894152][T10020]  kernel_misc_reclaimable:0
[  532.894152][T10020]  free:1305570 free_pcp:4414 free_cma:0
[  532.984442][T10020] Node 0 active_anon:12732kB inactive_anon:56128kB active_file:74804kB inactive_file:152536kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118396kB dirty:792kB writeback:0kB shmem:47300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11320kB pagetables:4176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  533.018204][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.093540][ T5865] usb 2-1: USB disconnect, device number 29
[  533.137283][   T68] net_ratelimit: 14 callbacks suppressed
[  533.137304][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  533.157588][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  533.172272][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  533.186679][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  533.204389][T10020] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  533.327729][T10020] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  533.354864][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.361159][T10020] lowmem_reserve[]: 0 2504 2504 2504 2504
[  533.368007][T10020] Node 0 DMA32 free:1333788kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1328kB inactive_anon:48324kB active_file:74712kB inactive_file:152524kB unevictable:1536kB writepending:792kB present:3129332kB managed:2564600kB mlocked:0kB bounce:0kB free_pcp:2224kB local_pcp:0kB free_cma:0kB
[  533.398563][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.416000][T10020] lowmem_reserve[]: 0 0 0 0 0
[  533.421713][T10020] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  533.448623][T10020] lowmem_reserve[]: 0 0 0 0 0
[  533.453429][T10020] Node 1 Normal free:3900772kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12288kB local_pcp:0kB free_cma:0kB
[  533.502101][T10020] lowmem_reserve[]: 0 0 0 0 0
[  533.516216][T10020] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  533.535872][T10020] Node 0 DMA32: 968*4kB (UME) 946*8kB (UME) 608*16kB (UME) 653*32kB (UME) 380*64kB (UME) 89*128kB (UME) 51*256kB (UM) 12*512kB (UM) 16*1024kB (UM) 7*2048kB (UME) 296*4096kB (M) = 1340112kB
[  533.559348][T10020] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  533.571692][T10020] Node 1 Normal: 206*4kB (UME) 58*8kB (UME) 33*16kB (UME) 192*32kB (UME) 84*64kB (UME) 39*128kB (UME) 14*256kB (UME) 8*512kB (UM) 8*1024kB (UME) 4*2048kB (UE) 942*4096kB (M) = 3900824kB
[  533.684499][T10020] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  533.702556][T10020] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  533.713920][T10020] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  533.723546][T10020] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  533.734282][T10020] 64954 total pagecache pages
[  533.739041][T10020] 0 pages in swap cache
[  533.752316][T10020] Free swap  = 124996kB
[  533.762463][T10020] Total swap = 124996kB
[  533.828369][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  533.832822][T10020] 2097051 pages RAM
[  533.842716][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  533.842747][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  533.842768][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  533.891882][T10033] loop2: detected capacity change from 0 to 7
[  533.907737][T10033] Dev loop2: unable to read RDB block 7
[  533.928536][T10033]  loop2: AHDI p1 p2 p3
[  533.943645][T10033] loop2: partition table partially beyond EOD, truncated
[  534.102608][T10020] 0 pages HighMem/MovableOnly
[  534.138914][T10020] 424242 pages reserved
[  534.190707][T10020] 0 pages cma reserved
[  534.523994][T10033] loop2: p1 start 1601398130 is beyond EOD, truncated
[  534.531739][T10033] loop2: p2 start 1702059890 is beyond EOD, truncated
[  534.546362][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  534.560731][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  534.885690][T10045] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1191'.
[  534.904624][T10045] netlink: 'syz.3.1191': attribute type 9 has an invalid length.
[  534.962843][T10051] futex_wake_op: syz.4.1192 tries to shift op by -1; fix this program
[  535.297672][T10057] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1195'.
[  535.321523][T10057] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1195'.
[  535.478686][T10062] 9pnet: p9_errstr2errno: server reported unknown error ¯@00000000000000000007
[  537.620243][T10065] team_slave_0: entered allmulticast mode
[  538.227128][T10078] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1201'.
[  538.274431][T10078] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1201'.
