last executing test programs:

15.539516244s ago: executing program 0 (id=1149):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x2d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = open_tree(0xffffffffffffff9c, 0x0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r6 = socket$inet6(0xa, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_VLAN_TUNNEL={0x5}, @IFLA_BRPORT_COST={0x8}]}}}]}, 0x4c}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0x2, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000090}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000f40)={0x694, 0x0, 0x300, 0x70bd28, 0x25dfdbfe, {}, [{{0x8}, {0xfc, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xb}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xed0}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xfff, 0x7, 0x3, 0x5}, {0x5, 0x0, 0x3, 0x4}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8001}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x67}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x100}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r9}}}]}}]}, 0x694}, 0x1, 0x0, 0x0, 0x4000040}, 0x80)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

14.297150936s ago: executing program 0 (id=1150):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

13.987149322s ago: executing program 0 (id=1154):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0xddff, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe156, 0x2, 0x0, 0x25, 0x0, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})

13.785816124s ago: executing program 0 (id=1157):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000340)='asymmetric\x00', 0x0, &(0x7f0000000380)="30800205e792080000", 0x2, r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)={{0x12, 0x1, 0x0, 0xdf, 0xcf, 0xe6, 0x10, 0x5ac, 0x292, 0x6401, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xcd, 0x0, 0x0, 0x3, 0x9d, 0x2, 0x2}}]}}]}}, 0x0)
r4 = eventfd2(0x0, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="e03f03003b000b05d25a00008c6394f90224fc600000000000000793053582c137153e37000c0180fc0b10000100", 0x2e}], 0x1}, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x2c0)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000200)={0x0, r4})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfd, 0x7fff7ff8}]})
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r7)
sendmsg$NFC_CMD_GET_SE(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r9, 0xf15}, 0x14}}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c, 0x0}}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000080)=@sack_info={r10, 0x6, 0x1ba5}, 0xc)

10.186533275s ago: executing program 0 (id=1171):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x18001, 0x85a, 0x1}, 0x48)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ipvlan1\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000780)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="4c240500000000001c0012800b0001006d616373656300000c000280060002400000000008000500", @ANYRES32=r2], 0x44}}, 0x0) (fail_nth: 7)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)

10.056220604s ago: executing program 3 (id=1173):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xfffe, 0x6}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r4, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r4, 0x0, &(0x7f0000001700)=""/53}, 0x20) (fail_nth: 3)

9.0507734s ago: executing program 0 (id=1174):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r1 = socket$inet6(0xa, 0x3, 0x2c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x693, @empty, 0x7fff}, 0x1c)
r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x100, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405668, &(0x7f0000000100)={0x2, 0x1, 0x2, 0x80080})
close(r2)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8e37f3", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x600, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

8.761942066s ago: executing program 3 (id=1175):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
getrusage(0xdbeedc7c2196d563, &(0x7f0000000100))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000000)="05", 0x1, 0xffffffffffffffff)

7.650037869s ago: executing program 2 (id=1178):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x42}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
chdir(0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
close(r0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000140)=0x10)
sendmmsg$inet_sctp(r0, &(0x7f0000006cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, r6}}], 0x30}], 0x1, 0x0)
add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"])
ioctl$HIDIOCSFLAG(r7, 0x4004480f, &(0x7f0000000000)=0x2)
add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)

7.649825222s ago: executing program 3 (id=1179):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000580)=ANY=[@ANYBLOB="680200000005010400000000000000000000000054020100"/39], 0x268}}, 0x0)

6.746407675s ago: executing program 3 (id=1181):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getpid()
sched_setscheduler(0x0, 0x2, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f0000000280)={{0x3, 0x0, 0x1, 0x0, 0xbb2ab94}})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002080)=0x3a, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x3d, &(0x7f0000000300)=""/4084, &(0x7f0000000000)=0xff4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x0, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc67cc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$bt_sco(0xffffffffffffffff, &(0x7f00000018c0)={0x1f, @fixed}, 0x8)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$bt_sco(r7, &(0x7f0000001900)={0x1f, @fixed}, 0x8)

6.513736226s ago: executing program 2 (id=1182):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

6.46211075s ago: executing program 1 (id=1183):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb08004500003800000000fb01906dac1e0001ac1414aa030090781200183f2500000000000000000100007f0000017f00000100186371ae9b1c03"], 0x0) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x1) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000400)=""/32, 0x20}, {&(0x7f0000000440)=""/86, 0x56}], 0x2, &(0x7f0000000500)=""/16, 0x10}, 0xaf}, {{&(0x7f0000000580)=@rc={0x1f, @none}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000600)=""/129, 0x81}, {&(0x7f00000006c0)=""/147, 0xfffffffffffffe28}], 0x2}, 0x80000001}], 0x2, 0x12000, 0x0)
r5 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) (async)
io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8) (async, rerun: 32)
ioprio_set$uid(0x3, 0x0, 0x0) (async)
io_submit(0x0, 0x1, &(0x7f0000001500)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}])
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) (async, rerun: 64)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 64)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0)

6.294535725s ago: executing program 2 (id=1185):
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x59dc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x206, 0x20640)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000001b80), 0x0, 0x40, 0x6)
sched_setparam(0x0, &(0x7f0000000400))
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r2, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e6a65585578f830e9000000", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000180)={&(0x7f0000400000/0xc00000)=nil, 0xc00000})
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x18)
r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r1], 0xc8)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x38}}, 0x20004000)
socket$inet6_udplite(0xa, 0x2, 0x88)
accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1a3)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000000)={0x40, 0x400, 0x2})
setsockopt$inet_mreqn(r9, 0x0, 0x20, &(0x7f0000000100)={@local={0xac, 0x2, 0x44, 0xa}, @private=0xa010100}, 0xc)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xe09)

6.062076383s ago: executing program 2 (id=1186):
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
rt_sigqueueinfo(0x0, 0x2b, &(0x7f0000000380)={0x22, 0xd, 0x4})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x43)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000000)={{{0xb, 0x1}}, 0xff8, 0x3, &(0x7f00000029c0)="09fb12b3b50a523364072d1911ecb24b5cd3613ed90e8e42927c603e71262a7de2562e4bc843b5a978952abc6f692229e554d2b8fbe235421d80b55fff650bd4dd5c1bb4532e5e2c717711a21b9e4f1332be050429eb5baba071515161f4b6afec6dc253ff4ceb30fb4d4ef3762ed8daae37552e4456bbbc9976f21276e84e45d4bcdb539841e79130c0d4fdcc58e58ab915f35149b27d8164225d3ae69c5eb457f19d55c8a5e8816b2ab0e3a827559af5457cf4f43adf31cde0cbbbbbfdce78333703d0c9ccfd5e693c4af5bdce2a3959f865d35004da60c5750f1b2b3a9f6b030edca8488c25518ca1ef0f4d835dad15a6041f461a45563566db33b91b99559f9bdd130657af667e14adfefcb4c5ccd58f05c883b2dae265e188c5cedcd595911f683ace749c968f1fb037f712ca388d3bb0ac1d5e566fcf566ab94f99833e0a69c8fb316306c8fbf47126d020b730567fd9a8110f2768a7cd587ba30f3c8cffa504f37df95773427909de2b61ed21bbce07e9a135038f20871eb874d286a01664ae75e784dd9abdc683452a77925b9dd3b4fb3a475f55b625247a92aa0e3c2482594287d6c858856e1eb949b35ed36fd8656ab74049b43ae7677890633c167519126b243f06ed52635b498b379ab0fe0436734a69d9aa8631f0633874f92989b7c431e21835913d6adcdf299256f94a2ea0d38d817b8d35141807b2340202b6779b625f77cfe25e03d70d42e4ab58d8109ee1f90119b70e4b5958b55cb60caa0f6224297bc7e1d97d108a9d3377e096d256b0db8fcfe20fdfe298fd8be1f808aab29c65ab6f7ad6e93aadb7507bcbadbdbd5c5279ed3f0abecc8b468248c02c68328eb264428b6fd4e76968555a996061e3dd020b3ceaefa2b77a0455dfcf78e91acf2c56de7b244b448d2196fc6cf4e91caa581dc7fa1b732682ab364c70b8b887072a9974d0cdc7c74018e1bd41fa2986832de38168cad6bf7fae00624a40312b65b7a371440188dbdea6693eea4ecb4856c1e0fba0644475d232da7c6e6dd957cfb431fa096b5b2ebcbc1dffb33e7c080ee3609a99b39ba5c37b8846adebe78469797603e6b7e6f7c12e08cef747326c909d3ea99cc329be920b115cde90dbe067adf75f83f358411726e0950f050fe2b22903db8c56e9993cc43c9f7bef737b9e3c01e15b83feef301c5b39f69f0cc9f8b6aa01a4e1b11df3c950a51b668ad0c3b302e06c54b8bcc93f0b4f1e4f3131b6418d47a86df89ab6453eebecb9c89bb2519ea2cb099fdaae8ccf8d6c0b2896372e82c6aed28e049326a4d506d5bce54e0d5ee6c2ef8c99f6a26266a3ef9160991751011b9e25426a4f556dbce6fe1c047c8556c4e2d3b4ebe09b221e19471acd9aba3292cc20404fb02c09544ffc4130db9e7bb966e78aa04ac436194122d592161387b02e8fd6c067ca5a243598be90e4acb81f08d155ef76d95bb68651523caac22a3dce1f5e88256a1e44115a9e91cfa42bfcff1f734ac9a5c25ae2c64f2ad186a2e6b4e3bb798c20091ec7c940c5cb5e9419f733c8c2ce1b36e9aa90470820b88e16709c06a1651e5df06d3b6f2870858d5fa7b8bf60d874a87d2b056bcac5cdb9eeb7ad107225f518f92db2565a31096f21267d8237eabd1f82bf0f7976422081b1abec38d83a6dc89517bdc5fbe39dfc9c970c3cbbe4a27082c3931937c8fa9df081bc17df79eb22920c222013fe59dd71f0858eabc0aaefce1dc9dc1e0fb86f45669a4db940bf6a9a0733174724793656dd11ad62e6ac99fd3d6ba6994da299962c8c6935d69734eed2c929ff2c8ae45477f5cfefa2240b544dbc1bec73661583f5c85103efd9249be7b2b609e01b072bc6a9fd04f263556c1059b05f72ca448f4075f1a525461430343a95035ccb8f0d42e3a077968cd4479acfd7242565f848b49df6444b14c921d12ef9c07f239e46fd675e35a93316a523dacb0c671a225089664bca71345238590c6d19c12550ac46f8c53753ba051d0910657f5e0d95c60bbfb9477489390ef53aadb678237c04b09a1c5433746468a2e0b67ba5e441de4db500050c89bdd60d9457cc39a867f1a83e8556eac90972c43ed861a046024b6a8a3bd4e9ac96a896b97c2dbdb28478e54149da89ce2c75c39d6b45c9ea2708e5e1a5d407bcb36eba22bab4f733658923c5830c973d3a2480336341512da68279ba601e440fe1f2536ac09871c92af756aab3319e12f73ee3027f51c312add44b07f9ae31fbb8a46951898cfeed83ab76ca153c6a5b60565209cdab17e37cbd9c18a40742f1b00ae05960bcd0de85001a0a8c6c1ea6ca4f72236ba383a9616c665bf0839fc87828ffc16b9ab09216226ffdb11470348f35fea9373ea0640c0590027152585cd9cce649d530ddf2268df9d4828862aa73e39e3d43cd6e073aeca1b73c82739064d2a3110926013244e9960c15d879b407e9dc795e1c99f2961e9fb9b1ab4c02c237241a980a6a106828c8edc22692092f56b7102fbf4e3f642f651d1983485164433289984fe2c686bf14219d8976773f7702d35a82af9424e6463ba4fcf7bad04746a146619a2f9f9708086621c934ddffbb2f89d051e10f9191a464f4f109adff72fa49a3caf9698be5f969e05acaf9f51010ead72f9884af38e000ecd39e4a321f7c09f936fc38f4b36c07462c4e45fec6fc46d322e5617bc96b0d7c464241b202292c4bbf8ad528166360e3e7f5348882b020dd64f422579761a2d65b8464c47094ac930930714ee8317a08df2ca4749cbe6efb96d53bdb2aef18cd9d2bcc441298fdc2f10d4e3754ffece6b58a3587ac6e1e70412382ce50e1d7870dcced61f549932041ea9fdd1764f10465511fcb478999f71700d673e7823436afcb17249064c6a8e2cb4315ca82724cf8acb90724e8043d3324a4d4751427a912344e4c0b59a0932a1685cd25cb918fc5012d94851f02e7a89c7a092144dc4fce60dc74b8385d4683d65af4d2da7eedc21d7e709cde40138ef2014e6c8acd709c0e39b418cac4e20b9421a875bbec98290ec3cb6582bd5a27dd7fb1ae148b4c560e4098688795b79d4cddb8257c9dac8e3e8125b4817af05e6c5e212f101191de9f9a9eda0c3c1fcbe8a09922ac9d0d32bbdab6cd3d3fc47686ee0e668d39bdf98f3685cdfc7a3eda1bd655e5b75c3673687b3f687e3b806b5379b49245828cae2eb335481708ce035745f2cb01f647bb9d02ec0a2c8833844eef30e088b749603e1e06151dba76ea3d8ecf476a0b97e122afb661d43235b01cb8e4cc0604e5dd5d7e5d192d0f0670780e3be18aeca15e191d2ac66a753a86c1352587d676de92883852ae1d296df710c543f7e46a6f59fdb69385e8f7ab86e705bf12eb5ec73f2761b1f9342d23d915b216700a1344e7db863b88724d7477307b67e31ab7e452fa550a6cace4578ac67487ba15365480340dfcc8f157e698addd6f5c8a718fb53b3df320fe2545e9c7f7441a98f06c5cd894abaec5e46bb74f98d879229871ac7deefa32d73776c0ae7aa17a6ed3650c3f8dfd8113d09d243c969fc1f233a379b51b7d6995c9fb0b417b9018f3286981e3b736e569f56dc325afdd536ed852cc20617380b7c09263f59cd7625a91967605b2bac58319504b2519b9be6037a8c3ae67c14e5f962342fe540de4b9edba7012e52bcb379e5129f3475e1db811fa6e4c7b1374598bb724269f4c8978dadc2fb15480dc4715406ecd83adc62c1b1a3a702246f84b91da77cafcd04184385774f92e859afe7261487ee9272b98b32578352892952806788bfcfda13375a97de5808eda296f938df404d096cb976404b45da9c6352538dabdf2a2b04adb7834ad34acd9d16011b437eb1664cee8088d7b968cad7673a7f000d9f70d9366bac2806f48547cef325e53406028b606ba2a734cd7f68416cb6ee902f4bc1b5f9fc2e1fadbcfffe38528676a62aaa02a8507081c8191432188c05663bfd189f17b0b0da6d62eb0c07b3618520403659b178b26ac8a80b740c2f36c227bfe701b97ab113feed03f8ae00277bcb3e65266459be824472d42d406a1a96fe512601400cd9770388540fc8d0f0613577fd541c13b1b4db8699d96beff7efc9dcb17d1c3fd3cea26841a2b8141f72fafc9d7456a15b4f25647b2aa05e2d956bacbb21839123f9660eefc0b628d3ac0218477aa533b051dd23df853dd8b9db947c87a3606bd016af12eaf2cd0bec2c3b2b49ca9a2b85b0ee5a60efe83eac9ea01876ee22df06901d21520c3e71e207c41db274b4a0dbcd679b5006147bc25c7c71b3dec5a3b5e81499fe8dcfd641cc77150478dee54fe1feefbcd25286ef05fae7d439197e1df9dc73056278d4010ee3b38f322632888fca10906e8373ce592f47e71390123cab4aa0b9487dde62f02c13df1a4be10612cbd57650985eb43f24ccbda7bd0c77fa05a2d973842c9c7584c39813966ccedf8e4b93c008ef105a2ebb9d966d73740ce087eedb7e70a2497b65c2b4f7a87aca4ab75e3b14fc3404b3c9382c4ffda28991d227e51fb2ed521b5d783c412a75ebaa9d44787c386b4d90cabfc528782ed599eae850d944b5921670df49650412e24b1e97a40074888bf93f338d40016b1899380a5815fcb69b3112d1f2208a5269193673d273c721b1d1d7550d1c8308d4bb0a32494ee3cc0f65e93b2a2f10f9808487ec520b7ba57be77bc2cbfc19b88abf9bf5bdfda605a07c47c654b1e12776c4b3da3fd188d1908fccf9faee5e497d0501ef938468a7c46bbaa842b637570a2aa2f2260f6c7e924bfdd9c9066a00b3cfcbd3bea32ed55a69dedf65f82d9e301319d4e20f8982d8629d62bfd447473c427947ab837a64309a55055f1f1fee4ca4fbfbeafaa532ca0962677c2fa8bc79a74ebffc3b3c67ff3328ffac860e8fe70c760f785f2a49ebb3315ec8391a9189740ead1d497c99a0b58e2edbe8ea3d0a6c33c44430d1248f6ed7edfb8938d2b55a8cc15fb81fe7737886a39a2eab50908d1462aaa643921237ec3455834473c86809072a0b476333da2941fa30dcd4e5f89a9f601208cf608bed8cab960f27a8936f7ab95df7a7d09721365ce771ca96e5107bedfc9a44a5c8e335e923c87144a816c018b1c38095ae3241aeabba2ba1185507f40f46b524461f996df66c2f6b941920c1fc4128e5a75066a8be564bff937cae36459224d0323e07e8d406277ab3188c5dc60098769bf1df98e25cc7014ce2d7db1f41d39378816895615bcb28ed6e3479c96da55eddd88ca36d35bb884f1daf584aff7b8ccbf0c0aca8fdf88599d5e99394fbafdebf4b54e524f7fa1fc507cea5fc59d6b85c53149c4f6cf71d924b0f32b4e31aafe5219cd593f3f32d7ca8c7d64bfc149b4cb0b2e397d124e272a509726d9395ad7fb028857009202e65bc7183527694f40e99fe7a726fb27ec0d0eb78b4c79ae5d16b26e1afa8f172c72b137b2de683911fdabe866e529a63deef7891eaa33575c89ae5566386218a8b1bf933dfe375626cf34f5e21a48ed6bb4aae56e7cb461b0d7149b87eefeca3e3807b3c3da1cd10617a1c52b266d0fb8b992a9bdc4b32a1180882b9ca0b8cfc3e9d486dd6a791183385ecbde72bd9dc032c765c33c7063f4e10d42eccb855e5cbef8433e637ffe14cb7a1830d6df97b4412dc42872049d56b9b56b8da473e0baf7ec7f91d27c4126c220b293c7c244c991ca34220609a711d51a233ac3da9ac199e3609e7e7ad24125cadbc8e506d9a6c3ca50312a3eb57c44c5"})
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

