last executing test programs:

8m46.882199006s ago: executing program 4 (id=1499):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0)
connect$inet(r2, 0x0, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1)
readv(r4, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/75, 0x4b}], 0x1)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)
dup3(r1, r0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x100000000000000, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

8m46.012845239s ago: executing program 4 (id=1500):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10}]}]}], {0x14, 0x10}}, 0xf8}, 0x1, 0x1000000}, 0x0)

8m45.928422015s ago: executing program 4 (id=1501):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x801e, 0x0, 0x1, {0x1}})
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000080)=""/168, 0xa8}, {&(0x7f0000000180)=""/193, 0xc1}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/4096, 0x1000}], 0x4, 0x6, 0x0)
timerfd_gettime(r3, &(0x7f0000000040))
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0xfffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0x12}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)

8m45.395090624s ago: executing program 4 (id=1502):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000080)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x201, 0x11000000, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

8m44.835009435s ago: executing program 4 (id=1505):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = memfd_secret(0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r1, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c)
pselect6(0x40, &(0x7f0000000040)={0xc, 0x1, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000080)=0x272)

8m43.896646567s ago: executing program 4 (id=1510):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
unshare(0x24060400)
r0 = fsopen(&(0x7f00000009c0)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r0)
syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000a31000)={0x19980330}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f00000001c0)=0x2001)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$sndseq(r3, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x41, 0x2}}, {0x0, 0x0, 0xff, 0x0, @tick=0xf27, {0x1}, {}, @quote={{0x5, 0x4}, 0x3b9c, &(0x7f0000001080)={0x24, 0x4, 0x0, 0x2, @time={0x5, 0xb}, {0x4, 0x8}, {0x86, 0x7}, @raw8={"b03327273f5dcc7c58776a86"}}}}], 0x38)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000074699c00103afffe8000000000000000000000000000bbff02000000000000000000000000000186009078080002000000000000"], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x6, &(0x7f0000ffc000/0x1000)=nil)
statx(0xffffffffffffffff, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7100, 0x7ff, 0x0)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000001200)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001100)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x41)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