[  541.242150][ T7674] net_ratelimit: 14 callbacks suppressed
[  541.242167][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  541.262217][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  541.276599][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  541.291893][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  541.934175][   T47] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  542.087854][   T47] usb 1-1: device descriptor read/64, error -71
[  542.212722][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  542.227227][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  542.241847][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  542.256339][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  542.415528][   T47] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  542.564615][   T47] usb 1-1: device descriptor read/64, error -71
[  542.627962][T10096] input: syz1 as /devices/virtual/input/input24
[  542.684383][   T47] usb usb1-port1: attempt power cycle
[  542.784289][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  542.798907][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  543.035703][   T47] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  543.071297][   T47] usb 1-1: device descriptor read/8, error -71
[  543.914186][   T47] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  544.080970][   T47] usb 1-1: device descriptor read/8, error -71
[  544.227182][   T47] usb usb1-port1: unable to enumerate USB device
[  545.194124][    T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  545.850432][T10129] input: syz1 as /devices/virtual/input/input25
[  546.004643][    T9] usb 4-1: config 1 has an invalid descriptor of length 112, skipping remainder of the config
[  546.047570][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  546.072900][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  546.110814][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  546.122788][    T9] usb 4-1: SerialNumber: syz
[  546.293300][T10132] lo speed is unknown, defaulting to 1000
[  546.309265][   T68] net_ratelimit: 18 callbacks suppressed
[  546.309286][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  546.329711][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  546.344185][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  546.358566][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  546.494461][ T5865] usb 1-1: new full-speed USB device number 48 using dummy_hcd
[  546.692163][ T5865] usb 1-1: config 0 has no interfaces?
[  547.478067][    T9] usb 4-1: 0:2 : does not exist
[  547.483206][    T9] usb 4-1: unit 5: unexpected type 0x0a
[  547.526977][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  547.542489][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  547.557565][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  547.572131][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  547.601420][ T5865] usb 1-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  547.610714][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.640408][ T5865] usb 1-1: Product: syz
[  547.645107][    T9] usb 4-1: USB disconnect, device number 30
[  547.664871][ T5865] usb 1-1: Manufacturer: syz
[  547.697204][ T5865] usb 1-1: SerialNumber: syz
[  547.734733][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  548.833873][ T5865] usb 1-1: config 0 descriptor??
[  548.860383][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  548.875682][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  549.781365][T10132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.910399][T10132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.040338][ T5879] usb 1-1: USB disconnect, device number 48
[  550.779018][T10167] batadv_slave_0: entered promiscuous mode
[  550.824263][T10166] input: syz1 as /devices/virtual/input/input26
[  551.846320][ T1156] net_ratelimit: 10 callbacks suppressed
[  551.846341][ T1156] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  551.866513][ T1156] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  551.880926][ T1156] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  551.895274][ T1156] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  551.935520][T10167] trusted_key: syz.1.1229 sent an empty control message without MSG_MORE.
[  552.172174][T10163] batadv_slave_0: left promiscuous mode
[  552.434132][ T5865] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  553.615537][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  553.630260][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  553.644615][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  553.658961][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  553.679454][ T5865] usb 1-1: config 1 has an invalid descriptor of length 112, skipping remainder of the config
[  553.700705][ T5865] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  553.791832][ T5865] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  553.803367][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  553.825867][ T5865] usb 1-1: SerialNumber: syz
[  553.960946][T10190] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1237'.
[  554.017546][T10190] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1237'.
[  554.432613][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  554.447127][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  555.770775][ T5865] usb 1-1: 0:2 : does not exist
[  555.884657][ T5865] usb 1-1: unit 5: unexpected type 0x0a
[  556.086083][ T5865] usb 1-1: USB disconnect, device number 49
[  556.278595][   T30] audit: type=1400 audit(1746636356.843:120): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10201 comm="syz.3.1241" daddr=::ffff:172.20.20.59 dest=20003
[  556.818867][   T30] audit: type=1400 audit(1746636356.843:121): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10201 comm="syz.3.1241" daddr=fe80::aa
[  556.901054][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  556.933964][ T5879] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  557.231183][ T5879] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  557.938493][T10217] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  558.360078][   T36] net_ratelimit: 10 callbacks suppressed
[  558.360101][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  558.382020][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  558.393769][ T5879] usb 4-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  558.397721][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  558.422182][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  558.464100][ T5879] usb 4-1: config 0 has no interface number 0
[  558.502530][ T5879] usb 4-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  558.572888][ T5879] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  558.606005][T10220] input: syz1 as /devices/virtual/input/input27
[  558.655521][ T5879] usb 4-1: config 0 interface 52 has no altsetting 0
[  558.700181][ T5879] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  558.724500][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  558.743058][ T5879] usb 4-1: Product: syz
[  558.767384][ T5879] usb 4-1: SerialNumber: syz
[  558.801212][ T5879] usb 4-1: config 0 descriptor??