5.9400737s ago: executing program 1 (id=1188):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TCFLSH(r0, 0x89f0, 0xfffffffffffc)

5.609548566s ago: executing program 4 (id=1189):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x148, 0x1170, 0x1170, 0x148, 0x1170, 0x260, 0x1398, 0x1398, 0x260, 0x1398, 0x7fffffe, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [0x0, 0x322], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00'}, 0x0, 0x120, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@unspec=@CLASSIFY={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, [], [], 'veth1_to_hsr\x00', 'vlan1\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = eventfd2(0x8, 0x80001)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000100)={0x0, r5})
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r1})
write$eventfd(r5, &(0x7f00000000c0), 0x8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

5.37417329s ago: executing program 1 (id=1190):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0xffffffff}, 0x14}}, 0x20000000)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200058c0}, 0x40000)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x4)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}})
readv(r1, &(0x7f0000000200)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x0, 0x8, 0x0, 0x0, 0xf})
read(r1, &(0x7f00000002c0)=""/200, 0x39)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="120100003e7b586298bff5c1ce129fc6fbbabc67406505a3a4921c01020301090812000100000000"], 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde, 0x0, 0x0, 0x8}, {0x3fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3400000010", @ANYRES32=0x0, @ANYBLOB="00000000000000001400126ac4c593"], 0x34}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

4.83036926s ago: executing program 4 (id=1191):
memfd_create(0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000640)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r6, &(0x7f0000000340)=[{&(0x7f0000000300)='0', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f0000001b00)=[{{&(0x7f0000000380)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000001b40)=[@rights={{0x18, 0x1, 0x1, [r6, r6]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7}}}], 0x50, 0x4000000}}], 0x1, 0x20000010)

3.652092061s ago: executing program 4 (id=1192):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x42}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
chdir(0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
close(r0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000140)=0x10)
sendmmsg$inet_sctp(r0, &(0x7f0000006cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, r6}}], 0x30}], 0x1, 0x0)
add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"])
add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)

2.341253457s ago: executing program 4 (id=1193):
r0 = socket$inet(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x12, 0xffff, 0x8, 0x7fffffff, 0x0, 0x1}, 0x48)
setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000001140)=0x8000, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000340))
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21}, 0x10)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x44040)
r4 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x0, 0x80, 0x0, 0x27d}, &(0x7f0000000040)=<r6=>0x0, &(0x7f00000000c0))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r1, 0x0, 0x0})
io_uring_enter(r4, 0x48e9, 0x0, 0x0, 0x0, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r7, 0xfffffffffffffffd, 0x58)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r9, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000030801040000000000000000010000000600024088f700000c0004800800084000000002050003003a000000140004"], 0x44}}, 0x0)

2.050141654s ago: executing program 1 (id=1194):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
clock_gettime(0x5, 0x0)
clock_settime(0x0, &(0x7f0000009ac0))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x8}, 0x90)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000017c00000400000014000180080016000003000006000600800a0000080002"], 0x1034}}, 0x0) (fail_nth: 5)

1.039580794s ago: executing program 1 (id=1195):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

989.383138ms ago: executing program 2 (id=1196):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000f5ff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000100), &(0x7f0000000140), 0x200000000000000}, 0x2a)

962.283336ms ago: executing program 3 (id=1197):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x7, 0x9fd, 0x84}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x6, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000001400)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}})
add_key(&(0x7f00000001c0)='big_key\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r5, r5, r5}, &(0x7f00000000c0)=""/28, 0x1c, &(0x7f00000001c0)={&(0x7f0000000140)={'poly1305\x00'}})
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha384\x00'}, 0x58)
sendmmsg$inet(r4, 0x0, 0x0, 0x0)
r6 = fsopen(&(0x7f0000000280)='gfs2meta\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, r2, 0x1000000}, 0x38)
r7 = dup(r1)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r7, 0x809, '\x00', 0x0, r0, 0x1}, 0x48)

321.395796ms ago: executing program 1 (id=1198):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4020000000000007f00000000000000050000001d0000009500740000c60000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x21)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000043242108d81301006230010203010902120001000000000904"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000010c0)=0x40)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
clock_adjtime(0xffffffd3, &(0x7f00000001c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, <r4=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)=r0}, 0x20)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000003c0)={<r5=>0x0, @rand_addr, @dev}, &(0x7f0000000400)=0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x2c, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000009000000000000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018680000010000000000000001000000b7080000000000007b8af8ff00000000b7080000030000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000085000000b700000000000000950000000000000000005dc03696eb92f224a854a836fe63a4c9329ecab13d087e4b3bd44b7736a02f1929baa422002a1a5a544cb1b4"], &(0x7f0000000380)='GPL\x00', 0x9c09, 0x0, 0x0, 0x41000, 0x4, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0x0, 0x80000001, 0x1}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000740)=[{0x1, 0x3, 0x4, 0x3}], 0x10, 0x4}, 0x90)
r6 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r7, 0x8b2c, &(0x7f0000000040))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

272.599823ms ago: executing program 4 (id=1199):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)

262.353353ms ago: executing program 2 (id=1200):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x281000, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000010000000100000000800000010000800000000010000000041a6110c8445b75c77002304"], &(0x7f0000000180)=""/144, 0x30, 0x90, 0x0, 0x4}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xda, '\x00', 0x0, r1}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r2}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x11, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000085000000d000000095000000000000007fa928fc356a3a33d7ac7cdf5f8b14cfe0f5d349df42f38aa4b62fd9f8d5641b978d75dd2fc6a1472eb0ddd2f869077305fb844f31defc702b777afd6026a0277d4eb61928038593c0aa5c11658dfec9fdec81a1e3ace008472f93c4fb75d64f5f24b6010e312e97c536ead9f75a6c47bd3decefb22e0fc3210d9447424306e05e2b0af092c3efaab745e53ffee66cd8b3e870952c9701a79fed5ca190c125814de235f0d1d54a0783ff845f8c691889b8c13fe4a05984474399d7a80139b9b16c73c3065a5a181dda9632f3f63f2947a90dbef232dbd108a9d0e3c650d59f54c9b35b41bed8a5e8693d397a7f9e8769c7ddb0b8b654c28529848a3d79d29116d2fc279503b944d7f485c8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvlan0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0}, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x800)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x109)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xffb5)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f0000000480), 0x0, 0x0, 0x0)
futex(0x0, 0x80000000000b, 0x4, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

66.267964ms ago: executing program 3 (id=1201):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$ENABLE_STATS(0x20, &(0x7f0000000040)={0x2}, 0x75)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
acct(0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x4)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0x1)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140))
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)

0s ago: executing program 4 (id=1202):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={0x0, 0x12f4}}, 0x0)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000003000)=""/4096, 0x1000}], 0x1}, 0x7}], 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