8m28.228812558s ago: executing program 32 (id=1510):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
unshare(0x24060400)
r0 = fsopen(&(0x7f00000009c0)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r0)
syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000a31000)={0x19980330}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f00000001c0)=0x2001)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$sndseq(r3, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x41, 0x2}}, {0x0, 0x0, 0xff, 0x0, @tick=0xf27, {0x1}, {}, @quote={{0x5, 0x4}, 0x3b9c, &(0x7f0000001080)={0x24, 0x4, 0x0, 0x2, @time={0x5, 0xb}, {0x4, 0x8}, {0x86, 0x7}, @raw8={"b03327273f5dcc7c58776a86"}}}}], 0x38)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000074699c00103afffe8000000000000000000000000000bbff02000000000000000000000000000186009078080002000000000000"], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x6, &(0x7f0000ffc000/0x1000)=nil)
statx(0xffffffffffffffff, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7100, 0x7ff, 0x0)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000001200)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001100)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x41)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

4m25.204883519s ago: executing program 5 (id=2587):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$qrtr(0x2a, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x20, 0x10, 0x21, 0x70bd29, 0x0, {0x3}, [@nested={0x9, 0x1, 0x0, 0x1, [@generic="72d029e395"]}]}, 0x20}}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040de28421100000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "b1a748"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
r6 = socket(0x1, 0x0, 0x400000)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000080)={'team0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000880)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r7, 0x4, 0x4, 0x7d, 0x9, 0x58, @local, @loopback={0x1000000, 0xffff888101827518}, 0x0, 0x0, 0x80000, 0xfffdfffe}})
r8 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGFEATURE(r8, 0xc0404807, &(0x7f00000001c0)={0x1, "5fbaf77c49a9e363eed255a8164a43edd3fbf3f53506ab88ceae7536ba00c7498731efa3dafb0258a1a0e6dacafa3ba666a4c94f7af45941f84c2857c71600b2"})
r9 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r9, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
sendmsg$sock(r2, &(0x7f0000001540)={&(0x7f0000000500)=@pppoe={0x2a, 0x0, {0x0, @local, 'nicvf0\x00'}}, 0x80, 0x0}, 0x0)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x7f, 0x0, 0x7fff0023}]})
close_range(r10, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r11}, [@IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x402}]}, 0x34}}, 0x0)