[  559.033927][ T5879] usb 4-1: Can not set alternate setting to 1, error: -71
[  559.206843][T10228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1247'.
[  559.336833][T10228] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1247'.
[  559.785934][ T5879] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -71
[  559.798844][ T5879] usb 4-1: USB disconnect, device number 31
[  560.163545][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  560.178490][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  560.193249][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  560.208071][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  561.004791][T10241] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1252'.
[  561.073144][T10241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1252'.
[  561.964199][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  561.979643][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  562.888036][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  563.463447][ T3557] net_ratelimit: 2 callbacks suppressed
[  563.463469][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  563.483962][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  563.498394][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  563.513508][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  563.916288][   T30] audit: type=1400 audit(1746636364.493:122): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10254 comm="syz.3.1258" daddr=fc01::3 dest=18978
[  564.278564][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  564.292958][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  564.307474][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  564.322283][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  564.407498][T10274] input: syz1 as /devices/virtual/input/input28
[  564.638727][T10280] FAULT_INJECTION: forcing a failure.
[  564.638727][T10280] name failslab, interval 1, probability 0, space 0, times 0
[  564.657593][T10280] CPU: 0 UID: 0 PID: 10280 Comm: syz.3.1262 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  564.657621][T10280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  564.657632][T10280] Call Trace:
[  564.657639][T10280]  <TASK>
[  564.657647][T10280]  dump_stack_lvl+0x189/0x250
[  564.657678][T10280]  ? __pfx_dump_stack_lvl+0x10/0x10
[  564.657701][T10280]  ? __pfx__printk+0x10/0x10
[  564.657733][T10280]  ? __pfx___might_resched+0x10/0x10
[  564.657756][T10280]  ? fs_reclaim_acquire+0x7d/0x100
[  564.657779][T10280]  should_fail_ex+0x414/0x560
[  564.657811][T10280]  should_failslab+0xa8/0x100
[  564.657838][T10280]  kmem_cache_alloc_noprof+0x73/0x3c0
[  564.657862][T10280]  ? security_inode_alloc+0x39/0x330
[  564.657926][T10280]  security_inode_alloc+0x39/0x330
[  564.657951][T10280]  inode_init_always_gfp+0x9ed/0xdc0
[  564.657983][T10280]  ? __pfx_sock_alloc_inode+0x10/0x10
[  564.658009][T10280]  alloc_inode+0x82/0x1b0
[  564.658034][T10280]  __sock_create+0x12d/0x9f0
[  564.658060][T10280]  udp_sock_create4+0xbe/0x4b0
[  564.658087][T10280]  ? __pfx_udp_sock_create4+0x10/0x10
[  564.658124][T10280]  rxrpc_lookup_local+0xcae/0x1410
[  564.658174][T10280]  ? __pfx_rxrpc_lookup_local+0x10/0x10
[  564.658214][T10280]  ? __local_bh_enable_ip+0x12d/0x1c0
[  564.658248][T10280]  ? __local_bh_enable_ip+0x12d/0x1c0
[  564.658281][T10280]  ? rxrpc_bind+0x164/0x460
[  564.658313][T10280]  rxrpc_bind+0x198/0x460
[  564.658345][T10280]  __sys_bind+0x2c3/0x3e0
[  564.658368][T10280]  ? __pfx___sys_bind+0x10/0x10
[  564.658414][T10280]  __x64_sys_bind+0x7a/0x90
[  564.658435][T10280]  do_syscall_64+0xf6/0x210
[  564.658460][T10280]  ? clear_bhb_loop+0x45/0xa0
[  564.658485][T10280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.658504][T10280] RIP: 0033:0x7f0ca0f8e969
[  564.658522][T10280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.658540][T10280] RSP: 002b:00007f0ca1e5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  564.658561][T10280] RAX: ffffffffffffffda RBX: 00007f0ca11b6160 RCX: 00007f0ca0f8e969
[  564.658576][T10280] RDX: 0000000000000024 RSI: 0000200000000240 RDI: 0000000000000006
[  564.658589][T10280] RBP: 00007f0ca1e5a090 R08: 0000000000000000 R09: 0000000000000000
[  564.658601][T10280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  564.658613][T10280] R13: 0000000000000000 R14: 00007f0ca11b6160 R15: 00007ffe4e6dae98
[  564.658646][T10280]  </TASK>
[  564.658685][T10280] socket: no more sockets
[  564.966297][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  565.053132][T10283] xt_CT: No such helper "pptp"
[  566.206329][T10303] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1270'.