6
[  358.314767][ T1189] usb 5-1: can't read configurations, error -61
[  358.352862][   T46] usb 4-1: USB disconnect, device number 6
[  358.412106][ T8544] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  358.504789][ T1189] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  359.005239][ T1189] usb 5-1: Using ep0 maxpacket: 8
[  359.018700][ T1189] usb 5-1: unable to read config index 0 descriptor/start: -61
[  359.027505][ T1189] usb 5-1: can't read configurations, error -61
[  359.143534][ T1189] usb usb5-port1: attempt power cycle
[  359.163675][   T29] audit: type=1107 audit(1725452888.365:20): pid=8551 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='O'
[  360.122422][ T5278] net_ratelimit: 1 callbacks suppressed
[  360.122442][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  360.136138][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  360.845296][ T8581] xt_bpf: check failed: parse error
[  360.882282][ T8582] netlink: 12 bytes leftover after parsing attributes in process `syz.1.849'.
[  360.979750][   T29] audit: type=1326 audit(1725452890.185:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8577 comm="syz.1.849" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffad177cef9 code=0x0
[  361.132378][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.252140][ T8587] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  361.995256][ T8595] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  362.170312][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  363.068122][   T29] audit: type=1326 audit(1725452892.255:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.3.862" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad2d57cef9 code=0x0
[  363.137091][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  363.210082][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  363.240472][   T46] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  363.247018][ T8629] Bluetooth: MGMT ver 1.23
[  363.273611][ T8629] vlan1: entered promiscuous mode
[  363.308745][ T8629] vlan1 (unregistering): left promiscuous mode
[  363.439060][   T46] usb 2-1: Using ep0 maxpacket: 32
[  363.453710][   T46] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  363.472085][   T46] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  363.489156][   T46] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  363.508290][   T46] usb 2-1: config 1 has no interface number 0
[  363.515739][   T46] usb 2-1: config 1 interface 1 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[  363.539152][   T46] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x85 has an invalid bInterval 163, changing to 11
[  363.559595][   T46] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x85 has invalid maxpacket 50477, setting to 1024
[  363.579006][   T46] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  363.599079][   T46] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  363.619101][   T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.634534][ T8618] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  363.646477][   T46] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  363.880275][ T8640] netlink: 'syz.4.867': attribute type 8 has an invalid length.
[  363.895036][ T8618] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  363.916439][   T46] snd_usb_pod 2-1:1.1: endpoint not available, using fallback values
[  363.935579][   T46] snd_usb_pod 2-1:1.1: invalid control EP
[  363.950912][   T46] snd_usb_pod 2-1:1.1: cannot start listening: -22
[  363.957935][   T46] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  363.986658][   T46] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[  364.161504][ T8648] xt_CT: You must specify a L4 protocol and not use inversions on it
[  364.249796][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.259709][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.268394][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.292255][ T1189] usb 2-1: USB disconnect, device number 7
[  364.432113][ T8654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.872'.
[  364.883542][ T8661] FAULT_INJECTION: forcing a failure.
[  364.883542][ T8661] name failslab, interval 1, probability 0, space 0, times 0
[  364.896643][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.0.875 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  364.907253][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  364.917325][ T8661] Call Trace:
[  364.920619][ T8661]  <TASK>
[  364.923564][ T8661]  dump_stack_lvl+0x241/0x360
[  364.928266][ T8661]  ? __pfx_dump_stack_lvl+0x10/0x10
[  364.933490][ T8661]  ? __pfx__printk+0x10/0x10
[  364.938095][ T8661]  ? __pfx_lock_release+0x10/0x10
[  364.943135][ T8661]  ? mod_objcg_state+0x125/0x930
[  364.948070][ T8661]  should_fail_ex+0x3b0/0x4e0
[  364.952743][ T8661]  ? fib6_add_1+0x6ab/0x13c0
[  364.957326][ T8661]  should_failslab+0xac/0x100
[  364.961996][ T8661]  ? fib6_add_1+0x6ab/0x13c0
[  364.966581][ T8661]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  364.971954][ T8661]  fib6_add_1+0x6ab/0x13c0
[  364.976395][ T8661]  fib6_add+0x5d4/0x4430
[  364.980672][ T8661]  ? __pfx_lock_acquire+0x10/0x10
[  364.985704][ T8661]  ? __pfx_fib6_add+0x10/0x10
[  364.990384][ T8661]  ? do_raw_spin_lock+0x14f/0x370
[  364.995406][ T8661]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  365.001215][ T8661]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  365.006585][ T8661]  ? ip6_route_add+0x76/0x160
[  365.011263][ T8661]  ip6_route_add+0x8b/0x160
[  365.015765][ T8661]  ipv6_route_ioctl+0x588/0x870
[  365.020619][ T8661]  ? __pfx_ipv6_route_ioctl+0x10/0x10
[  365.026002][ T8661]  ? __might_fault+0xc6/0x120
[  365.030676][ T8661]  inet6_ioctl+0x21a/0x280
[  365.035086][ T8661]  ? __pfx_inet6_ioctl+0x10/0x10
[  365.040049][ T8661]  sock_do_ioctl+0x158/0x460
[  365.044659][ T8661]  ? __pfx_sock_do_ioctl+0x10/0x10
[  365.049789][ T8661]  ? __asan_memset+0x23/0x50
[  365.054382][ T8661]  ? smack_file_ioctl+0x2a1/0x3a0
[  365.059406][ T8661]  sock_ioctl+0x629/0x8e0
[  365.063737][ T8661]  ? __pfx_sock_ioctl+0x10/0x10
[  365.068609][ T8661]  ? __fget_files+0x3f6/0x470
[  365.073289][ T8661]  ? __fget_files+0x29/0x470
[  365.077879][ T8661]  ? bpf_lsm_file_ioctl+0x9/0x10
[  365.082818][ T8661]  ? security_file_ioctl+0x87/0xb0
[  365.087926][ T8661]  ? __pfx_sock_ioctl+0x10/0x10
[  365.092778][ T8661]  __se_sys_ioctl+0xfc/0x170
[  365.097370][ T8661]  do_syscall_64+0xf3/0x230
[  365.101872][ T8661]  ? clear_bhb_loop+0x35/0x90
[  365.106550][ T8661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.112434][ T8661] RIP: 0033:0x7f9e3057cef9
[  365.116837][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.136430][ T8661] RSP: 002b:00007f9e312c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.144835][ T8661] RAX: ffffffffffffffda RBX: 00007f9e30735f80 RCX: 00007f9e3057cef9
[  365.152796][ T8661] RDX: 0000000020000000 RSI: 000000000000890b RDI: 0000000000000007
[  365.160845][ T8661] RBP: 00007f9e312c7090 R08: 0000000000000000 R09: 0000000000000000
[  365.168823][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.176799][ T8661] R13: 0000000000000000 R14: 00007f9e30735f80 R15: 00007ffe063b9588
[  365.184784][ T8661]  </TASK>
[  365.215471][ T8664] autofs: Bad value for 'fd'
[  365.336044][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.582082][ T5278] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  365.872380][ T5278] usb 1-1: config 4 has an invalid descriptor of length 77, skipping remainder of the config
[  365.883295][ T5278] usb 1-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  365.896496][ T5278] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  365.913103][ T5278] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  365.927271][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.559365][ T5278] usb 1-1: string descriptor 0 read error: -71
[  366.676759][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  366.691103][ T8682] netlink: 16 bytes leftover after parsing attributes in process `syz.4.883'.
[  366.738513][ T5278] ath6kl: Failed to submit usb control message: -71
[  366.759700][ T5278] ath6kl: unable to send the bmi data to the device: -71
[  366.776326][ T5278] ath6kl: Unable to send get target info: -71
[  366.800439][ T5278] ath6kl: Failed to init ath6kl core: -71
[  366.831174][ T5278] ath6kl_usb 1-1:4.0: probe with driver ath6kl_usb failed with error -71
[  366.864995][ T5278] usb 1-1: USB disconnect, device number 9
[  367.104431][ T8696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.113665][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.122808][ T8696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.132824][ T8696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.142018][ T8696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.149272][   T46] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  367.150459][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.167072][ T8696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.175365][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  367.217760][ T8701] xt_CT: You must specify a L4 protocol and not use inversions on it
[  367.283748][ T8703] autofs: Unknown parameter '0x0000000000000000'
[  367.402637][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.430841][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.460291][   T46] usb 2-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  367.470019][   T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.485154][   T46] usb 2-1: config 0 descriptor??
[  368.136654][ T8719] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  370.169422][ T8736] netlink: 16 bytes leftover after parsing attributes in process `syz.4.899'.
[  370.192538][ T8737] rdma_rxe: rxe_newlink: failed to add vcan0
[  370.340648][ T1189] net_ratelimit: 203 callbacks suppressed
[  370.340666][ T1189] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  370.393603][ T8736] netlink: 16 bytes leftover after parsing attributes in process `syz.4.899'.
[  370.600220][   T58] usb 2-1: USB disconnect, device number 8
[  370.724348][ T8740] autofs: Unknown parameter '0x0000000000000000'
[  370.891197][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  371.269196][ T8750] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  372.214934][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  373.291942][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  373.370360][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  373.449371][ T5272] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  373.534388][ T8783] autofs: Unknown parameter '0x0000000000000000'
[  373.538132][ T8784] rdma_rxe: rxe_newlink: failed to add vcan0
[  373.679323][ T5272] usb 4-1: Using ep0 maxpacket: 32
[  373.779267][ T5272] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  373.806103][ T5272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  373.913919][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  374.163805][ T5272] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  374.297757][ T5272] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  374.307472][ T5272] usb 4-1: Product: syz
[  374.313264][ T5272] usb 4-1: Manufacturer: syz
[  374.334508][ T5272] usb 4-1: SerialNumber: syz
[  374.334662][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  374.425462][ T5272] usb 4-1: config 0 descriptor??
[  374.473695][ T5272] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  374.519629][ T5272] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  374.761195][   T29] audit: type=1107 audit(1725452903.965:23): pid=8794 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='O'
[  375.129689][ T5239] Bluetooth: hci3: command 0x0405 tx timeout
[  375.397956][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  377.426592][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  377.443555][ T1189] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  377.528139][ T8800] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  378.716855][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  378.907896][ T8814] netlink: 'syz.0.923': attribute type 1 has an invalid length.
[  378.976707][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[  378.983932][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  378.984807][ T8816] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.008800][ T8817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.924'.
[  379.031003][ T8816] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.052651][ T8816] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.082254][ T8816] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.092725][ T8816] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.103700][ T8819] netlink: 16 bytes leftover after parsing attributes in process `syz.1.924'.
[  379.128136][ T8815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  379.178382][ T8822] autofs: Unknown parameter '0x0000000000000000'
[  379.845479][ T8833] loop7: detected capacity change from 0 to 16384
[  380.494073][ T5296] net_ratelimit: 1 callbacks suppressed
[  380.494093][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  380.604151][ T8836] netlink: 104 bytes leftover after parsing attributes in process `syz.4.932'.
[  380.718024][   T29] audit: type=1326 audit(1725452909.915:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8835 comm="syz.4.932" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab3777cef9 code=0x0
[  380.810044][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  381.189617][ T8851] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  382.188212][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  384.730791][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  388.210579][ T8808] ldusb 4-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  388.228454][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  388.249133][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  388.259120][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  388.800439][ T8863] netlink: 'syz.0.941': attribute type 21 has an invalid length.
[  388.855808][ T8863] netlink: 128 bytes leftover after parsing attributes in process `syz.0.941'.
[  388.929236][ T8866] fuse: Bad value for 'fd'
[  389.038039][ T8863] netlink: 'syz.0.941': attribute type 5 has an invalid length.
[  389.111326][ T8863] netlink: 3 bytes leftover after parsing attributes in process `syz.0.941'.
[  389.309248][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  389.405079][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  389.424045][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  389.433812][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  389.442033][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  389.449747][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  389.701497][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  390.138429][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  390.416069][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  390.510040][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  390.589300][ T8867] vcan0 speed is unknown, defaulting to 1000
[  390.729795][ T8889] FAULT_INJECTION: forcing a failure.
[  390.729795][ T8889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.809134][ T8889] CPU: 0 UID: 0 PID: 8889 Comm: syz.0.946 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  390.819774][ T8889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  390.829840][ T8889] Call Trace:
[  390.833111][ T8889]  <TASK>
[  390.836036][ T8889]  dump_stack_lvl+0x241/0x360
[  390.840713][ T8889]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.845908][ T8889]  ? __pfx__printk+0x10/0x10
[  390.850487][ T8889]  ? __pfx_lock_release+0x10/0x10
[  390.855506][ T8889]  ? __lock_acquire+0x137a/0x2040
[  390.860528][ T8889]  should_fail_ex+0x3b0/0x4e0
[  390.865199][ T8889]  _copy_from_user+0x2f/0xe0
[  390.869783][ T8889]  kstrtouint_from_user+0xc6/0x190
[  390.874884][ T8889]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  390.880681][ T8889]  ? __pfx_lock_acquire+0x10/0x10
[  390.885706][ T8889]  proc_fail_nth_write+0xaa/0x2d0
[  390.890726][ T8889]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  390.896618][ T8889]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  390.902247][ T8889]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  390.907873][ T8889]  vfs_write+0x2a2/0xc90
[  390.912125][ T8889]  ? __pfx_vfs_write+0x10/0x10
[  390.916883][ T8889]  ? __fget_files+0x29/0x470
[  390.921465][ T8889]  ? __fget_files+0x3f6/0x470
[  390.926139][ T8889]  ksys_write+0x1a0/0x2c0
[  390.930467][ T8889]  ? __pfx_ksys_write+0x10/0x10
[  390.935310][ T8889]  ? do_syscall_64+0x100/0x230
[  390.940068][ T8889]  ? do_syscall_64+0xb6/0x230
[  390.944739][ T8889]  do_syscall_64+0xf3/0x230
[  390.949230][ T8889]  ? clear_bhb_loop+0x35/0x90
[  390.953900][ T8889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.959783][ T8889] RIP: 0033:0x7f9e3057b9df
[  390.964190][ T8889] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  390.983788][ T8889] RSP: 002b:00007f9e312c7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  390.992193][ T8889] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9e3057b9df
[  391.000152][ T8889] RDX: 0000000000000001 RSI: 00007f9e312c70a0 RDI: 0000000000000007
[  391.008124][ T8889] RBP: 00007f9e312c7090 R08: 0000000000000000 R09: 0000000000000000
[  391.016100][ T8889] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  391.024094][ T8889] R13: 0000000000000000 R14: 00007f9e30735f80 R15: 00007ffe063b9588
[  391.032081][ T8889]  </TASK>
[  391.132593][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  391.182963][ T8894] FAULT_INJECTION: forcing a failure.
[  391.182963][ T8894] name failslab, interval 1, probability 0, space 0, times 0
[  391.204093][   T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.358570][ T8894] CPU: 0 UID: 0 PID: 8894 Comm: syz.4.947 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  391.369215][ T8894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  391.379292][ T8894] Call Trace:
[  391.382588][ T8894]  <TASK>
[  391.385531][ T8894]  dump_stack_lvl+0x241/0x360
[  391.390242][ T8894]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.395462][ T8894]  ? __pfx__printk+0x10/0x10
[  391.400072][ T8894]  ? __kmalloc_noprof+0xb0/0x400
[  391.405024][ T8894]  ? __pfx___might_resched+0x10/0x10
[  391.410301][ T8894]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  391.416197][ T8894]  should_fail_ex+0x3b0/0x4e0
[  391.420872][ T8894]  ? snd_pcm_hw_refine+0x965/0x1b40
[  391.426062][ T8894]  should_failslab+0xac/0x100
[  391.430735][ T8894]  ? snd_pcm_hw_refine+0x965/0x1b40
[  391.435922][ T8894]  __kmalloc_noprof+0xd8/0x400
[  391.440690][ T8894]  snd_pcm_hw_refine+0x965/0x1b40
[  391.445705][ T8894]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  391.451243][ T8894]  ? snd_pcm_hw_param_near+0xea/0x740
[  391.456606][ T8894]  ? snd_pcm_oss_change_params_locked+0xf4f/0x3d60
[  391.463197][ T8894]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  391.468670][ T8894]  ? __kasan_kmalloc+0x98/0xb0
[  391.473422][ T8894]  ? snd_pcm_hw_param_near+0xea/0x740
[  391.478786][ T8894]  ? _snd_pcm_hw_param_min+0x586/0x870