4m22.280437946s ago: executing program 5 (id=2598):
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000040)=@data_frame={@a_msdu=@type10={{0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, {}, @random="8f59b4f27776", @device_a, @initial, {0x9, 0xf22}, "", @void, @value=@ver_80211n={0x0, 0x81, 0x1, 0x3, 0x0, 0x2, 0x1}}, @random="e491fd78ccf8081595e8c9fd274cbe6c2ee20cdf1a958c375ab26398871fcb9e6126ffde73f4a1077f2b0192e6c79d39adb83fd146eca8655c974a26dea764af9bfcf3996da7166138dc71272247e925d8d1f00420437b5e96ec26c10fe2c70ed1ebec61dc12f1fc5c101ca9a890e7be3b4b1c02e67c7839d5cb7ad22c841216170003839ebc0794f636dbfb088485fae97b14730fe180f64501ec5f4f0769776522882644f849dcea5efb319f33d942ea0aaaa603f2ab8361c4fcb644074a5342053d3727f6dfea40e52170028c9052f00e304b1bae7615afdeaf467f5db44e3a09feef2e6b83825260ecc90793a1bc3d81710b5522edfe30c0b53b0224f3ff3f8ca6b60115c7bb4f13528d9b168787e0cf944ca6843d9cbc2f0b8cddc8b1f2c0c64d97e8a1bb2c774c89865db15a62fc80a576b37b913823713ed222a3a03075b8d4b834e5fb91369570b41c6bfd40d1c4a5d8c9f52f4f18cd78c78d6ff9ea133598204a10cfaea98e14f37b978316d05600600bb3d77abef0a77f68de440f86ebda8b01575b5a6faa541359ee93154bd76ce660b097da72c8ca99e05d22bafc016694e2264865dc8dc17b788a99c8eafcc1e449c451fa2d62cdd3123047349e78c6a8c8d0f9a2969a556c84a44c4bcfeda942a03b08b6347f84d24f7d38dddde942865ac63df44c7e4a4370ae6d0c7aeebdb249daf2c1b50df062e992262e5d67748281d86a1073a17b0414d24eb3eb903a2dd8ac5fd4fece50634e75340324dc2ad04d2afd784e5eb45d8267f462e5ac93276bbb3ef941a6d1510c29af1ec65ac313050c3083b0999b65379888d238a895419d5dab0717ef69e1ef4e53e1d1ce3d71d1d10ac538e2cba0134bdb27cc2014b2b6d7472a610c279c124735e43ccf357454adbb57a6bf838d470617f2c8c5bc2077aabdb7f2b9d133babe9e2e123e70da8e7612cfb7e3f0ede1ca82fb8cec0687d75e84de51034ed15e3f986ab3d75d9ef63ac1ae0b490c7664faee8280ba7aac244009ce6d116c81f097ba634cd27148ffa7cfffed107b8c56d4772259f25c5167dbbd83f538de9a4bda26d22f031501ab93b7dc20b13e8f96c3d41038080d78752d5cccd57058c00b5f2690b829c76124b7969fb9203e53f0dfc725125427457ec43fad57fea533ba36b62f6be49bc293ee3e905a2e70d8e5aee5eda038661835f30b604365d59d892b97c75fde5e96576418fb1a6a7c04f877d534b0661be3f50e6dc6f4446fa969c43e9ced1ab7fd547104bf76ea93844d6caa3264e146e8efe5e5dfc8e492a531e7378caa9c7ef006733bf34d626eed9eb7fe6ff2b71739cfbdc62b9d2fab7d5cdab49630240d5197a70d2d6c65f6ca68e15669c1b4376952ceb57f9eb2c97554a80a756e5a457c04809b7979c224c67084ad063ab8b9d1f9968241c7b7a95be9788f7424c0873f77b0409a10b7b45624e4a210cff0e85ec6fd8de43fee8451c0ddf77288ffb0d6486fcff3662bdcdd6457abf57d626c679c2d6ecb1f3df28dd129bda50e55da820cbbb88b2ba24215e22842301d2896e59d85b0f39e4a91596b0bdc435414bbe7f1a0037e02bf69ea6fd7de8357990c3743b63917c96bcecb7a2c7bfa10da36680df287bc25a9a1f1105d272348814223b9926a4565473ca0aefd8b718c27f54bf51f6996796349ca3eb9ba6f353fde1c4eb27a53e2b7445d3cf299cf3e2f28e80bd982fe0d69cfbec8370280b645d6c328dfd16e3a940