[  566.216171][T10303] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1270'.
[  568.636554][ T3442] net_ratelimit: 19 callbacks suppressed
[  568.636570][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  568.658621][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  568.672948][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  568.687317][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  568.956590][T10344] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1282'.
[  569.433826][ T5861] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  569.568386][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  569.583093][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  569.598168][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  569.612905][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  569.673838][ T5861] usb 2-1: Using ep0 maxpacket: 8
[  569.690175][ T5861] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  569.700051][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.956351][ T5861] pvrusb2: Hardware description: Terratec Grabster AV400
[  570.088422][ T5861] pvrusb2: **********
[  570.185673][ T5861] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  570.198685][ T5861] pvrusb2: Important functionality might not be entirely working.
[  570.206970][T10344] hsr_slave_1 (unregistering): left promiscuous mode
[  570.218263][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  570.224601][ T5861] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  570.233181][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  570.254194][ T5861] pvrusb2: **********
[  570.315288][ T2340] pvrusb2: Invalid write control endpoint
[  570.382712][T10360] pvrusb2: Invalid write control endpoint
[  570.466600][T10361] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1283'.
[  570.500121][ T2340] pvrusb2: Invalid write control endpoint
[  570.532419][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  570.541457][T10363] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1287'.
[  570.555873][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  570.581768][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  570.607137][ T2340] pvrusb2: Device being rendered inoperable
[  570.623309][T10363] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1287'.
[  570.652856][T10365] Lens B: =================  START STATUS  =================
[  570.653869][ T2340] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  570.661153][T10365] Lens B: Focus, Absolute: 0
[  570.687878][ T2340] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  570.695002][T10365] Lens B: ==================  END STATUS  ==================
[  570.709898][ T2340] pvrusb2: Attached sub-driver cx25840
[  570.730051][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  570.875587][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  571.839342][   T30] audit: type=1400 audit(1746636372.503:123): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10378 comm="syz.3.1291" daddr=ff02::1 dest=20004
[  571.943947][T10381] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13)
[  571.950626][T10381] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  571.963634][ T6172] usb 2-1: USB disconnect, device number 30
[  571.998975][T10381] vhci_hcd vhci_hcd.0: Device attached
[  572.072297][T10382] vhci_hcd: connection closed
[  572.098491][ T7770] vhci_hcd: stop threads
[  572.195468][ T7770] vhci_hcd: release socket
[  572.256922][ T5865] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[  572.289070][ T7770] vhci_hcd: disconnect device
[  573.229579][T10397] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  574.351320][ T6243] net_ratelimit: 18 callbacks suppressed
[  574.351340][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  574.372380][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  574.387567][T10407] binder: 10406:10407 ioctl c0306201 2000000003c0 returned -14
[  574.396993][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  574.399566][T10407] binder: 10406:10407 ioctl c0306201 2000000001c0 returned -14
[  574.412695][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  574.603160][   T30] audit: type=1400 audit(1746636375.263:124): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10411 comm="syz.0.1303" daddr=ff02::1 dest=20004
[  574.999087][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  575.013635][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  575.028353][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  575.043482][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  576.818694][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  576.834155][ T7674] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  576.901576][   T30] audit: type=1400 audit(1746636377.553:125): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10431 comm="syz.0.1308" daddr=fe80::1b dest=20003
[  577.814395][ T5865] vhci_hcd: vhci_device speed not set
[  578.208979][T10440] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  579.480351][ T3557] net_ratelimit: 6 callbacks suppressed
[  579.480372][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  579.501470][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  579.515931][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  579.530406][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  579.632760][T10450] openvswitch: netlink: Message has 20 unknown bytes.
[  579.648730][T10450] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  579.653932][T10448] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1314'.
[  579.724016][T10448] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1314'.