[  391.484239][ T8894]  snd_pcm_hw_param_near+0x167/0x740
[  391.489520][ T8894]  ? kasan_quarantine_put+0xdc/0x230
[  391.494795][ T8894]  ? __pfx_snd_pcm_hw_param_near+0x10/0x10
[  391.500595][ T8894]  ? kfree+0x149/0x360
[  391.504660][ T8894]  snd_pcm_oss_change_params_locked+0xf4f/0x3d60
[  391.510989][ T8894]  ? __pfx___might_resched+0x10/0x10
[  391.516294][ T8894]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  391.523053][ T8894]  ? __pfx___mutex_lock+0x10/0x10
[  391.528075][ T8894]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  391.533447][ T8894]  snd_pcm_oss_make_ready+0x11d/0x350
[  391.538864][ T8894]  snd_pcm_oss_set_trigger+0x93/0x730
[  391.544229][ T8894]  ? _raw_spin_unlock_irq+0x23/0x50
[  391.549422][ T8894]  ? lockdep_hardirqs_on+0x99/0x150
[  391.554611][ T8894]  snd_pcm_oss_poll+0x668/0x8c0
[  391.559459][ T8894]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  391.564822][ T8894]  ? __might_fault+0xc6/0x120
[  391.569489][ T8894]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  391.574851][ T8894]  do_sys_poll+0x7ce/0x1300
[  391.579363][ T8894]  ? __pfx_do_sys_poll+0x10/0x10
[  391.584290][ T8894]  ? __pfx___pollwait+0x10/0x10
[  391.589138][ T8894]  ? __pfx_pollwake+0x10/0x10
[  391.593840][ T8894]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  391.600077][ T8894]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  391.606659][ T8894]  ? ktime_get_ts64+0xa8/0x2b0
[  391.611415][ T8894]  ? lockdep_hardirqs_on+0x99/0x150
[  391.616625][ T8894]  ? __pfx_timespec64_add_safe+0x10/0x10
[  391.622272][ T8894]  __se_sys_poll+0x1c5/0x400
[  391.626872][ T8894]  ? __pfx___se_sys_poll+0x10/0x10
[  391.631973][ T8894]  ? do_syscall_64+0x100/0x230
[  391.636818][ T8894]  ? do_syscall_64+0xb6/0x230
[  391.641489][ T8894]  do_syscall_64+0xf3/0x230
[  391.645991][ T8894]  ? clear_bhb_loop+0x35/0x90
[  391.650666][ T8894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.656549][ T8894] RIP: 0033:0x7fab3777cef9
[  391.660953][ T8894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.680549][ T8894] RSP: 002b:00007fab3852a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  391.688952][ T8894] RAX: ffffffffffffffda RBX: 00007fab37935f80 RCX: 00007fab3777cef9
[  391.696925][ T8894] RDX: 0000000000007fff RSI: 0000000000000001 RDI: 0000000020002140
[  391.704887][ T8894] RBP: 00007fab3852a090 R08: 0000000000000000 R09: 0000000000000000
[  391.712846][ T8894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.720805][ T8894] R13: 0000000000000000 R14: 00007fab37935f80 R15: 00007ffe797c2dc8
[  391.728779][ T8894]  </TASK>
[  391.736716][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  391.851857][ T8897] xt_CT: You must specify a L4 protocol and not use inversions on it
[  391.860863][ T5239] Bluetooth: hci1: command tx timeout
[  391.942507][ T5272] usb 4-1: USB disconnect, device number 7
[  391.957689][ T5272] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  392.159392][ T5229] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  392.168653][ T5229] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  392.201425][ T5229] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  392.211814][ T5229] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  392.285143][ T5229] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  392.294014][ T5229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  392.387237][   T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.636819][   T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.854638][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  392.899589][   T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.986603][ T8902] vcan0 speed is unknown, defaulting to 1000
[  393.422104][ T8867] chnl_net:caif_netlink_parms(): no params data found
[  393.526940][   T62] bridge_slave_1: left allmulticast mode
[  393.534653][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  393.543152][   T62] bridge_slave_1: left promiscuous mode
[  393.549392][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.576410][   T62] bridge_slave_0: left allmulticast mode
[  393.590262][   T62] bridge_slave_0: left promiscuous mode
[  393.597703][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.939373][ T5239] Bluetooth: hci1: command tx timeout
[  393.939847][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  394.007849][ T8921] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  394.601508][ T5239] Bluetooth: hci4: command tx timeout
[  394.613450][ T8924] overlay: filesystem on ./bus not supported as upperdir
[  394.989750][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  395.244093][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  395.266420][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  395.285539][   T62] bond0 (unregistering): Released all slaves
[  396.010314][ T5239] Bluetooth: hci1: command tx timeout
[  396.016891][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  396.241824][ T8867] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.249223][ T8867] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.256397][ T8867] bridge_slave_0: entered allmulticast mode
[  396.351988][ T8867] bridge_slave_0: entered promiscuous mode
[  396.374830][ T8867] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.393635][ T8867] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.443643][ T8867] bridge_slave_1: entered allmulticast mode
[  396.485100][ T8867] bridge_slave_1: entered promiscuous mode
[  396.569213][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  396.618487][ T5225] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  396.628363][ T5225] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  396.638036][ T5225] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  396.647335][ T5225] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  396.659363][   T54] Bluetooth: hci4: command 0x041b tx timeout
[  396.667927][ T5225] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  396.678575][ T5225] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  397.007231][   T62] hsr_slave_0: left promiscuous mode
[  397.013771][   T62] hsr_slave_1: left promiscuous mode
[  397.044494][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.060644][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  397.068524][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.091845][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.119166][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.183040][   T62] veth1_macvtap: left promiscuous mode
[  397.188618][   T62] veth0_macvtap: left promiscuous mode
[  397.200104][   T62] veth1_vlan: left promiscuous mode
[  397.205449][   T62] veth0_vlan: left promiscuous mode
[  397.217756][ T8964] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  398.107904][ T5239] Bluetooth: hci1: command tx timeout
[  398.232449][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  398.356253][   T62] team0 (unregistering): Port device team_slave_1 removed
[  398.401314][   T62] team0 (unregistering): Port device team_slave_0 removed
[  398.729230][ T5239] Bluetooth: hci4: command 0x041b tx timeout
[  398.735386][ T5225] Bluetooth: hci0: command tx timeout
[  398.872995][ T8867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  399.034305][ T8867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  399.068612][ T8948] vcan0 speed is unknown, defaulting to 1000
[  399.101681][   T29] audit: type=1107 audit(1725452928.305:25): pid=8976 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='O'
[  399.167829][ T8867] team0: Port device team_slave_0 added
[  399.230222][ T8867] team0: Port device team_slave_1 added
[  399.259936][ T8902] chnl_net:caif_netlink_parms(): no params data found
[  399.290215][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  399.319828][   T46] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  399.589711][   T46] usb 2-1: Using ep0 maxpacket: 32
[  399.607794][   T46] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  399.609371][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  399.617103][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  399.662225][   T46] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  399.681499][   T46] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  399.704576][ T8867] batman_adv: batadv0: Adding interface: batadv_slave_0
[  399.707216][   T46] usb 2-1: Product: syz
[  399.713587][ T8867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.729472][   T46] usb 2-1: Manufacturer: syz
[  399.742381][ T8867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  399.762295][   T46] usb 2-1: SerialNumber: syz
[  399.786692][ T8867] batman_adv: batadv0: Adding interface: batadv_slave_1
[  399.798176][   T46] usb 2-1: config 0 descriptor??
[  399.804082][ T8867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.837933][   T46] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  399.858536][ T8867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  399.877888][   T46] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  399.974430][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.996740][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.005892][ T8902] bridge_slave_0: entered allmulticast mode
[  400.026202][ T8902] bridge_slave_0: entered promiscuous mode
[  400.083882][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.094572][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.101978][ T8902] bridge_slave_1: entered allmulticast mode
[  400.110150][ T8902] bridge_slave_1: entered promiscuous mode
[  400.810788][ T5225] Bluetooth: hci4: command 0x041b tx timeout
[  400.817621][ T5225] Bluetooth: hci0: command tx timeout
[  400.835407][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  400.843554][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  401.089223][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  402.586125][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  403.354275][ T5239] Bluetooth: hci0: command tx timeout
[  403.370802][ T5239] Bluetooth: hci4: command 0x041b tx timeout
[  403.729223][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  403.852948][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  403.877371][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.906377][ T8867] hsr_slave_0: entered promiscuous mode
[  403.919768][ T8867] hsr_slave_1: entered promiscuous mode
[  403.926092][ T8867] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.934251][ T8867] Cannot create hsr debugfs directory
[  404.025491][ T8902] team0: Port device team_slave_0 added
[  404.085919][ T8902] team0: Port device team_slave_1 added
[  404.244849][   T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.299129][ T5272] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  404.385490][ T8902] batman_adv: batadv0: Adding interface: batadv_slave_0
[  404.393548][ T8902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.421507][ T8902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  404.436284][ T8902] batman_adv: batadv0: Adding interface: batadv_slave_1
[  404.443770][ T8902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.470617][ T8902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.501037][ T5272] usb 5-1: config 0 interface 0 has no altsetting 0
[  404.507839][ T5272] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  404.509924][   T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.531698][ T5272] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.546833][ T5272] usb 5-1: config 0 descriptor??
[  404.638493][   T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.739447][ T8902] hsr_slave_0: entered promiscuous mode
[  404.746448][ T8902] hsr_slave_1: entered promiscuous mode
[  404.760077][ T8902] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  404.767846][ T8902] Cannot create hsr debugfs directory
[  404.780130][ T5272]  (null): keene_cmd_main failed (-71)
[  404.820830][ T5272] video4linux radio32: keene_cmd_main failed (-71)
[  404.836374][ T5272] radio-keene 5-1:0.0: V4L2 device registered as radio32
[  404.855532][ T5272] usb 5-1: USB disconnect, device number 10
[  404.869532][   T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.054157][ T8948] chnl_net:caif_netlink_parms(): no params data found
[  405.503081][   T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.828004][ T5225] Bluetooth: hci0: command tx timeout
[  405.833578][ T9006] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  406.382728][   T58] usb 2-1: USB disconnect, device number 9
[  406.384729][   T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.419280][   T58] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  406.572517][   T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.848846][ T5225] Bluetooth: hci6: unexpected event for opcode 0x0c56
[  406.887778][   T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.965057][ T8948] bridge0: port 1(bridge_slave_0) entered blocking state
[  406.987072][ T8948] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.129475][ T8948] bridge_slave_0: entered allmulticast mode
[  407.136216][ T8948] bridge_slave_0: entered promiscuous mode
[  407.178571][ T8948] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.187304][ T8948] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.195203][ T8948] bridge_slave_1: entered allmulticast mode
[  407.211792][ T8948] bridge_slave_1: entered promiscuous mode
[  407.340621][ T8948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  407.355805][ T8948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  407.373484][ T8867] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  407.424093][ T8867] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  407.460390][ T8867] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  407.530048][ T8948] team0: Port device team_slave_0 added
[  407.562119][ T8948] team0: Port device team_slave_1 added
[  407.574627][ T8867] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  407.705615][   T62] bridge_slave_1: left allmulticast mode
[  407.712582][   T62] bridge_slave_1: left promiscuous mode
[  407.718407][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.730090][   T62] bridge_slave_0: left allmulticast mode
[  407.735835][   T62] bridge_slave_0: left promiscuous mode
[  407.742762][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.756603][   T62] bridge_slave_1: left allmulticast mode
[  407.762549][   T62] bridge_slave_1: left promiscuous mode
[  407.768268][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.783632][   T62] bridge_slave_0: left allmulticast mode
[  407.845516][   T62] bridge_slave_0: left promiscuous mode
[  407.852171][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.128390][   T29] audit: type=1107 audit(1725452937.325:26): pid=9071 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='O'
[  408.727533][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  408.743641][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  408.757175][   T62] bond0 (unregistering): Released all slaves
[  408.900853][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  408.915051][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  408.928438][   T62] bond0 (unregistering): Released all slaves
[  409.011809][ T8948] batman_adv: batadv0: Adding interface: batadv_slave_0
[  409.020298][ T8948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.053895][ T8948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  409.131096][ T8948] batman_adv: batadv0: Adding interface: batadv_slave_1
[  409.146037][ T8948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.181601][ T8948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  409.340513][ T8948] hsr_slave_0: entered promiscuous mode
[  409.347013][ T8948] hsr_slave_1: entered promiscuous mode
[  409.355707][ T8948] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  409.364891][ T9081] netlink: 16 bytes leftover after parsing attributes in process `syz.4.972'.
[  409.374834][ T8948] Cannot create hsr debugfs directory
[  409.497097][ T9082] netlink: 16 bytes leftover after parsing attributes in process `syz.4.972'.
[  409.923943][ T8902] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  409.958848][ T8902] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  410.020856][ T8902] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  410.065670][ T8902] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  410.332487][ T8867] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.361811][ T8867] 8021q: adding VLAN 0 to HW filter on device team0
[  410.413944][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.421089][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.439799][ T7411] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  410.498851][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.505995][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  410.624462][   T62] hsr_slave_0: left promiscuous mode
[  410.630457][ T7411] usb 5-1: Using ep0 maxpacket: 32
[  410.636830][   T62] hsr_slave_1: left promiscuous mode
[  410.645370][ T7411] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  410.655853][ T7411] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  410.668621][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  410.682622][ T7411] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  410.693196][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.700770][ T7411] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  410.713597][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  410.721279][ T7411] usb 5-1: Product: syz
[  410.725724][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.737727][ T7411] usb 5-1: Manufacturer: syz
[  410.746675][ T7411] usb 5-1: SerialNumber: syz
[  410.755830][ T7411] usb 5-1: config 0 descriptor??
[  410.768219][ T7411] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  410.780696][ T7411] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  410.788879][   T62] hsr_slave_0: left promiscuous mode
[  410.818007][   T62] hsr_slave_1: left promiscuous mode
[  410.830136][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  410.837579][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.876283][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  410.884594][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.941790][   T62] veth1_macvtap: left promiscuous mode
[  410.947363][   T62] veth0_macvtap: left promiscuous mode
[  410.953794][   T62] veth1_vlan: left promiscuous mode
[  411.014524][   T62] veth0_vlan: left promiscuous mode
[  411.025036][   T62] veth1_macvtap: left promiscuous mode
[  411.037313][   T62] veth0_macvtap: left promiscuous mode
[  411.045440][   T62] veth1_vlan: left promiscuous mode
[  411.272220][   T62] veth0_vlan: left promiscuous mode
[  414.935917][ T9099] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  415.493414][ T5278] usb 5-1: USB disconnect, device number 11
[  415.535150][ T5278] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  415.670020][ T9102] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  418.006537][   T62] team0 (unregistering): Port device team_slave_1 removed
[  418.101645][   T62] team0 (unregistering): Port device team_slave_0 removed