209119dc59238f6298c160e255b3f2140107b6b9bd23b2a7bbc26c1388d324af5de840eb2bf44ab9347470b663925b7a48b266c731b602b475e9dfc8e919d5f881296bd4f56e72d8fdf9987ab982e4b64e84caf60782c03acd516523d3d04d3accc751fbbf7c8efaa6b0f6b2c5bdb9ac94862494b16976aa6425dca3faec4093c8def08fb7134322a42785462d1a4dcda271c3f1b154b628d30144e6cd9ee5a7f7549956896ac1ffa30efd956f23707bebeaa41518d4e3720b42d4d9fdfbbcadc5c28c78c9308e444d512f723c474d520224e93eb2ba9f3402b3e0080adfb4e00d2f5d581194e94d6358167ad95be5fbb3cd512264a365a131ef778a077437d12398306d3f09b6d422b342c9e4759ce194f76bbcf2a747ede1872fceded40d1c771f7b3f8456fb91b812f62b585f0a0389396827ea5775ce562040d360368d0340165da02a43f6d7cdf06aa2afbf79329f1f3ec26110a1f96e2ad4e074a4bf7c1b8915625ced27180b056b2cbb7ff28991d512225f6af81c0a30291adf31385f5b3c1f1bd70d61ea91df29d645066786060729218cb621c91f03f0638a1bf282e9a0413b2a414"}, 0x69d)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000700)={0x3, "9ec9e2"}, 0x4)
timer_create(0x0, &(0x7f0000000740)={0x0, 0x36, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000780)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f00000007c0)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000800))
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000840)={0x2, 0x4e20, @broadcast}, 0x10)
timer_create(0x6, &(0x7f0000000940)={0x0, 0x16, 0x0, @thr={&(0x7f0000000880)="899b052bb1232d844dd66934aab5983d34fe74863052bcd49f44f03c870c446c388ffd38685bb8e91631a4bed719648ff99d3b8eb87f5e0733acadf0d2aa466c8c073d242c2960f84e2ea6728e3ffe01f5", &(0x7f0000000900)="03e26aa143c908af68cad3aab8101c20340d1e9b1d7d471a802f01afef8bf61dc2e800f8f1fb2a78eb9f67"}}, &(0x7f0000000980))
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000009c0)=0x1, 0x4)
r2 = accept4(r1, &(0x7f0000000a00)=@rc, &(0x7f0000000a80)=0x80, 0x100800)
sendmsg$kcm(r2, &(0x7f0000002100)={&(0x7f0000000ac0)=@vsock={0x28, 0x0, 0x2711, @my=0x0}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000b40)="cb494023a1cd95ef80381c6edcecda8206126a06f8ad8abaf342acb67ebf4bd577bade5a6e4521f06db05df090fd4097ea233d3200b6b2a3f3e164e6dab0b8bd5a382dd74f939509d4b989", 0x4b}, {&(0x7f0000000bc0)="5c91dbadcb71c15b8357d0e14073f8f871d386ac7a8817e7be3b69dcfe4fc27e7212040c58f6262c4165d15d1f7232a84913f75ee3f3dde64c1eaadec0ea1733fefff01c72981a13d05e082813309f3a899ea1a9a859c686a5cd16e66c33a4dfb976f622d94c8c17fc83f1447c2795d9e07ee244d3f3208fd4a8797f35eb5eaedca2d06f335e5028712801f494226d40cee9ce2a7d9bd595488727b17dcd0605ad34ea96a4549d74a75db65b00fa16351dfc62df4b3e486dd720486f5e54b6cc84315f7dee551fdaa335d4c10b203913d1a77692f8631f7f45e81898b7dce1144f333c5e19c183287292d5467bdfed71bbc501e2cdf9d1c9980d66dda273ec093ce6e832776d3c2ac5604c533bf5f3eec2066434867ecc8c7470114f574000222eda2492e29ff5da08ceba9ea21f3431a108bd2e28cad4b728ff054461af08a16f961424bb355da8b985fa3c451274b33929b01349f6e6f07d0408bec051659dae0fcef3667df90b76e155222bd86c33dcf2de52dbc263bdbcbb5b0aa90b2032146f3761a2db27cc3cc57b24c6a17765eb00cffacf2cac7fcfe4b641f29617755ef9ecb0951fde9f9ef7eff28428851721cd69f7b440721abbc1dee55db0e9a12b3bbe4be043304398500ce8d64b78c846cf96eb5c9716f229cb13f607b1d2d1c0d52f62e6ce07a3154871d219c6d6540c2967badde44aef406a4369e4509c77418346dd0eaae0b20ccfcafb6b405d1854082f2955193bd219459868c118e2ce70c919ce3a7f2c564768b2be05d6004bf8a69402ed51e517ca767e188f331c74c98c2cfa612981865b1be16a2b3b60c15ecace41fb0ac8f3b18d3f83cafa64d04415d77c840b526a474de54831b949d67135bb487c7d65b747e0be5371ed57de46e0ff374902efa5238e187b7ddcb469450bcd1a5580c174ebe7a33c0eded57564db1d4192e93f7dddd80cca7191d0a013ffa2950a5ca5846cb4dd5b2528073f8d18f0424441586e9ead055a0cf289c9200e7f923e01d304ec12d042d335f9546a173ec949adbf871b2abfa81875f1a0bb8e00acfebc644f2b3df9ef9f1fcb8488f7bf0c0f7a58f24cf6c54363fb85ba74a462921b5618b7d3553f284f220ce24ab3861e7e75f3de07ee07a388fb2cb376e75b12315aff713e5f006a9be7ea507f3505aec3717a58aaa0bcfaf77ca4d83aca6efaf433f21994c1f883dd17459ca747fd46af37358e53fde17a79bee927d7a9495efa5098c7da599d3d8931db78b195c89ee771576e86017f6172a51ff9e7030f28011db917a528d27a2a867d24005a308950b2287bf9e523e84f82910e9f15ee673878d9bd81e696cd1bd72f7fb0e1f3091303671c66c1d60934925ce4316c6acb05a7fe142af9b8ae662d259e38576f226d66cd0fc9683696e34a9be5553a110ef5f62c8f6cd26bb23e2fea509aa73f95cbdc5b02461b2f7d172536ed52f1ee744c819414b32bdc22f44c9db1f533f043d64b9ab107e03d1673c7ea52b1e19ee2b594681caa1be40e555acdec89a54a42e039fe15b9b0311931723bf779e7efe2920e60bbc2ed0aa14b93f4e65b81a87ca4d4e5ffe95ebc64c33b3099a5d770525fea094fd4ec65a3935b8d5af0f07784dd26a7df2f8d17a2148a7dd41f4597b5f0cc8922e4051a0e958e1ae88514fd705182a314328692fdb68a47dcefce9c2b9319a5da083869eee3b353d624769273728ae2210a672fc88665aea0b46b296f8678bbaefc251548f68b71a2c531a4b3cdf44d21a34375368a1b976baa0672c4a32edab8f66ca54574b9c000c0727ba3f835730968789ddd430fd0fd4f3d3d4af17161c8b6247655a61f64c405423432b5a4f033c1b986e9157e16bdbf75c52e44a95087c3d822114b6d1c556aefaae88f751c83476ac3fd8347fb887b8a5148fe44882952b2a0d138fdf7c3ee39f3ff5ceb00adb187316e9cd14e688bbe14c4d2bd8bb95429860c87d01d7a4d2bf5efc853c9113ddb90ee9ebf0f03414c02a9dfdd97e63f2ff7b389fedbfd0924f45b276a2533c2a0ff118a3a6755b3f30ef1a3449c37d62b097014fb27ef23ec144c63c9a7f9d7eab3e2adccdb2a806dd48cc40a51bd7aa7a5b9fa62de5f367d0a11e1dee641b07c8788ee158458a5d459a5d0870cf24a75be9fbc084097c6da8fc377cca9d39e1a55f4c806c85f15afd9b31cd1f2f5f0ff46b9b4738e80df4346504e598dc78a8d2dabe7020396316f0e39dab4b91a2d7968ed163b1c4f152f97329512b919effa6e065be652718f7bfda0dfbb058856b21c022d6e979530bb1f1d255a46cf448230b7f66fea49b5dcae4080f1ffb4d98eaa25ba3982439b7b01ea106d6e9399913ffad37223ce5bec0dab843070742c22eae6496bac99a98c8ee2e2ddf3519771482926c5f655e4f90687698725e721cd414aa57f20c2d75c6fb2c6894386969290cdab4595ccc6943f74376d187be63d8d473e3b27cb1af7f2b2b36cea814a924ab9437837fda5ce32fade6b00ca46ca8a1c1709fe096ca345aa28749c3f79dd73752a04e42f66630623dc1da6b20c070939a81bddecd5a8234b3efff3fd5c1fc8cd1f621443ec09b2ccc909088aeca0d5243658a5c8c8d523dc2e28d65c5ea2aff308aea7c75588f33a606fcbb086953fe3bf1ce613e40a1ff5d653c56d01f38f6011fd6be7d26d05118e8622fdf3bbd7d7d65b33ef8ce90f64e47024c06d5f77bfa3d1f641b861aa469360f4316bbca28b67f0c78dbd06d59c20a0b3b7def01f6d2d45f32824fad58d276a064504374281261d88e48ed7f863726a35d76e523bde1cf3e7ab80eb20426f514397af1c9f179ec8c0e2f8bc8307c7007f5557762c2c074e3f69181da1d18f4b5229b04246d4b81f754021992a5a65039ec36b46dc14577e5fb1fd7b95e9efc5ac726a834d887052f3071c7aaf6aed83177e9cc0eab60683455d5aaa35e85690bc6da502d8c230fdc24ac0f71a94abb04bb8067328c43abbb14a9d217bf3643a1a20d21c426cfb48456da1e54b6b07094369cbdb8907ea877bfcc3bdbe3cc7c949b56d48ac44d3a07e4b2a19bd546a1c4eac8a2166bed9daf2645f9b22ea189e8b523ad54c8efbc0200b7050933f584d79e42cdac2fe71ba615709bba7b45826290969fbf24cdbc4da23e34318fbe76e394bc734ef39f011673dc13d187854711e0e651878f6179e37832781d630b0dde5dd29ee167389c1971bce056707373775ac78415c7698b3e8e8f5a60084af829cea9bf96b6c99ae745939282093e28aeabf91ad9181937740360e6d2d5b72324c4205fb51f9cd061fba9b5beee6d805fffdbc2a0828f12d4f60554c5ce85440110700f0bb1c3a67fa6719f3f2f9ffac7b9183919040cd38c51eeee2cca468007994fd45916c70df78abd1a8092789adbc5071d4153223c77351a4e609fd3bbbc7a5d43515cba7e7e46b54dde5875d72a73b4c5f459d177ea3ba3a82775012eefbe9f4eac8553ca2877694648bf4ae23fd00796bbd811a58ce466228b17e081d942bfdf95c044a47acad91e955a782096b2d069f0bc5952300f327d1a1fce979328c6eddd81bc70de0f0e5d1c76a91a40f5099cc797e63514e5422a3a288a8ebee539c97af8abb8bdc0ce3ca3327eeb5c8a021dd7a928922920231328b93fe17615912cc8bad757b23c1222eaf9dadb6cafb5fa412efc28de917761f62b6e7575b5674e8560f773096677ef61eec34a66ac24a46c5743bafa71c01434d57fd9d6fe6d85fa5e7be2ceac39984cbbb691473e4174bce02bf64e794268013f6aba12b58105b8a1bb56924cefcd9ce5f8df8286da8adf846c96932a4636f719137a82baeaf75237f59c9c940dcb576dc8b2d0fcd053656c49e8110295cdfd092fef18dc8dc0373a809965591032064794851d30173a93e2fa5c993d6c64f3ec0c4d0b6f54e6c5ee5a08888608f4abbb99b74cb6d62bb6bd4dbe7195141781020b70b883c2b5bcbeb39c5a85710ca58fbaed2f5584f8fe38b4e95afc050fbc51a95280090d510176ba3f060543f49abdf051c26c7728ac2a24bacff4a42f85f5f7b9293f4ea76179cb059a9b81ddd2699ed5d04d398d15eeec35f188c0e7e7acd6fd19105bbb6b25f22af09e14422d62fe1e85d009469e1395fff63f830c7e03eeeb55778df68459b08de1e83ef1567ebfcaa9fe88319847c4905ca7a1b59c222a09e00295d64c932adc4d04b985569703db23aae3f3fb5f1b81ee7b822a85adedc04c10d1397a3c7a3162de1d165065a40ba41fe9df135976f7de8f9770c1da0340ff7a8368975e5178935e7b3acd69b336c0b0255940a75644343c3e2069acea8965ec0572a10a777635eadb5cc6cbe43b50b02a7e9dde644070b0a80c248611942fdf252ab932ed3fb4341aaa5a3472400560730e1d6ad8fa4e48725e146945937a894a44ba689b02c9ce41c0a62f0048be32dc064f57bedfeaecc5cbf66cf85dcb0a06a475b197a9f6bfb5642a669833872b2e336483c81b5b23a13cfb5d547434170cd201756b583c08627e0658df4b9b1b61df1570729f1f594a251cb4f43570113d0da29fbaddf6d48703