[  579.733047][T10448] netlink: 'syz.4.1314': attribute type 6 has an invalid length.
[  579.795121][T10448] netlink: 'syz.4.1314': attribute type 5 has an invalid length.
[  579.821537][T10448] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1314'.
[  580.002088][T10461] fuse: Unknown parameter '˙˙˙˙˙˙˙˙0x0000000000000003'
[  580.655557][T10459] vlan3: entered allmulticast mode
[  580.708553][T10459] macvtap0: entered allmulticast mode
[  580.771755][T10459] veth0_macvtap: entered allmulticast mode
[  580.867804][T10473] program syz.0.1322 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  580.903184][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  580.918473][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  580.937253][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  580.951982][ T7770] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  580.999834][T10475] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1323'.
[  581.872932][T10483] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  582.455039][T10497] No source specified
[  583.811420][T10502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'.
[  583.882819][T10508] lo speed is unknown, defaulting to 1000
[  584.671339][   T68] net_ratelimit: 16 callbacks suppressed
[  584.671360][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  584.691921][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  584.707112][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  584.722064][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  585.127831][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1336'.
[  585.151089][T10528] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  585.670689][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  585.685550][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  585.700214][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  585.714732][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  586.365248][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  586.379762][   T68] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  588.113117][T10561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1348'.
[  588.201507][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1350'.
[  588.947535][T10564] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  590.330726][ T3442] net_ratelimit: 18 callbacks suppressed
[  590.330766][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  590.354025][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  590.368603][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  590.384331][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  590.577014][   T30] audit: type=1400 audit(1746636391.243:126): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10576 comm="syz.0.1356" daddr=fc00::
[  590.678488][T10581] misc userio: The device must be registered before sending interrupts
[  591.186279][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  591.200862][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  591.215681][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  591.230058][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  591.760004][T10597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1361'.
[  592.599770][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  592.614367][   T36] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  592.702316][T10606] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  594.264123][ T5861] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  594.785339][ T5861] usb 2-1: Using ep0 maxpacket: 16
[  594.795811][ T5861] usb 2-1: config 252 has an invalid interface number: 251 but max is 0
[  594.818595][ T5861] usb 2-1: config 252 has no interface number 0
[  594.824484][   T30] audit: type=1400 audit(1746636395.483:127): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10626 comm="syz.2.1374" daddr=fe80::aa
[  594.841603][ T5861] usb 2-1: New USB device found, idVendor=0421, idProduct=0444, bcdDevice= 1.00
[  594.863061][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.882709][   T30] audit: type=1400 audit(1746636395.483:128): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10626 comm="syz.2.1374" daddr=fe80:: dest=20000
[  595.112708][ T5861] usb 2-1: string descriptor 0 read error: -71
[  595.123272][ T5861] usb-storage 2-1:252.251: USB Mass Storage device detected
[  595.259651][ T5861] usb-storage 2-1:252.251: Quirks match for vid 0421 pid 0444: 30
[  595.687747][ T6243] net_ratelimit: 10 callbacks suppressed
[  595.687776][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  595.711371][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  595.725741][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  595.740063][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  595.927835][ T5861] usb 2-1: USB disconnect, device number 31
[  596.525235][T10648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1376'.
[  597.219046][T10649] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  597.428703][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  597.443191][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  597.457723][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  597.472187][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  598.455209][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  598.469967][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  599.169882][T10670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.178845][T10670] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.221097][   T30] audit: type=1107 audit(1746636399.883:129): pid=10667 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  599.423866][    T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  600.506032][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  600.516529][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  600.540702][    T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  600.859861][ T6760] net_ratelimit: 6 callbacks suppressed
[  600.859883][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  600.879885][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  600.894947][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  600.909865][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  600.926105][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  600.944151][    T9] usb 1-1: SerialNumber: syz
[  601.207195][    T9] usb 1-1: 0:2 : does not exist
[  601.212201][    T9] usb 1-1: unit 5: unexpected type 0x09
[  601.302153][    T9] usb 1-1: USB disconnect, device number 50
[  602.541411][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  602.556096][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  602.570748][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  602.585097][ T6243] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  603.219787][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  603.934726][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  603.949278][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  604.183022][T10701] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  606.249443][ T3557] net_ratelimit: 6 callbacks suppressed
[  606.249464][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  606.270031][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  606.285917][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  606.300465][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  607.450787][T10729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1403'.