[  418.217091][ T9125] xt_CT: You must specify a L4 protocol and not use inversions on it
[  419.208810][   T62] team0 (unregistering): Port device team_slave_1 removed
[  419.286217][   T62] team0 (unregistering): Port device team_slave_0 removed
[  420.180020][ T9132] netlink: 16 bytes leftover after parsing attributes in process `syz.4.980'.
[  420.355721][ T9138] netlink: 16 bytes leftover after parsing attributes in process `syz.4.980'.
[  420.399766][ T8902] 8021q: adding VLAN 0 to HW filter on device bond0
[  420.522432][   T25] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  420.598736][ T8902] 8021q: adding VLAN 0 to HW filter on device team0
[  420.707851][ T1115] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.715025][ T1115] bridge0: port 1(bridge_slave_0) entered forwarding state
[  420.744697][ T8948] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  420.759286][   T25] usb 2-1: Using ep0 maxpacket: 32
[  420.766439][   T25] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  420.775777][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  420.803377][ T8867] 8021q: adding VLAN 0 to HW filter on device batadv0
[  420.815945][   T25] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  420.835974][   T25] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  420.836560][ T8948] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  420.857202][   T25] usb 2-1: Product: syz
[  420.866337][   T25] usb 2-1: Manufacturer: syz
[  420.869382][ T8948] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  420.876204][   T25] usb 2-1: SerialNumber: syz
[  420.899477][   T25] usb 2-1: config 0 descriptor??
[  420.918011][ T8948] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  420.927222][   T25] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  420.949522][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.956618][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  420.975496][   T25] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  425.979800][ T9158] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  426.043633][ T5331] usb 2-1: USB disconnect, device number 10
[  426.133004][ T5331] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  426.341360][ T8867] veth0_vlan: entered promiscuous mode
[  426.417979][ T8867] veth1_vlan: entered promiscuous mode
[  426.443660][ T8948] 8021q: adding VLAN 0 to HW filter on device bond0
[  426.622813][ T8948] 8021q: adding VLAN 0 to HW filter on device team0
[  426.720903][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.728189][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  426.806917][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.814153][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  427.200724][ T8867] veth0_macvtap: entered promiscuous mode
[  427.299426][ T8902] 8021q: adding VLAN 0 to HW filter on device batadv0
[  427.326307][ T8867] veth1_macvtap: entered promiscuous mode
[  427.414173][ T8867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  427.446341][ T8867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  427.464062][ T8867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  427.485566][ T8867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  427.512652][ T8867] batman_adv: batadv0: Interface activated: batadv_slave_0
[  427.565705][ T8867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  427.600994][ T8867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  427.629302][ T8867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  427.647890][ T8867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  427.666096][ T8867] batman_adv: batadv0: Interface activated: batadv_slave_1
[  427.717945][ T8867] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  427.747900][ T8867] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  427.760218][ T8867] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  427.789148][ T8867] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  427.827041][ T9192] xt_CT: You must specify a L4 protocol and not use inversions on it
[  427.844239][ T8902] veth0_vlan: entered promiscuous mode
[  427.887584][ T8902] veth1_vlan: entered promiscuous mode
[  428.043614][ T8948] 8021q: adding VLAN 0 to HW filter on device batadv0
[  428.135214][ T1062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.175973][ T1062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.237320][ T8902] veth0_macvtap: entered promiscuous mode
[  428.257184][ T8902] veth1_macvtap: entered promiscuous mode
[  428.321722][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.347903][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.390690][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  428.451154][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  428.478438][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  428.527351][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  428.545434][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  428.588441][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  428.615228][ T8902] batman_adv: batadv0: Interface activated: batadv_slave_0
[  428.667808][ T9203] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  429.225200][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.245829][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.277850][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.316289][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.337155][ T8902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.361415][ T8902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.379488][ T8902] batman_adv: batadv0: Interface activated: batadv_slave_1
[  429.392518][ T8948] veth0_vlan: entered promiscuous mode
[  429.415312][ T8902] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.425452][ T8902] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.432948][ T9215] capability: warning: `syz.1.989' uses 32-bit capabilities (legacy support in use)
[  429.453484][ T8902] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.481386][ T8902] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  429.528778][ T8948] veth1_vlan: entered promiscuous mode
[  429.584670][ T9221] netlink: 24 bytes leftover after parsing attributes in process `syz.4.990'.
[  429.775122][ T8948] veth0_macvtap: entered promiscuous mode
[  429.843773][ T8948] veth1_macvtap: entered promiscuous mode
[  429.929292][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.944178][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.012299][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.055080][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.085105][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.107249][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.131686][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.192198][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.225488][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.239049][  T940] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  430.248058][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.462739][ T8948] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.607095][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.633106][  T940] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE1, changing to 0x81
[  430.648841][  T940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  430.661588][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.672990][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.684017][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.684368][  T940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  430.699989][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.716763][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.719097][  T940] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  430.730659][ T8948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.753284][ T8948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.767117][ T8948] batman_adv: batadv0: Interface activated: batadv_slave_1
[  430.777232][  T940] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  430.817886][  T940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.843727][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.847925][ T8948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.860640][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.875683][  T940] usb 5-1: config 0 descriptor??
[  430.896096][ T8948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.919107][ T8948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.927865][ T8948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  431.132377][ T9230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.211094][ T9230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.544263][  T940] usbhid 5-1:0.0: can't add hid device: -71
[  431.747489][  T940] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  431.870713][ T9230] overlayfs: failed to resolve './file0': -2
[  431.914679][  T940] usb 5-1: USB disconnect, device number 12
[  431.998095][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  432.069193][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  433.713526][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  433.755515][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  433.999159][ T1189] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  434.071457][ T9287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1000'.
[  434.159166][   T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  434.188212][ T9293] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1003'.
[  434.199267][ T1189] usb 5-1: Using ep0 maxpacket: 8
[  434.213018][ T1189] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  434.241475][ T1189] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.256554][ T9293] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1003'.
[  434.277309][ T1189] usb 5-1: config 0 has no interface number 0
[  434.294684][ T1189] usb 5-1: config 0 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  434.308035][ T1189] usb 5-1: config 0 interface 1 has no altsetting 0
[  434.323902][ T1189] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  434.334696][ T1189] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.349361][ T9293] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1003'.
[  434.382305][ T1189] usb 5-1: config 0 descriptor??
[  434.505569][ T1189] hso 5-1:0.1: Failed to find BULK IN ep
[  435.811794][ T1189] usb 5-1: USB disconnect, device number 13
[  435.825848][   T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.882513][   T25] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[  435.944535][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  435.976330][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.136508][   T25] usb 1-1: Product: syz
[  436.141215][   T25] usb 1-1: Manufacturer: syz
[  436.146074][   T25] usb 1-1: SerialNumber: syz
[  436.910907][ T9277] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  436.938479][ T9320] fuse: Unknown parameter 'nt'
[  436.945384][ T9320] devtmpfs: Unknown parameter 'posixacl'
[  437.154114][ T9329] netlink: 'syz.1.1011': attribute type 16 has an invalid length.
[  437.348768][ T9330] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.615814][ T9277] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  437.629298][ T5278] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  437.819110][ T5278] usb 5-1: Using ep0 maxpacket: 32
[  437.907490][   T25] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  437.915300][ T9350] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1015'.
[  437.943094][ T5278] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  437.959022][   T25] cdc_ncm 1-1:1.0: setting rx_max = 16384
[  438.808300][ T5278] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  438.818014][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.827719][   T25] cdc_ncm 1-1:1.0: setting tx_max = 184
[  438.849021][ T5278] usb 5-1: Product: syz
[  438.859055][ T5278] usb 5-1: Manufacturer: syz
[  438.863683][ T5278] usb 5-1: SerialNumber: syz
[  438.892170][   T25] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  438.916483][ T5278] usb 5-1: config 0 descriptor??
[  438.948381][ T9332] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  439.004473][ T5278] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  439.013441][   T25] usb 1-1: USB disconnect, device number 10
[  439.022572][ T9358] FAULT_INJECTION: forcing a failure.
[  439.022572][ T9358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.037504][   T25] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  439.111063][ T9358] CPU: 1 UID: 0 PID: 9358 Comm: syz.3.1019 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  439.121789][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  439.131863][ T9358] Call Trace:
[  439.135157][ T9358]  <TASK>
[  439.138085][ T9358]  dump_stack_lvl+0x241/0x360
[  439.142767][ T9358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.147963][ T9358]  ? __pfx__printk+0x10/0x10
[  439.152560][ T9358]  ? vfs_write+0x7c4/0xc90
[  439.156980][ T9358]  should_fail_ex+0x3b0/0x4e0
[  439.161660][ T9358]  _copy_from_user+0x2f/0xe0
[  439.166245][ T9358]  move_addr_to_kernel+0x82/0x150
[  439.171278][ T9358]  __sys_bind+0x168/0x2f0
[  439.175598][ T9358]  ? __pfx___sys_bind+0x10/0x10
[  439.180452][ T9358]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  439.186796][ T9358]  ? do_syscall_64+0x100/0x230
[  439.191570][ T9358]  __x64_sys_bind+0x7a/0x90
[  439.196079][ T9358]  do_syscall_64+0xf3/0x230
[  439.200587][ T9358]  ? clear_bhb_loop+0x35/0x90
[  439.205264][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.211169][ T9358] RIP: 0033:0x7f1d30b7cef9
[  439.215591][ T9358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.235207][ T9358] RSP: 002b:00007f1d31993038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  439.243626][ T9358] RAX: ffffffffffffffda RBX: 00007f1d30d35f80 RCX: 00007f1d30b7cef9
[  439.251593][ T9358] RDX: 000000000000001c RSI: 0000000020000180 RDI: 0000000000000003
[  439.259553][ T9358] RBP: 00007f1d31993090 R08: 0000000000000000 R09: 0000000000000000
[  439.267512][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.275472][ T9358] R13: 0000000000000000 R14: 00007f1d30d35f80 R15: 00007ffe080771c8
[  439.283450][ T9358]  </TASK>
[  440.097397][ T5225] Bluetooth: hci6: unexpected event for opcode 0x0c22
[  440.239479][ T9369] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  440.263961][ T5278] usb 5-1: USB disconnect, device number 14
[  440.426005][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[  440.434842][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  440.957229][ T9407] udevd[9407]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  441.194367][   T25] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  441.411969][   T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  441.432546][   T25] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  441.459035][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.479987][   T25] usb 1-1: config 0 descriptor??
[  441.495708][   T25] pwc: Askey VC010 type 2 USB webcam detected.
[  441.695707][ T9383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  441.722642][ T9383] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  441.740911][ T1189] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  441.943992][ T1189] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  441.977357][   T25] pwc: recv_control_msg error -32 req 02 val 2b00
[  441.996607][ T1189] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  442.008105][ T5272] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  442.018564][   T25] pwc: recv_control_msg error -32 req 02 val 2700
[  442.059147][ T1189] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  442.059448][   T25] pwc: recv_control_msg error -71 req 02 val 2c00
[  442.090989][ T1189] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  442.101234][   T25] pwc: recv_control_msg error -71 req 04 val 1000
[  442.104085][   T25] pwc: recv_control_msg error -71 req 04 val 1300
[  442.131095][ T1189] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  442.131418][   T25] pwc: recv_control_msg error -71 req 04 val 1400
[  442.141657][ T1189] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.169872][   T25] pwc: recv_control_msg error -71 req 02 val 2000
[  442.189186][ T1189] usb 3-1: Product: syz
[  442.203261][   T25] pwc: recv_control_msg error -71 req 02 val 2100
[  442.215978][ T1189] usb 3-1: Manufacturer: syz
[  442.221811][ T5272] usb 5-1: Using ep0 maxpacket: 32
[  442.237019][   T25] pwc: recv_control_msg error -71 req 04 val 1500
[  442.241210][ T1189] usb 3-1: SerialNumber: syz
[  442.255731][ T5272] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  442.263521][   T25] pwc: recv_control_msg error -71 req 02 val 2500
[  442.278118][ T5272] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  442.292726][   T25] pwc: recv_control_msg error -71 req 02 val 2400
[  442.295487][ T1189] usb 3-1: config 0 descriptor??
[  442.326547][   T25] pwc: recv_control_msg error -71 req 02 val 2600
[  442.346186][   T25] pwc: recv_control_msg error -71 req 02 val 2900
[  442.351822][ T5272] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  442.370689][ T5272] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  442.379595][   T25] pwc: recv_control_msg error -71 req 02 val 2800
[  442.383010][ T5272] usb 5-1: Product: syz
[  442.390406][ T5272] usb 5-1: Manufacturer: syz
[  442.395828][ T5272] usb 5-1: SerialNumber: syz
[  442.417994][ T5272] usb 5-1: config 0 descriptor??
[  442.670085][ T5272] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  442.993497][ T1189] adutux 3-1:0.0: Could not retrieve serial number
[  443.022864][   T25] pwc: recv_control_msg error -71 req 04 val 1100
[  443.040508][ T5272] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  443.048593][   T25] pwc: recv_control_msg error -71 req 04 val 1200
[  443.064586][ T1189] adutux 3-1:0.0: probe with driver adutux failed with error -5
[  443.072229][   T25] pwc: Registered as video71.
[  443.073928][   T25] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input11
[  443.219913][   T25] usb 1-1: USB disconnect, device number 11
[  443.689612][ T5225] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  444.971656][ T9429] nvme_fabrics: missing parameter 'transport=%s'
[  444.995100][ T9429] nvme_fabrics: missing parameter 'nqn=%s'
[  445.197758][ T9523] tmpfs: Bad value for 'nr_inodes'
[  445.238199][ T9365] usb 3-1: USB disconnect, device number 9
[  445.293480][   T25] usb 5-1: USB disconnect, device number 15
[  445.311615][   T25] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  445.382997][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.839169][ T7749] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  445.857241][ T9573] FAULT_INJECTION: forcing a failure.
[  445.857241][ T9573] name failslab, interval 1, probability 0, space 0, times 0
[  445.872854][ T9573] CPU: 1 UID: 0 PID: 9573 Comm: syz.2.1040 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  445.883646][ T9573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  445.893716][ T9573] Call Trace:
[  445.897007][ T9573]  <TASK>
[  445.899961][ T9573]  dump_stack_lvl+0x241/0x360
[  445.904663][ T9573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  445.909880][ T9573]  ? __pfx__printk+0x10/0x10
[  445.914482][ T9573]  ? fs_reclaim_acquire+0x93/0x140
[  445.919589][ T9573]  ? __pfx___might_resched+0x10/0x10
[  445.924900][ T9573]  ? dynamic_dname+0x141/0x1b0
[  445.929662][ T9573]  should_fail_ex+0x3b0/0x4e0
[  445.934331][ T9573]  ? tomoyo_encode+0x26f/0x540
[  445.939089][ T9573]  should_failslab+0xac/0x100
[  445.943758][ T9573]  ? tomoyo_encode+0x26f/0x540
[  445.948512][ T9573]  __kmalloc_noprof+0xd8/0x400
[  445.953360][ T9573]  tomoyo_encode+0x26f/0x540
[  445.957949][ T9573]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  445.963488][ T9573]  tomoyo_realpath_from_path+0x59e/0x5e0
[  445.969126][ T9573]  tomoyo_path_number_perm+0x23a/0x880
[  445.974576][ T9573]  ? tomoyo_path_number_perm+0x208/0x880
[  445.980203][ T9573]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  445.986175][ T9573]  ? vfs_write+0x7c4/0xc90
[  445.990602][ T9573]  ? __pfx___seccomp_filter+0x10/0x10
[  445.996018][ T9573]  security_file_ioctl+0x75/0xb0
[  446.000965][ T9573]  __se_sys_ioctl+0x47/0x170
[  446.005558][ T9573]  do_syscall_64+0xf3/0x230
[  446.010058][ T9573]  ? clear_bhb_loop+0x35/0x90
[  446.014744][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.020634][ T9573] RIP: 0033:0x7f11e337cef9
[  446.025042][ T9573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.044638][ T9573] RSP: 002b:00007f11e41ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  446.053044][ T9573] RAX: ffffffffffffffda RBX: 00007f11e3535f80 RCX: 00007f11e337cef9
[  446.061005][ T9573] RDX: 0000000000000000 RSI: 0000000040082104 RDI: 0000000000000003
[  446.068988][ T9573] RBP: 00007f11e41ab090 R08: 0000000000000000 R09: 0000000000000000
[  446.076983][ T9573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.084954][ T9573] R13: 0000000000000000 R14: 00007f11e3535f80 R15: 00007ffe8ea5f7b8
[  446.092941][ T9573]  </TASK>
[  446.097540][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  446.119717][ T9573] ERROR: Out of memory at tomoyo_realpath_from_path.
[  446.219278][ T7749] usb 5-1: Using ep0 maxpacket: 16
[  446.228569][ T7749] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=77.71
[  446.249576][ T7749] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.427943][ T7749] usb 5-1: Product: syz
[  446.435143][ T7749] usb 5-1: Manufacturer: syz
[  446.440588][ T7749] usb 5-1: SerialNumber: syz
[  446.454001][ T9583] fuse: Unknown parameter '0xffffffffffffffff'
[  446.807387][ T7749] usb 5-1: config 0 descriptor??
[  446.825334][ T7749] as10x_usb: device has been detected
[  446.831467][ T7749] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  446.973030][ T7749] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  447.129710][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.190852][ T7749] as10x_usb: error during firmware upload part1
[  447.204393][ T7749] Registered device PCTV Systems picoStick (74e)
[  447.246815][ T7749] usb 5-1: USB disconnect, device number 16
[  447.292444][ T5278] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  447.346723][ T9614] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1048'.
[  447.362917][ T7749] Unregistered device PCTV Systems picoStick (74e)
[  447.365218][ T9595] netlink: 'syz.1.1046': attribute type 11 has an invalid length.
[  447.382087][ T7749] as10x_usb: device has been disconnected
[  447.466113][ T9617] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1049'.
[  447.494091][ T9617] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1049'.
[  447.510872][ T9627] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1048'.
[  447.550682][ T5278] usb 4-1: Using ep0 maxpacket: 32
[  447.560291][ T5278] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  447.568886][ T5278] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  447.601801][ T5278] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  447.615230][ T5278] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  447.624938][ T5278] usb 4-1: Product: syz
[  447.648186][ T5278] usb 4-1: Manufacturer: syz
[  447.653479][ T5278] usb 4-1: SerialNumber: syz
[  447.694613][ T5278] usb 4-1: config 0 descriptor??
[  447.723404][ T5278] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  447.773720][ T5278] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  453.529352][ T9646] ldusb 4-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  454.145927][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.154365][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.163434][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.173952][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.184654][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.210247][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.239442][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.204843][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.223517][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.283507][ T9365] usb 4-1: USB disconnect, device number 8
[  455.360182][ T9365] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  456.674000][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.687137][ T9659] FAULT_INJECTION: forcing a failure.
[  456.687137][ T9659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.759079][ T9659] CPU: 1 UID: 0 PID: 9659 Comm: syz.4.1055 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  456.769810][ T9659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  456.779882][ T9659] Call Trace:
[  456.783171][ T9659]  <TASK>
[  456.786111][ T9659]  dump_stack_lvl+0x241/0x360
[  456.790813][ T9659]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.796033][ T9659]  ? __pfx__printk+0x10/0x10
[  456.800636][ T9659]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  456.806897][ T9659]  ? __pfx_lock_release+0x10/0x10
[  456.811933][ T9659]  ? ktime_get_ts64+0xa8/0x2b0
[  456.816695][ T9659]  should_fail_ex+0x3b0/0x4e0
[  456.821369][ T9659]  _copy_from_user+0x2f/0xe0
[  456.825954][ T9659]  copy_msghdr_from_user+0xae/0x680
[  456.831149][ T9659]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  456.836940][ T9659]  ? set_normalized_timespec64+0x160/0x1e0
[  456.842746][ T9659]  ? __might_fault+0xaa/0x120
[  456.847418][ T9659]  do_recvmmsg+0x40f/0xae0
[  456.851918][ T9659]  ? mark_lock+0x9a/0x350
[  456.856252][ T9659]  ? __pfx_do_recvmmsg+0x10/0x10
[  456.861203][ T9659]  ? __pfx___might_resched+0x10/0x10
[  456.866480][ T9659]  ? __might_fault+0xaa/0x120
[  456.871148][ T9659]  ? __pfx_lock_release+0x10/0x10
[  456.876162][ T9659]  ? vfs_write+0x7c4/0xc90
[  456.880586][ T9659]  ? get_timespec64+0x19c/0x280
[  456.885451][ T9659]  __x64_sys_recvmmsg+0x1b8/0x250
[  456.890475][ T9659]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  456.896013][ T9659]  ? do_syscall_64+0x100/0x230
[  456.900768][ T9659]  ? do_syscall_64+0xb6/0x230
[  456.905448][ T9659]  do_syscall_64+0xf3/0x230
[  456.909943][ T9659]  ? clear_bhb_loop+0x35/0x90
[  456.914613][ T9659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.920497][ T9659] RIP: 0033:0x7fab3777cef9
[  456.924900][ T9659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.944493][ T9659] RSP: 002b:00007fab3852a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  456.952904][ T9659] RAX: ffffffffffffffda RBX: 00007fab37935f80 RCX: 00007fab3777cef9
[  456.960867][ T9659] RDX: 00000000000006f5 RSI: 0000000020000440 RDI: 0000000000000003
[  456.968826][ T9659] RBP: 00007fab3852a090 R08: 0000000020000480 R09: 0000000000000000
[  456.976785][ T9659] R10: 0000002000000022 R11: 0000000000000246 R12: 0000000000000001
[  456.984743][ T9659] R13: 0000000000000000 R14: 00007fab37935f80 R15: 00007ffe797c2dc8
[  456.992716][ T9659]  </TASK>
[  457.448618][ T9681] fuse: Unknown parameter '0xffffffffffffffff'
[  457.778864][ T9683] xt_CT: You must specify a L4 protocol and not use inversions on it
[  457.841771][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  457.850770][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  457.860497][ T5229] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  457.874224][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  457.885010][ T5229] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  457.889063][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  457.902235][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  457.902501][ T5229] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  457.918253][ T5229] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  457.926175][ T5229] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  457.926985][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  457.941802][ T5229] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  458.079409][ T9684] vcan0 speed is unknown, defaulting to 1000
[  458.467989][ T9689] vcan0 speed is unknown, defaulting to 1000
[  458.683913][ T1103] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.938017][ T9693] rdma_rxe: rxe_newlink: failed to add vcan0
[  459.049983][ T9742] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  459.075079][ T9742] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  459.268561][ T1103] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.487534][ T1103] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.610431][    C0] net_ratelimit: 3 callbacks suppressed
[  459.610451][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.881664][ T1103] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.010328][ T5239] Bluetooth: hci5: command tx timeout
[  460.010354][ T5229] Bluetooth: hci3: command tx timeout
[  460.257576][ T9910] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  460.396278][ T9684] chnl_net:caif_netlink_parms(): no params data found
[  460.573519][ T1103] bridge_slave_1: left allmulticast mode
[  460.590251][ T1103] bridge_slave_1: left promiscuous mode
[  460.617414][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.648879][ T1103] bridge_slave_0: left allmulticast mode
[  460.654866][ T1103] bridge_slave_0: left promiscuous mode
[  460.664164][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.093671][ T5225] Bluetooth: hci5: command tx timeout
[  462.099240][ T5229] Bluetooth: hci3: command tx timeout
[  462.701812][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  462.726070][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  462.797844][ T1103] bond0 (unregistering): Released all slaves
[  463.109050][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.163187][ T9689] chnl_net:caif_netlink_parms(): no params data found
[  463.709785][ T9684] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.732057][ T9684] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.745948][ T9684] bridge_slave_0: entered allmulticast mode
[  463.757304][ T9684] bridge_slave_0: entered promiscuous mode
[  463.826751][ T9684] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.840017][ T9684] bridge0: port 2(bridge_slave_1) entered disabled state
[  463.847267][ T9684] bridge_slave_1: entered allmulticast mode
[  463.858825][ T9684] bridge_slave_1: entered promiscuous mode
[  463.893286][  T940] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  464.081763][ T9684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  464.089723][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  464.142574][ T9684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  464.159478][ T9689] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.169409][ T5229] Bluetooth: hci3: command tx timeout
[  464.174855][ T5229] Bluetooth: hci5: command 0x040f tx timeout
[  464.185888][ T9689] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.194936][  T940] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  464.212353][  T940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  464.213774][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  464.224353][  T940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  464.241635][ T9689] bridge_slave_0: entered allmulticast mode
[  464.241983][  T940] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  464.261021][  T940] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  464.270373][  T940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.365326][  T940] usb 5-1: config 0 descriptor??
[  464.396736][ T9689] bridge_slave_0: entered promiscuous mode
[  464.423906][ T9689] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.440441][ T9689] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.449078][ T9689] bridge_slave_1: entered allmulticast mode
[  464.455948][ T9689] bridge_slave_1: entered promiscuous mode
[  464.643539][ T1103] hsr_slave_0: left promiscuous mode
[  464.693376][ T1103] hsr_slave_1: left promiscuous mode
[  464.710017][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  464.725028][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0
[  464.736503][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  464.744745][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1
[  464.810731][ T1103] veth1_macvtap: left promiscuous mode
[  464.816451][ T1103] veth0_macvtap: left promiscuous mode
[  464.824736][ T1103] veth1_vlan: left promiscuous mode
[  464.833990][ T1103] veth0_vlan: left promiscuous mode
[  464.845695][  T940] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  464.915875][  T940] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  465.304910][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.572036][T10205] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  465.897964][ T1103] team0 (unregistering): Port device team_slave_1 removed
[  465.929805][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.978946][ T1103] team0 (unregistering): Port device team_slave_0 removed
[  466.067510][T10209] capability: warning: `syz.0.1082' uses deprecated v2 capabilities in a way that may be insecure
[  466.250219][ T5229] Bluetooth: hci5: command 0x040f tx timeout
[  466.250588][ T5225] Bluetooth: hci3: command tx timeout
[  466.340610][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  466.574142][ T9684] team0: Port device team_slave_0 added
[  466.599693][ T9689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.622710][ T9689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.670060][ T9684] team0: Port device team_slave_1 added
[  466.827186][ T9689] team0: Port device team_slave_0 added
[  466.864505][ T9689] team0: Port device team_slave_1 added
[  466.966723][ T9684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.998655][ T9684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.088816][ T9684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  467.300155][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  467.340341][ T9684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  467.347286][ T9684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.405092][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  467.435992][ T9684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  467.502382][  T940] usb 5-1: USB disconnect, device number 17
[  467.528240][ T9689] batman_adv: batadv0: Adding interface: batadv_slave_0
[  467.571212][ T9689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.692952][ T9689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.131270][ T9689] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.148450][ T9689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.205663][ T9689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.331161][ T5239] Bluetooth: hci5: command 0x040f tx timeout
[  468.383895][ T9684] hsr_slave_0: entered promiscuous mode
[  468.447434][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.449550][ T9684] hsr_slave_1: entered promiscuous mode
[  468.729959][ T9684] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  468.739751][ T9684] Cannot create hsr debugfs directory
[  469.129864][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.415526][ T5239] Bluetooth: hci5: command 0x040f tx timeout
[  470.901273][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.924774][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.933211][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  471.014740][T10356] vcan0 speed is unknown, defaulting to 1000
[  471.130598][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  471.324105][ T9689] hsr_slave_0: entered promiscuous mode
[  471.366258][ T9689] hsr_slave_1: entered promiscuous mode
[  471.389453][ T9689] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  471.397048][ T9689] Cannot create hsr debugfs directory
[  471.688721][ T1103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.458718][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  472.575107][ T1103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.742965][ T1103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.836253][ T1103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.112633][T10583] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  473.530177][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  473.575648][ T1103] bridge_slave_1: left allmulticast mode
[  473.581501][ T1103] bridge_slave_1: left promiscuous mode
[  473.587413][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.608196][ T1103] bridge_slave_0: left allmulticast mode
[  473.614378][ T1103] bridge_slave_0: left promiscuous mode
[  473.620907][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.933097][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.082787][T10651] netlink: 'syz.2.1095': attribute type 1 has an invalid length.
[  474.286745][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  474.298094][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  474.313346][ T1103] bond0 (unregistering): Released all slaves
[  474.376162][T10646] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1095'.
[  474.579684][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.911523][ T9684] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  474.937710][ T9684] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  475.181351][ T9684] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  475.536969][ T9684] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  475.625246][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.266519][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.336447][ T5272] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.526301][ T1103] hsr_slave_0: left promiscuous mode
[  477.567617][ T1103] hsr_slave_1: left promiscuous mode
[  477.587352][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  477.614849][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0
[  477.835357][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.857617][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.896616][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.927945][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.949386][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.971743][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.001200][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.031306][T10725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.224567][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  478.268723][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1