946f7c90b614a7023d804e255e0d18ee6ad660ead99120ee527741ea3e1813ded64c3f34fe8d958e199632c8aab5462e55cb1fb6b135259280deb00944be4d3466cab985d7c9f552ecf3e4e492e9856253d0d445e1aba787814633f2d831f7958e326fcb76464f7aeefaf29878cba8d865f6aafd07ee7061b91e67c99980e2be43c91b2ec43709c90db38f766d10a90e8656718daf6a5748ec67636180473d1e19be10925a50b4f0f1f8171ca7dde5d2c2a1afc8dc70e898c502e409556bf97b4bb14a17a3400304ed3aaaf2a60bbf71c5d3c9284c947c3fba2eb2de209f283beafbaf16d0bb3fa8fc36303b5ce037e8640e12087ad9b2c358e0760d3aa1372c9ebb9ac472a99e52fc8ec5bc66b7bc7eb07b6c85a101d002382fbb3eb3625f365168f4e6cae2d7cef1f8673819b12491d2b53794ac8c7419d7da2414a0e9a69c9d0585c9a54966bdea556f1ca0f663d96690d4a9887da031e617c021f95c6eebf957bc07f0d5afa2d6acc8226e6a6c8d336bf2abec477fb9b7692c557695e2093e09f25f1cf1bd93cb201646593101b498470a0a9947afa1175f2c22d4d85b6678398d324dd4b397e032ab979dbe67a6caf447767e5fc365fb796e5d07833aac9ea6ecf07906ff7667294364c9fd681e015d4579f6c87abc47ca6a5f36c0a619a64813de98bf92999a9319011692fd3c95308f29a02afffa019738fa099ea0ee177446c03b46e0021b07b060f9f06d3d89870955de895e14149438cc6c2c2be6d558bee3a0df454495f04b165254af5a93a5dd290dc7b4d9346d4093408c3f2aeaa1f0c2b01e5b999a5a79437dfb0ec351814af5eae247094da52365e127fa0848d3318abe3f7fddc2244d2e3f123ac9b26a32859921c4021a2887064a823932d97290f13971d5994fea21d71abcb437c45dc0b38442844e627b295af4a675787f41dce1d49eaa9c950c33cf0c5a4aaf474c8f7eedf55c34ee242583d99543f5d92acfbdbcbddab250fe01e718a05b90a349a3f4eef968b894def2dce5acbbbbd71c8c19b0f091786fc740c77fdfcf2c7027d5c338eff87ef10df4a94843b106eab5c2e97a551bf1e228b3e0c7ef71639fb73d233113dfa5050f1105dce36ba8eed3aebca5d18e3b4ecf96eec82badf1caae80fb882d0eff6358ce6ba58a909a4642ccbde44d60b10f64989d83887", 0x1000}, {&(0x7f0000001bc0)="cba7bac72e1a47a1057a3e4a5279d8eec45bdaf7945439813519a2dada6ba83a568e28c8e41a80d7d62f0808e589c32a740fd7860f0b5fa7160a0c76f140bf801074d7dbd9bbd7363fed2b0b159513d5a2765fcfaf07e93d197da41588fdc1943eb655f84c080b4652e2d1b6b464407034470548d9832e1b64693fe36127751cbd6ac053c77821b7d43787cfab999a", 0x8f}, {&(0x7f0000001c80)="0e69c8d23d8ab154c1df7614402e117256150a1b8c79bea15afcb463765fd5a13a7ec87e8b1ac958257bffa8c0b222c41394dbb177b5075bb73f29c101a7cb7b62a309a46de4863db0344f16d06244d9575109dc605b92ecdaf7e454449ee7d19bb1ac699928c59e4fea2b725cad56c7cd8e4377248485e923c24668c177fcce5c29c750cbc3a71419441d2a", 0x8c}, {&(0x7f0000001d40)="214470d9d69e7d0efcdc649947c13328919b1d1c2d7a84883c5553fd8ec321fd05eb52d4a25134b14b12cf68a0ebdf8d3c75bd9572607eca77ccdcf84aad27850025844044e13b73778f24b60c8bf4ade9994df6282b4f1836d3f5634f8ae3998eda2188fa26b68bc81262778fbe9f2cd002dead5b77c4d545e3531228de77b592d037ad", 