[  607.503914][   T30] audit: type=1400 audit(1746636407.983:130): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=10720 comm="syz.1.1401" daddr=ff01::1 dest=20000
[  608.097498][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  608.111974][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  608.126458][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  608.140776][ T3442] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  608.431887][T10738] ntfs3(nullb0): Primary boot signature is not NTFS.
[  608.440305][T10738] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  608.644073][ T6172] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  608.712267][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  608.857707][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  608.873054][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  608.901774][ T6172] usb 2-1: device descriptor read/64, error -32
[  609.293908][   T47] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  609.393974][ T6172] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  610.263016][T10750] bridge0: port 3(syz_tun) entered blocking state
[  610.273014][T10750] bridge0: port 3(syz_tun) entered disabled state
[  610.300809][T10750] syz_tun: entered allmulticast mode
[  610.316460][ T6172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  610.336637][T10750] syz_tun: entered promiscuous mode
[  610.352705][ T6172] usb 2-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  610.364038][T10750] bridge0: port 3(syz_tun) entered blocking state
[  610.370693][T10750] bridge0: port 3(syz_tun) entered forwarding state
[  610.378078][ T6172] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.400166][ T6172] usb 2-1: config 0 descriptor??
[  610.811027][T10759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1412'.
[  610.872261][   T30] audit: type=1326 audit(1746636411.533:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10760 comm="syz.3.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  610.893860][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.997543][   T30] audit: type=1326 audit(1746636411.533:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10760 comm="syz.3.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  611.094744][   T30] audit: type=1326 audit(1746636411.533:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10760 comm="syz.3.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  611.141078][   T30] audit: type=1326 audit(1746636411.533:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10760 comm="syz.3.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  611.584860][   T30] audit: type=1326 audit(1746636411.623:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10760 comm="syz.3.1413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ca0f8e969 code=0x7ffc0000
[  611.606646][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.613223][  T992] net_ratelimit: 10 callbacks suppressed
[  611.613240][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  611.633819][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  611.648694][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  611.663592][  T992] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  611.713602][   T30] audit: type=1326 audit(1746636412.373:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e738e969 code=0x7ffc0000
[  611.766294][   T30] audit: type=1326 audit(1746636412.373:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e738e969 code=0x7ffc0000
[  611.799521][   T30] audit: type=1326 audit(1746636412.373:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f16e738e969 code=0x7ffc0000
[  611.875861][ T6172] usbhid 2-1:0.0: can't add hid device: -71
[  611.898084][ T6172] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  611.958600][ T6172] usb 2-1: USB disconnect, device number 33
[  611.981293][   T30] audit: type=1326 audit(1746636412.373:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16e738e969 code=0x7ffc0000
[  612.218700][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  612.233280][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  612.247917][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a
[  612.262698][ T3557] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  612.409230][T10771] netlink: 'syz.1.1417': attribute type 21 has an invalid length.
[  612.447176][T10769] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1416'.
[  612.483558][T10769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1416'.
[  612.520916][   T30] kauditd_printk_skb: 181 callbacks suppressed
[  612.520936][   T30] audit: type=1326 audit(1746636413.183:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16e7385927 code=0x7ffc0000
[  612.584744][   T30] audit: type=1326 audit(1746636413.223:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16e732ab39 code=0x7ffc0000
[  612.653768][   T30] audit: type=1326 audit(1746636413.223:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16e7385927 code=0x7ffc0000
[  612.675270][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.704765][   T30] audit: type=1326 audit(1746636413.223:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16e732ab39 code=0x7ffc0000
[  612.726249][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.741094][   T30] audit: type=1326 audit(1746636413.223:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10764 comm="syz.0.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f16e738e969 code=0x7ffc0000
[  612.871929][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  612.886839][ T6760] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a
[  613.090284][   T30] audit: type=1326 audit(1746636413.753:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10787 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3b38e969 code=0x7ffc0000
[  613.118762][   T30] audit: type=1326 audit(1746636413.753:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10787 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3b38e969 code=0x7ffc0000
[  613.140396][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.152021][   T30] audit: type=1326 audit(1746636413.753:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10787 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f2b3b38e969 code=0x7ffc0000
[  613.173763][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.189868][   T30] audit: type=1326 audit(1746636413.753:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10787 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3b38e969 code=0x7ffc0000
[  613.218401][   T30] audit: type=1326 audit(1746636413.783:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10787 comm="syz.1.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3b38e969 code=0x7ffc0000
[  613.240007][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.444899][T10800] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1430'.