[  478.456265][ T1103] veth1_macvtap: left promiscuous mode
[  478.507470][ T1103] veth0_macvtap: left promiscuous mode
[  478.550968][ T1103] veth1_vlan: left promiscuous mode
[  478.684000][ T1103] veth0_vlan: left promiscuous mode
[  479.138872][T10742] fuse: Bad value for 'fd'
[  479.317439][T10748] ax25_connect(): syz.2.1105 uses autobind, please contact jreuter@yaina.de
[  480.394604][ T9365] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  480.632585][ T9365] usb 3-1: config 0 has an invalid interface number: 166 but max is 1
[  480.655962][ T9365] usb 3-1: config 0 has no interface number 1
[  480.683474][ T9365] usb 3-1: config 0 interface 166 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  480.708126][ T9365] usb 3-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[  480.726229][ T1103] team0 (unregistering): Port device team_slave_1 removed
[  480.727082][ T9365] usb 3-1: New USB device found, idVendor=093a, idProduct=2468, bcdDevice=e4.25
[  480.761081][ T9365] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.769191][ T9365] usb 3-1: Product: syz
[  480.773371][ T9365] usb 3-1: Manufacturer: syz
[  480.778029][ T9365] usb 3-1: SerialNumber: syz
[  480.795383][ T9365] usb 3-1: config 0 descriptor??
[  480.817031][ T1103] team0 (unregistering): Port device team_slave_0 removed
[  480.833884][ T9365] gspca_main: pac207-2.14.0 probing 093a:2468
[  480.940786][ T9365] gspca_pac207: Failed to read a register (index 0x0000, error -110)
[  481.420525][ T5296] usb 3-1: USB disconnect, device number 10
[  481.572443][T10785] syz1: rxe_newlink: already configured on vcan0
[  481.817728][ T9684] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.898490][ T9684] 8021q: adding VLAN 0 to HW filter on device team0
[  481.928638][ T9689] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  481.964294][ T9689] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  481.995597][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.002724][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.082958][ T9689] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  482.143518][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.150777][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  482.193185][ T9689] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  482.555707][ T9684] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  482.646245][ T9684] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  482.673782][  T940] net_ratelimit: 1252 callbacks suppressed
[  482.673802][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.912534][ T9689] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.019432][ T9689] 8021q: adding VLAN 0 to HW filter on device team0
[  483.048494][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.055657][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.064432][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  483.087219][T10839] FAULT_INJECTION: forcing a failure.
[  483.087219][T10839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  483.091308][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.107414][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.127930][T10839] CPU: 0 UID: 0 PID: 10839 Comm: syz.4.1115 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  483.138735][T10839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  483.148807][T10839] Call Trace:
[  483.152100][T10839]  <TASK>
[  483.155043][T10839]  dump_stack_lvl+0x241/0x360
[  483.159745][T10839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  483.164960][T10839]  ? __pfx__printk+0x10/0x10
[  483.169565][T10839]  ? __pfx_lock_release+0x10/0x10
[  483.174617][T10839]  should_fail_ex+0x3b0/0x4e0
[  483.179321][T10839]  _copy_from_user+0x2f/0xe0
[  483.183936][T10839]  copy_msghdr_from_user+0xae/0x680
[  483.189155][T10839]  ? __pfx___might_resched+0x10/0x10
[  483.194467][T10839]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  483.200301][T10839]  ? __might_fault+0xaa/0x120
[  483.205001][T10839]  __sys_sendmmsg+0x374/0x740
[  483.209709][T10839]  ? __pfx___sys_sendmmsg+0x10/0x10
[  483.212688][ T9689] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  483.214937][T10839]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  483.225397][ T9689] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  483.231092][T10839]  ? ksys_write+0x23e/0x2c0
[  483.231120][T10839]  ? __pfx_lock_release+0x10/0x10
[  483.231150][T10839]  ? vfs_write+0x7c4/0xc90
[  483.231177][T10839]  ? __mutex_unlock_slowpath+0x21d/0x750
[  483.231197][T10839]  ? __pfx_vfs_write+0x10/0x10
[  483.231244][T10839]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  483.231271][T10839]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  483.231296][T10839]  ? do_syscall_64+0x100/0x230
[  483.231321][T10839]  __x64_sys_sendmmsg+0xa0/0xb0
[  483.231346][T10839]  do_syscall_64+0xf3/0x230
[  483.231365][T10839]  ? clear_bhb_loop+0x35/0x90
[  483.231390][T10839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.231411][T10839] RIP: 0033:0x7fab3777cef9
[  483.231429][T10839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.231446][T10839] RSP: 002b:00007fab3852a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  483.231468][T10839] RAX: ffffffffffffffda RBX: 00007fab37935f80 RCX: 00007fab3777cef9
[  483.231483][T10839] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  483.231496][T10839] RBP: 00007fab3852a090 R08: 0000000000000000 R09: 0000000000000000
[  483.231509][T10839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  483.231522][T10839] R13: 0000000000000000 R14: 00007fab37935f80 R15: 00007ffe797c2dc8
[  483.231551][T10839]  </TASK>
[  483.385017][   T46] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  483.457187][ T9684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  483.592785][ T9684] veth0_vlan: entered promiscuous mode
[  483.609101][   T46] usb 1-1: Using ep0 maxpacket: 32
[  483.619882][   T46] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  483.628194][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  483.630029][ T9684] veth1_vlan: entered promiscuous mode
[  483.661763][   T46] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  483.671418][   T46] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  483.689098][   T46] usb 1-1: Product: syz
[  483.693296][   T46] usb 1-1: Manufacturer: syz
[  483.710914][   T46] usb 1-1: SerialNumber: syz
[  483.732648][   T46] usb 1-1: config 0 descriptor??
[  483.743084][   T46] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  483.751348][ T9684] veth0_macvtap: entered promiscuous mode
[  483.772108][   T46] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  483.822290][ T9684] veth1_macvtap: entered promiscuous mode
[  483.900215][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  483.925031][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.951675][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  483.985334][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  484.003437][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  484.014818][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  484.046874][ T9684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  484.099819][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  484.221573][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.098769][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.111258][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.131358][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.146804][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.462093][ T9684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.489354][ T9684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.691415][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.021297][T10881] ldusb 1-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  490.478741][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.489363][ T5296] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.497473][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.514736][ T9684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.611535][ T9689] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.676172][T10891] fuse: Bad value for 'fd'
[  490.680928][ T7411] usb 1-1: USB disconnect, device number 12
[  490.702321][ T9684] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.732495][ T9684] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.740702][ T7411] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  490.776179][ T9684] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.805379][ T9684] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.863936][T10904] rdma_rxe: rxe_newlink: failed to add vcan0
[  490.984644][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.113595][ T9689] veth0_vlan: entered promiscuous mode
[  491.168558][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.180706][ T9689] veth1_vlan: entered promiscuous mode
[  491.213387][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.230610][T10913] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  491.530736][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.793909][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.829083][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.868432][ T9689] veth0_macvtap: entered promiscuous mode
[  491.944504][ T9689] veth1_macvtap: entered promiscuous mode
[  492.025570][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.099194][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.131475][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.189031][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.219102][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.253951][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.314604][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.336006][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.450107][ T9689] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.499156][ T9365] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  492.569393][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.580391][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.595444][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.990062][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  493.033746][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  493.132257][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.142365][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  493.153659][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.164603][ T9689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  493.175537][ T9689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.187626][ T9689] batman_adv: batadv0: Interface activated: batadv_slave_1
[  493.293811][ T9689] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  493.307574][ T9365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  493.328760][ T9689] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  493.343468][ T9365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  493.359156][T10963] xt_CT: You must specify a L4 protocol and not use inversions on it
[  493.375872][ T9689] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  493.390718][ T9365] usb 5-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00
[  493.407747][ T9689] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  493.417013][ T9365] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.453336][ T9365] usb 5-1: config 0 descriptor??
[  493.649941][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  493.676244][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.793841][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  493.847136][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.868080][ T9365] appletouch 5-1:0.0: Failed to request geyser raw mode
[  493.902214][ T9365] appletouch 5-1:0.0: probe with driver appletouch failed with error -5
[  494.094559][ T9365] usb 5-1: USB disconnect, device number 18
[  494.391649][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.317143][T11026] vhci_hcd: invalid port number 254
[  495.452173][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.455104][T11026] vhci_hcd: default hub control req: 1f15 v0301 i00fe l0
[  495.473396][T11032] fuse: Bad value for 'fd'
[  496.348026][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.377896][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.508156][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.439113][ T7411] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  497.566616][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.789662][T11059] FAULT_INJECTION: forcing a failure.
[  497.789662][T11059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  497.829306][T11059] CPU: 1 UID: 0 PID: 11059 Comm: syz.3.1136 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  497.840107][T11059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  497.850171][T11059] Call Trace:
[  497.853632][T11059]  <TASK>
[  497.856555][T11059]  dump_stack_lvl+0x241/0x360
[  497.861237][T11059]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.866427][T11059]  ? __pfx__printk+0x10/0x10
[  497.871015][T11059]  ? snprintf+0xda/0x120
[  497.875253][T11059]  should_fail_ex+0x3b0/0x4e0
[  497.880034][T11059]  _copy_to_user+0x2f/0xb0
[  497.884547][T11059]  simple_read_from_buffer+0xca/0x150
[  497.889947][T11059]  proc_fail_nth_read+0x1ec/0x260
[  497.894969][T11059]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  497.900512][T11059]  ? rw_verify_area+0x520/0x6b0
[  497.905355][T11059]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  497.910901][T11059]  vfs_read+0x204/0xbc0
[  497.915050][T11059]  ? __pfx_lock_release+0x10/0x10
[  497.920074][T11059]  ? __pfx_vfs_read+0x10/0x10
[  497.924745][T11059]  ? __fget_files+0x29/0x470
[  497.929324][T11059]  ? __fget_files+0x3f6/0x470
[  497.933999][T11059]  ksys_read+0x1a0/0x2c0
[  497.938239][T11059]  ? __pfx_ksys_read+0x10/0x10
[  497.942997][T11059]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  497.949318][T11059]  ? __irq_exit_rcu+0x100/0x1c0
[  497.954164][T11059]  ? do_syscall_64+0xb6/0x230
[  497.958831][T11059]  do_syscall_64+0xf3/0x230
[  497.963324][T11059]  ? clear_bhb_loop+0x35/0x90
[  497.967998][T11059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.973883][T11059] RIP: 0033:0x7f3f0cb7b93c
[  497.978290][T11059] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  497.998062][T11059] RSP: 002b:00007f3f0c5ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  498.006476][T11059] RAX: ffffffffffffffda RBX: 00007f3f0cd35f80 RCX: 00007f3f0cb7b93c
[  498.014438][T11059] RDX: 000000000000000f RSI: 00007f3f0c5ff0a0 RDI: 0000000000000003
[  498.022426][T11059] RBP: 00007f3f0c5ff090 R08: 0000000000000000 R09: 0000000000000000
[  498.030405][T11059] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001
[  498.038381][T11059] R13: 0000000000000000 R14: 00007f3f0cd35f80 R15: 00007ffd8ac441c8
[  498.046451][T11059]  </TASK>
[  498.092659][ T7411] usb 3-1: New USB device found, idVendor=057b, idProduct=0000, bcdDevice= 0.00
[  498.181880][ T7411] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.209483][ T5296] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  498.245619][ T7411] usb-storage 3-1:32.0: USB Mass Storage device detected
[  498.305717][ T7411] usb-storage 3-1:32.0: Quirks match for vid 057b pid 0000: 1
[  498.421083][ T5296] usb 2-1: Using ep0 maxpacket: 32
[  498.443839][ T5296] usb 2-1: unable to get BOS descriptor or descriptor too short
[  498.464202][ T5296] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  498.477494][ T5296] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  498.530099][ T5296] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  498.553489][ T7411] usb 3-1: USB disconnect, device number 12
[  498.619039][ T5296] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  498.640168][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.669106][ T5296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.699083][ T5296] usb 2-1: Product: syz
[  498.712400][ T5296] usb 2-1: Manufacturer: syz
[  498.734376][ T5296] usb 2-1: SerialNumber: syz
[  498.995217][T11116] FAULT_INJECTION: forcing a failure.
[  498.995217][T11116] name failslab, interval 1, probability 0, space 0, times 0
[  499.029188][T11116] CPU: 1 UID: 0 PID: 11116 Comm: syz.3.1143 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  499.039983][T11116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  499.050039][T11116] Call Trace:
[  499.053323][T11116]  <TASK>
[  499.056274][T11116]  dump_stack_lvl+0x241/0x360
[  499.060960][T11116]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.066154][T11116]  ? __pfx__printk+0x10/0x10
[  499.070733][T11116]  ? _copy_from_iter+0x26b/0x1960
[  499.075768][T11116]  should_fail_ex+0x3b0/0x4e0
[  499.080446][T11116]  ? build_skb+0x52/0x2a0
[  499.084787][T11116]  should_failslab+0xac/0x100
[  499.089457][T11116]  ? build_skb+0x52/0x2a0
[  499.093777][T11116]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  499.099146][T11116]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  499.105124][T11116]  build_skb+0x52/0x2a0
[  499.109271][T11116]  ? __tun_build_skb+0x25/0x2f0
[  499.114131][T11116]  __tun_build_skb+0x33/0x2f0
[  499.118806][T11116]  tun_get_user+0x20bb/0x4720
[  499.123473][T11116]  ? tun_get_user+0x871/0x4720
[  499.128236][T11116]  ? __lock_acquire+0x137a/0x2040
[  499.133273][T11116]  ? __pfx_tun_get_user+0x10/0x10
[  499.138327][T11116]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  499.143804][T11116]  ? tun_get+0x1e/0x2f0
[  499.147953][T11116]  ? __pfx_lock_release+0x10/0x10
[  499.153017][T11116]  ? tun_get+0x1e/0x2f0
[  499.157174][T11116]  ? tun_get+0x27d/0x2f0
[  499.161426][T11116]  tun_chr_write_iter+0x113/0x1f0
[  499.166469][T11116]  vfs_write+0xa72/0xc90
[  499.170706][T11116]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  499.176285][T11116]  ? __pfx_vfs_write+0x10/0x10
[  499.181083][T11116]  ksys_write+0x1a0/0x2c0
[  499.185429][T11116]  ? __pfx_ksys_write+0x10/0x10
[  499.190287][T11116]  ? do_syscall_64+0x100/0x230
[  499.195048][T11116]  ? do_syscall_64+0xb6/0x230
[  499.199734][T11116]  do_syscall_64+0xf3/0x230
[  499.204268][T11116]  ? clear_bhb_loop+0x35/0x90
[  499.208971][T11116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.214874][T11116] RIP: 0033:0x7f3f0cb7b9df
[  499.219300][T11116] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  499.238919][T11116] RSP: 002b:00007f3f0c5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  499.247480][T11116] RAX: ffffffffffffffda RBX: 00007f3f0cd35f80 RCX: 00007f3f0cb7b9df
[  499.255468][T11116] RDX: 00000000000000ae RSI: 0000000020000280 RDI: 00000000000000c8
[  499.263449][T11116] RBP: 00007f3f0c5ff090 R08: 0000000000000000 R09: 0000000000000000
[  499.271422][T11116] R10: 00000000000000ae R11: 0000000000000293 R12: 0000000000000001
[  499.279443][T11116] R13: 0000000000000001 R14: 00007f3f0cd35f80 R15: 00007ffd8ac441c8
[  499.287442][T11116]  </TASK>
[  499.327053][T11048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.377769][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  499.393060][T11048] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.642154][T11131] fuse: Bad value for 'fd'