[  613.493367][T10803] No such timeout policy "syz0"
[  614.487319][T10852] block device autoloading is deprecated and will be removed.
[  614.520277][T10852] syz.2.1449: attempt to access beyond end of device
[  614.520277][T10852] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[  615.229732][T10879] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1462'.
[  615.337173][T10873] ------------[ cut here ]------------
[  615.342716][T10873] WARNING: CPU: 0 PID: 10873 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[  615.352548][T10873] Modules linked in:
[  615.357000][T10873] CPU: 0 UID: 0 PID: 10873 Comm: syz.2.1460 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  615.369403][T10873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  615.379573][T10873] RIP: 0010:inet_sock_destruct+0x623/0x730
[  615.385474][T10873] Code: 0f 0b 90 e9 62 fe ff ff e8 ba eb e6 f7 90 0f 0b 90 e9 95 fe ff ff e8 ac eb e6 f7 90 0f 0b 90 e9 bb fe ff ff e8 9e eb e6 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[  615.405213][T10873] RSP: 0018:ffffc90005007c58 EFLAGS: 00010293
[  615.411329][T10873] RAX: ffffffff89d8e3c2 RBX: dffffc0000000000 RCX: ffff88802f551e00
[  615.420006][T10873] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  615.428150][T10873] RBP: 0000000080000000 R08: ffff888034ba8f5f R09: 1ffff110069751eb
[  615.436834][T10873] R10: dffffc0000000000 R11: ffffed10069751ec R12: ffff888034ba8cc0
[  615.445486][T10873] R13: dffffc0000000000 R14: ffff888034ba8f44 R15: 1ffff1100697519a
[  615.453504][T10873] FS:  0000555592c5e500(0000) GS:ffff8881260fd000(0000) knlGS:0000000000000000
[  615.462559][T10873] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  615.469218][T10873] CR2: 000000110c41e5eb CR3: 000000002f866000 CR4: 00000000003526f0
[  615.477332][T10873] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  615.485448][T10873] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  615.493490][T10873] Call Trace:
[  615.496848][T10873]  <TASK>
[  615.499813][T10873]  ? netlink_has_listeners+0x339/0x3f0
[  615.505404][T10873]  ? __pfx_inet_sock_destruct+0x10/0x10
[  615.511009][T10873]  __sk_destruct+0x86/0x660
[  615.515645][T10873]  inet_release+0x184/0x210
[  615.520217][T10873]  sock_close+0xc0/0x240
[  615.524564][T10873]  ? __pfx_sock_close+0x10/0x10
[  615.530217][T10873]  __fput+0x449/0xa70
[  615.534860][T10873]  task_work_run+0x1d1/0x260
[  615.539510][T10873]  ? __pfx_task_work_run+0x10/0x10
[  615.544797][T10873]  resume_user_mode_work+0x5e/0x80
[  615.549966][T10873]  syscall_exit_to_user_mode+0x9a/0x120
[  615.555645][T10873]  do_syscall_64+0x103/0x210
[  615.560473][T10873]  ? clear_bhb_loop+0x45/0xa0
[  615.565273][T10873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.571212][T10873] RIP: 0033:0x7fa625f8e969
[  615.575818][T10873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.595541][T10873] RSP: 002b:00007fff58a983f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  615.604196][T10873] RAX: 0000000000000000 RBX: 00007fa6261b7ba0 RCX: 00007fa625f8e969
[  615.612231][T10873] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  615.620292][T10873] RBP: 00007fa6261b7ba0 R08: 0000000000005458 R09: 0000000a58a986ef
[  615.628380][T10873] R10: 00000000005f9f60 R11: 0000000000000246 R12: 00000000000965f9
[  615.637023][T10873] R13: 00007fa6261b6080 R14: ffffffffffffffff R15: 00007fff58a98510
[  615.645693][T10873]  </TASK>
[  615.648803][T10873] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  615.656154][T10873] CPU: 0 UID: 0 PID: 10873 Comm: syz.2.1460 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  615.668229][T10873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  615.678320][T10873] Call Trace:
[  615.681640][T10873]  <TASK>
[  615.684591][T10873]  dump_stack_lvl+0x99/0x250
[  615.689205][T10873]  ? __asan_memcpy+0x40/0x70
[  615.693821][T10873]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.699054][T10873]  ? __pfx__printk+0x10/0x10
[  615.703692][T10873]  panic+0x2db/0x790
[  615.707640][T10873]  ? __pfx_panic+0x10/0x10
[  615.712083][T10873]  __warn+0x31b/0x4b0
[  615.716083][T10873]  ? inet_sock_destruct+0x623/0x730
[  615.721298][T10873]  ? inet_sock_destruct+0x623/0x730
[  615.726635][T10873]  report_bug+0x2be/0x4f0
[  615.730989][T10873]  ? inet_sock_destruct+0x623/0x730
[  615.736218][T10873]  ? inet_sock_destruct+0x623/0x730
[  615.741436][T10873]  ? inet_sock_destruct+0x625/0x730
[  615.746652][T10873]  handle_bug+0x84/0x160
[  615.750938][T10873]  exc_invalid_op+0x1a/0x50
[  615.755456][T10873]  asm_exc_invalid_op+0x1a/0x20
[  615.760320][T10873] RIP: 0010:inet_sock_destruct+0x623/0x730
[  615.766150][T10873] Code: 0f 0b 90 e9 62 fe ff ff e8 ba eb e6 f7 90 0f 0b 90 e9 95 fe ff ff e8 ac eb e6 f7 90 0f 0b 90 e9 bb fe ff ff e8 9e eb e6 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[  615.785898][T10873] RSP: 0018:ffffc90005007c58 EFLAGS: 00010293
[  615.791989][T10873] RAX: ffffffff89d8e3c2 RBX: dffffc0000000000 RCX: ffff88802f551e00
[  615.799973][T10873] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  615.807956][T10873] RBP: 0000000080000000 R08: ffff888034ba8f5f R09: 1ffff110069751eb
[  615.815936][T10873] R10: dffffc0000000000 R11: ffffed10069751ec R12: ffff888034ba8cc0
[  615.823926][T10873] R13: dffffc0000000000 R14: ffff888034ba8f44 R15: 1ffff1100697519a
[  615.831936][T10873]  ? inet_sock_destruct+0x622/0x730
[  615.837166][T10873]  ? inet_sock_destruct+0x622/0x730
[  615.842403][T10873]  ? netlink_has_listeners+0x339/0x3f0
[  615.847893][T10873]  ? __pfx_inet_sock_destruct+0x10/0x10
[  615.853463][T10873]  __sk_destruct+0x86/0x660
[  615.857995][T10873]  inet_release+0x184/0x210
[  615.862521][T10873]  sock_close+0xc0/0x240
[  615.866783][T10873]  ? __pfx_sock_close+0x10/0x10
[  615.871663][T10873]  __fput+0x449/0xa70
[  615.875678][T10873]  task_work_run+0x1d1/0x260
[  615.880289][T10873]  ? __pfx_task_work_run+0x10/0x10
[  615.885426][T10873]  resume_user_mode_work+0x5e/0x80
[  615.890557][T10873]  syscall_exit_to_user_mode+0x9a/0x120
[  615.896125][T10873]  do_syscall_64+0x103/0x210
[  615.900756][T10873]  ? clear_bhb_loop+0x45/0xa0
[  615.905448][T10873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.911352][T10873] RIP: 0033:0x7fa625f8e969
[  615.915930][T10873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.935708][T10873] RSP: 002b:00007fff58a983f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  615.944151][T10873] RAX: 0000000000000000 RBX: 00007fa6261b7ba0 RCX: 00007fa625f8e969
[  615.952149][T10873] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  615.960141][T10873] RBP: 00007fa6261b7ba0 R08: 0000000000005458 R09: 0000000a58a986ef
[  615.968132][T10873] R10: 00000000005f9f60 R11: 0000000000000246 R12: 00000000000965f9
[  615.976117][T10873] R13: 00007fa6261b6080 R14: ffffffffffffffff R15: 00007fff58a98510
[  615.984119][T10873]  </TASK>
[  615.987477][T10873] Kernel Offset: disabled
[  615.991850][T10873] Rebooting in 86400 seconds..