[  499.700307][ T5278] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.570254][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.878419][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.957187][ T5296] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  501.004134][ T5296] cdc_ncm 2-1:1.0: bind() failure
[  501.076572][ T5296] usb 2-1: USB disconnect, device number 11
[  501.187182][ T5239] Bluetooth: hci3: unexpected cc 0x0c14 length: 60 < 249
[  501.323617][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1156'.
[  501.347559][T11160] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  501.375644][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1156'.
[  501.597162][T11187] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[  501.806995][T11197] netlink: 'syz.4.1158': attribute type 2 has an invalid length.
[  501.817033][T11197] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1158'.
[  501.863400][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[  502.036553][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  502.089511][ T5296] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  502.978169][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  503.055932][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  503.207233][ T5296] usb 1-1: Using ep0 maxpacket: 16
[  503.381137][ T5296] usb 1-1: config 4 has an invalid interface number: 205 but max is 0
[  503.567211][ T5296] usb 1-1: config 4 has no interface number 0
[  503.970642][ T5296] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=64.01
[  503.988279][ T5296] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.996882][ T5296] usb 1-1: Product: syz
[  504.001133][ T5296] usb 1-1: Manufacturer: syz
[  504.005742][ T5296] usb 1-1: SerialNumber: syz
[  504.090793][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  504.309707][T11229] fuse: Bad value for 'fd'
[  504.320173][ T5296] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:4.205/input/input13
[  504.440854][ T5296] usb 1-1: USB disconnect, device number 13
[  504.809114][ T7749] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  504.979145][ T7749] usb 3-1: device descriptor read/64, error -71
[  505.006742][T11273] ieee802154 phy1 wpan1: encryption failed: -22
[  505.099838][T11275] FAULT_INJECTION: forcing a failure.
[  505.099838][T11275] name failslab, interval 1, probability 0, space 0, times 0
[  505.146761][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  505.164025][T11275] CPU: 0 UID: 0 PID: 11275 Comm: syz.0.1171 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  505.174836][T11275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  505.184908][T11275] Call Trace:
[  505.188204][T11275]  <TASK>
[  505.191156][T11275]  dump_stack_lvl+0x241/0x360
[  505.195851][T11275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  505.201045][T11275]  ? __pfx__printk+0x10/0x10
[  505.205637][T11275]  ? __kmalloc_node_noprof+0xb7/0x440
[  505.211012][T11275]  ? __pfx___might_resched+0x10/0x10
[  505.216292][T11275]  ? vsnprintf+0x1ccd/0x1da0
[  505.220884][T11275]  should_fail_ex+0x3b0/0x4e0
[  505.225563][T11275]  should_failslab+0xac/0x100
[  505.230242][T11275]  __kmalloc_node_noprof+0xdf/0x440
[  505.235439][T11275]  ? __kvmalloc_node_noprof+0x72/0x190
[  505.240908][T11275]  ? __pfx_macsec_setup+0x10/0x10
[  505.245931][T11275]  __kvmalloc_node_noprof+0x72/0x190
[  505.251210][T11275]  alloc_netdev_mqs+0x9b/0x1000
[  505.256056][T11275]  ? __pfx_macsec_setup+0x10/0x10
[  505.261074][T11275]  ? bpf_lsm_capable+0x9/0x10
[  505.265739][T11275]  ? security_capable+0x90/0xb0
[  505.270586][T11275]  rtnl_create_link+0x2f9/0xc20
[  505.275439][T11275]  rtnl_newlink+0x1423/0x20a0
[  505.280118][T11275]  ? rtnl_newlink+0xb11/0x20a0
[  505.284904][T11275]  ? __pfx_rtnl_newlink+0x10/0x10
[  505.289923][T11275]  ? __pfx___mutex_trylock_common+0x10/0x10
[  505.295828][T11275]  ? rcu_is_watching+0x15/0xb0
[  505.300587][T11275]  ? trace_contention_end+0x3c/0x120
[  505.305860][T11275]  ? __mutex_lock+0x2ef/0xd70
[  505.310533][T11275]  ? __pfx_lock_release+0x10/0x10
[  505.315562][T11275]  ? __pfx_rtnl_newlink+0x10/0x10
[  505.320580][T11275]  rtnetlink_rcv_msg+0x73f/0xcf0
[  505.325506][T11275]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  505.330611][T11275]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  505.336061][T11275]  ? ref_tracker_free+0x643/0x7e0
[  505.341083][T11275]  netlink_rcv_skb+0x1e3/0x430
[  505.345842][T11275]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  505.351301][T11275]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  505.356941][T11275]  ? netlink_deliver_tap+0x2e/0x1b0
[  505.362131][T11275]  netlink_unicast+0x7f6/0x990
[  505.366896][T11275]  ? __pfx_netlink_unicast+0x10/0x10
[  505.372173][T11275]  ? __virt_addr_valid+0x183/0x530
[  505.377275][T11275]  ? __check_object_size+0x49c/0x900
[  505.382556][T11275]  ? bpf_lsm_netlink_send+0x9/0x10
[  505.387667][T11275]  netlink_sendmsg+0x8e4/0xcb0
[  505.392432][T11275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  505.397710][T11275]  ? __import_iovec+0x536/0x820
[  505.402555][T11275]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  505.407836][T11275]  ? security_socket_sendmsg+0x87/0xb0
[  505.413300][T11275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  505.418573][T11275]  __sock_sendmsg+0x221/0x270
[  505.423243][T11275]  ____sys_sendmsg+0x525/0x7d0
[  505.428008][T11275]  ? __pfx_____sys_sendmsg+0x10/0x10
[  505.433299][T11275]  __sys_sendmsg+0x2b0/0x3a0
[  505.437883][T11275]  ? __pfx___sys_sendmsg+0x10/0x10
[  505.442984][T11275]  ? vfs_write+0x7c4/0xc90
[  505.447426][T11275]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  505.453746][T11275]  ? do_syscall_64+0x100/0x230
[  505.458504][T11275]  ? do_syscall_64+0xb6/0x230
[  505.463174][T11275]  do_syscall_64+0xf3/0x230
[  505.467667][T11275]  ? clear_bhb_loop+0x35/0x90
[  505.472337][T11275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.478219][T11275] RIP: 0033:0x7f356917cef9
[  505.482625][T11275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.502221][T11275] RSP: 002b:00007f3569f82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  505.510629][T11275] RAX: ffffffffffffffda RBX: 00007f3569335f80 RCX: 00007f356917cef9
[  505.518590][T11275] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005
[  505.526550][T11275] RBP: 00007f3569f82090 R08: 0000000000000000 R09: 0000000000000000
[  505.534510][T11275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  505.542468][T11275] R13: 0000000000000000 R14: 00007f3569335f80 R15: 00007ffe44cac078
[  505.550442][T11275]  </TASK>
[  505.800253][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  505.849215][ T7749] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  506.043808][ T7749] usb 3-1: device descriptor read/64, error -71
[  506.175508][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  506.184486][ T7749] usb usb3-port1: attempt power cycle
[  506.245700][T11288] xt_hashlimit: size too large, truncated to 1048576
[  506.374887][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  506.609093][ T7749] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  506.661784][ T7749] usb 3-1: device descriptor read/8, error -71
[  506.949124][ T7749] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  506.995585][ T7411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  507.029808][ T7749] usb 3-1: device descriptor read/8, error -71
[  507.163368][ T7749] usb usb3-port1: unable to enumerate USB device
[  507.459823][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.649343][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.951395][T11331] qrtr: Invalid version 48
[  508.993331][T11329] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1184'.
[  509.002540][T11329] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1184'.
[  509.209372][ T7749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.699306][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  510.432123][ T7749] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  510.609133][ T7749] usb 2-1: device descriptor read/64, error -71
[  511.049086][ T7749] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  511.538260][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  511.631640][ T7749] usb 2-1: device descriptor read/64, error -71
[  511.767454][ T7749] usb usb2-port1: attempt power cycle
[  512.229209][ T7749] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  512.596338][ T7749] usb 2-1: device descriptor read/8, error -71
[  512.821451][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.882853][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  513.129319][T11407] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1193'.
[  513.319703][T11415] FAULT_INJECTION: forcing a failure.
[  513.319703][T11415] name failslab, interval 1, probability 0, space 0, times 0
[  513.332456][T11415] CPU: 1 UID: 0 PID: 11415 Comm: syz.1.1194 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
[  513.343229][T11415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  513.353361][T11415] Call Trace:
[  513.356628][T11415]  <TASK>
[  513.359552][T11415]  dump_stack_lvl+0x241/0x360
[  513.364226][T11415]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.369430][T11415]  ? __pfx__printk+0x10/0x10
[  513.374029][T11415]  ? ref_tracker_alloc+0x332/0x490
[  513.379141][T11415]  should_fail_ex+0x3b0/0x4e0
[  513.383810][T11415]  ? skb_clone+0x20c/0x390
[  513.388246][T11415]  should_failslab+0xac/0x100
[  513.392923][T11415]  ? skb_clone+0x20c/0x390
[  513.397330][T11415]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  513.402699][T11415]  skb_clone+0x20c/0x390
[  513.406935][T11415]  __netlink_deliver_tap+0x3cc/0x7c0
[  513.412246][T11415]  ? netlink_deliver_tap+0x2e/0x1b0
[  513.417530][T11415]  netlink_deliver_tap+0x19d/0x1b0
[  513.422632][T11415]  netlink_unicast+0x7c4/0x990
[  513.427397][T11415]  ? __pfx_netlink_unicast+0x10/0x10
[  513.432674][T11415]  ? __virt_addr_valid+0x183/0x530
[  513.437862][T11415]  ? __check_object_size+0x49c/0x900
[  513.443140][T11415]  ? bpf_lsm_netlink_send+0x9/0x10
[  513.448243][T11415]  netlink_sendmsg+0x8e4/0xcb0
[  513.453008][T11415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.458284][T11415]  ? __import_iovec+0x536/0x820
[  513.463128][T11415]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  513.468402][T11415]  ? security_socket_sendmsg+0x87/0xb0
[  513.473861][T11415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  513.479147][T11415]  __sock_sendmsg+0x221/0x270
[  513.483817][T11415]  ____sys_sendmsg+0x525/0x7d0
[  513.488578][T11415]  ? __pfx_____sys_sendmsg+0x10/0x10
[  513.493868][T11415]  __sys_sendmsg+0x2b0/0x3a0
[  513.498452][T11415]  ? __pfx___sys_sendmsg+0x10/0x10
[  513.503553][T11415]  ? vfs_write+0x7c4/0xc90
[  513.507996][T11415]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  513.514316][T11415]  ? do_syscall_64+0x100/0x230
[  513.519076][T11415]  ? do_syscall_64+0xb6/0x230
[  513.523742][T11415]  do_syscall_64+0xf3/0x230
[  513.528234][T11415]  ? clear_bhb_loop+0x35/0x90
[  513.532908][T11415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.538789][T11415] RIP: 0033:0x7fab9c77cef9
[  513.543192][T11415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.562783][T11415] RSP: 002b:00007fab9d4dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  513.571187][T11415] RAX: ffffffffffffffda RBX: 00007fab9c936130 RCX: 00007fab9c77cef9
[  513.579152][T11415] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  513.587113][T11415] RBP: 00007fab9d4dc090 R08: 0000000000000000 R09: 0000000000000000
[  513.595073][T11415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.603030][T11415] R13: 0000000000000000 R14: 00007fab9c936130 R15: 00007fff9c3e7bf8
[  513.611004][T11415]  </TASK>
[  513.615980][T11415] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.1194'.
[  513.626390][T11415] openvswitch: netlink: ct_state flags 00000300 unsupported
[  514.049208][ T5225] Bluetooth: hci5: command 0x040f tx timeout
[  514.169736][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.281473][T11413] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1193'.
[  514.679196][T11426] gfs2: path_lookup on c::: returned error -2
[  515.214741][ T9365] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.349116][ T7749] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  516.561799][T11430] Invalid option length (1047588) for dns_resolver key
[  573.529318][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  620.259003][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  620.265985][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11444/1:b..l
[  620.274408][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=48633, q=503 ncpus=2)
[  620.282119][    C0] task:cmp             state:R  running task     stack:23680 pid:11444 tgid:11444 ppid:11399  flags:0x00000000
[  620.294723][    C0] Call Trace:
[  620.297999][    C0]  <TASK>
[  620.300921][    C0]  __schedule+0x17ae/0x4a10
[  620.305528][    C0]  ? __pfx___schedule+0x10/0x10
[  620.310398][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  620.316395][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[  620.321670][    C0]  preempt_schedule_irq+0xfb/0x1c0
[  620.326767][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  620.332474][    C0]  ? mas_preallocate+0xfca/0x1730
[  620.337483][    C0]  ? __split_vma+0x2e5/0xc30
[  620.342083][    C0]  ? vma_modify+0x268/0x350
[  620.346576][    C0]  irqentry_exit+0x5e/0x90
[  620.350977][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  620.356939][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x35/0x90
[  620.363778][    C0] Code: 14 25 c0 d6 03 00 65 8b 05 10 46 70 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 5b 83 ba 1c 16 00 00 00 74 52 8b 82 f8 15 00 00 <83> f8 03 75 47 48 8b 8a 00 16 00 00 44 8b 8a fc 15 00 00 49 c1 e1
[  620.383377][    C0] RSP: 0018:ffffc9000ccf7698 EFLAGS: 00000246
[  620.389434][    C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88802b9b5a00
[  620.397419][    C0] RDX: ffff88802b9b5a00 RSI: 0000000000000001 RDI: 0000000000000000
[  620.405389][    C0] RBP: ffffc9000ccf7890 R08: ffffffff8ba6c005 R09: ffffffff8ba6bdd4
[  620.413367][    C0] R10: 0000000000000003 R11: ffff88802b9b5a00 R12: 0000000000000008
[  620.421330][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88802aa49340
[  620.429302][    C0]  ? mt_validate+0x15d4/0x4aa0
[  620.434057][    C0]  ? mt_validate+0x1805/0x4aa0
[  620.438815][    C0]  mt_validate+0x1805/0x4aa0
[  620.443407][    C0]  ? mt_validate+0x1a1/0x4aa0
[  620.448066][    C0]  ? __pfx_mt_validate+0x10/0x10
[  620.452991][    C0]  ? vma_complete+0x543/0xb60
[  620.457652][    C0]  ? __pfx_lock_release+0x10/0x10
[  620.462669][    C0]  ? mas_store_prealloc+0x2db/0x5f0
[  620.467865][    C0]  validate_mm+0xe7/0x530
[  620.472186][    C0]  ? __pfx_validate_mm+0x10/0x10
[  620.477127][    C0]  ? vma_complete+0xaef/0xb60
[  620.481796][    C0]  __split_vma+0xaca/0xc30
[  620.486214][    C0]  ? __pfx___split_vma+0x10/0x10
[  620.491148][    C0]  vma_modify+0x268/0x350
[  620.495464][    C0]  mprotect_fixup+0x3ea/0xa90
[  620.500129][    C0]  ? __pfx_mprotect_fixup+0x10/0x10
[  620.505313][    C0]  do_mprotect_pkey+0x908/0xe00
[  620.510160][    C0]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  620.515528][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  620.521844][    C0]  ? do_syscall_64+0x100/0x230
[  620.526592][    C0]  __x64_sys_mprotect+0x80/0x90
[  620.531427][    C0]  do_syscall_64+0xf3/0x230
[  620.535914][    C0]  ? clear_bhb_loop+0x35/0x90
[  620.540576][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.546450][    C0] RIP: 0033:0x7f9e3be26bb7
[  620.550847][    C0] RSP: 002b:00007ffc6024f758 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  620.559253][    C0] RAX: ffffffffffffffda RBX: 00000fff8c049eec RCX: 00007f9e3be26bb7
[  620.567205][    C0] RDX: 0000000000000000 RSI: 000000000001c000 RDI: 00007f9e3bb5e000
[  620.575158][    C0] RBP: 00007ffc6024fb30 R08: 0000000000000003 R09: 0000000000000000
[  620.583115][    C0] R10: 0000000000000802 R11: 0000000000000246 R12: 00007f9e3be02fc0
[  620.591074][    C0] R13: 00007ffc6024fbb8 R14: fffffffffffff000 R15: 0000000000000000
[  620.599046][    C0]  </TASK>
[  620.602050][    C0] rcu: rcu_preempt kthread starved for 2385 jiffies! g48633 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  620.613340][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  620.623292][    C0] rcu: RCU grace-period kthread stack dump:
[  620.629162][    C0] task:rcu_preempt     state:I stack:26464 pid:17    tgid:17    ppid:2      flags:0x00004000
[  620.639316][    C0] Call Trace:
[  620.642579][    C0]  <TASK>
[  620.645502][    C0]  __schedule+0x17ae/0x4a10
[  620.650009][    C0]  ? __pfx___schedule+0x10/0x10
[  620.654884][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  620.660857][    C0]  ? preempt_schedule+0xe1/0xf0
[  620.665695][    C0]  preempt_schedule_common+0x84/0xd0
[  620.670968][    C0]  preempt_schedule+0xe1/0xf0
[  620.675629][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[  620.680991][    C0]  preempt_schedule_thunk+0x1a/0x30
[  620.686179][    C0]  _raw_spin_unlock_irqrestore+0x130/0x140
[  620.692082][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  620.698403][    C0]  __debug_object_init+0x26c/0x400
[  620.703500][    C0]  ? __pfx___debug_object_init+0x10/0x10
[  620.709153][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  620.715141][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  620.721459][    C0]  schedule_timeout+0x121/0x310
[  620.726294][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  620.731658][    C0]  ? prepare_to_swait_event+0x32e/0x350
[  620.737193][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[  620.742027][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  620.747209][    C0]  ? rcu_gp_init+0x1256/0x1630
[  620.751958][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  620.756875][    C0]  ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10
[  620.762926][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  620.768195][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  620.774079][    C0]  ? finish_swait+0xd4/0x1e0
[  620.778655][    C0]  rcu_gp_kthread+0xa7/0x3b0
[  620.783259][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  620.788445][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  620.794417][    C0]  ? __kthread_parkme+0x169/0x1d0
[  620.799614][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  620.804809][    C0]  kthread+0x2f0/0x390
[  620.808872][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  620.814066][    C0]  ? __pfx_kthread+0x10/0x10
[  620.818649][    C0]  ret_from_fork+0x4b/0x80
[  620.823094][    C0]  ? __pfx_kthread+0x10/0x10
[  620.827680][    C0]  ret_from_fork_asm+0x1a/0x30
[  620.832441][    C0]  </TASK>
[  620.835445][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  620.841755][    C0] Sending NMI from CPU 0 to CPUs 1:
[  620.846961][    C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30