0x84}, {&(0x7f0000001e00)="20619e2837fe085efd2fbb40bfd36b50b6af67ffa7a9d83e57c3808f421660ce7307f17aba5c3a6caefe90f03f00c057d378e6bdf933f59be7196bf82e92f25c1255987bf00d889924dfe9616890d9d56809ead7e9ab56c1fa1a5f9b399b79787259238bfa9a1db9dbed6d1f4d6299afc392671ad97f64354930e09a2417a0bcd305e250ffac174c344f7f5c538ec297ebfb7f9644b5f1a943e1146c0d1362066a4394fe5ca2f2f0ecdb49c25de5999bbd898399199b30b6874703a4d8dd1365f809c21e55d139728360f8b9d879c61655155269905e46e282d6b27d677600017e213eb87f277afff37014e92de8a23c", 0xf0}], 0x6, &(0x7f0000001f80)=[{0xb0, 0x116, 0x3, "8492b7b10151f8e826fd81ed1561803e97ec136dc5762626f893461452270848ca1abe3288651b63e7190d865c0c5a137032c538b2ea53a13079f8d66f52576961b8958f5b48915694dd4f28f58333cb6c1ca4b1d4350e90303b990b7af5f37cf5099877c2069f3b5f0b2c6334982819c5b643d098d52233bb4d407def8248d0c517a10b7ad290dbda2730b1abd3ea3f91fc27f984393267cf"}, {0xd0, 0x1a5, 0xac0e, "71b85048b7ba698c3982691f84e14cc902da122c85e370caf4a3a0bb7a124ddf49671abd94c7d0d18f77f7d412317aebb151916f731ef3cfabe1fb883ed4743c4742487704dfc2e88c7e1c5487d266a7a48f169c0b89c0414efa035d2e7edd4a43964e82811399a1c41fd3608bfdea2c33b2ec4030aea01d30741a32f4067ec96aeecbb29b607d95553926bd8e4a1562e260cfa5c9d84effb3e0258edb73ae5bb9350b92e1f82c31e2c55d3d0550fd6c0d988f39c8c6bab5c7e745c048dec1ae"}], 0x180}, 0x40011)
r3 = syz_open_dev$vim2m(&(0x7f0000002140), 0x10000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000002180)={0x14, 0x3, 0x3, 0x0, 0x48})
r4 = syz_open_dev$mouse(&(0x7f00000021c0), 0x100000000, 0x82000)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000002200)={0x80000, 0x0, [0x10, 0x100, 0x7b932a27, 0xfffffffffffffff8, 0x4, 0x80, 0x1, 0x8000000000000001]})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000024c0)={0x44, 0x0, &(0x7f0000002400)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002340)={@fda={0x66646185, 0x6, 0x0, 0x11}, @flat=@weak_binder, @ptr={0x70742a85, 0x0, &(0x7f0000002280)=""/160, 0xa0, 0x2, 0x23}}, &(0x7f00000023c0)={0x0, 0x20, 0x38}}}], 0x24, 0x0, &(0x7f0000002480)="befd3fd84b7140ccdd3616b4bff867fe6b926549230226ac4562838e60a1219e04cd4f6f"})
pipe2$9p(&(0x7f0000002500)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4000)
r6 = getpid()
write$P9_RGETLOCK(r5, &(0x7f0000002540)={0x1f, 0x37, 0x2, {0x1, 0x9, 0x0, r6, 0x1, '#'}}, 0x1f)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x15)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f00000027c0)=<r7=>0x0)
r8 = getpgid(r6)
syz_clone3(&(0x7f0000002840)={0x100800000, &(0x7f0000002580), &(0x7f00000025c0), &(0x7f0000002600), {0x2b}, &(0x7f0000002640)=""/141, 0x8d, &(0x7f0000002700)=""/146, &(0x7f0000002800)=[r6, r6, r7, r6, r6, r8, r6], 0x7, {r4}}, 0x58)
ustat(0xc, &(0x7f00000028c0))
bind$alg(r2, &(0x7f0000002900)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(sha224,xts(twofish))\x00'}, 0x58)
timer_create(0x7, &(0x7f0000002980)={0x0, 0x22, 0x4, @tid=r6}, &(0x7f00000029c0))
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000002a00)=0x3)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000002a40)=0x1)
r9 = openat$null(0xffffffffffffff9c, &(0x7f0000002a80), 0x80800, 0x0)
setsockopt$RDS_GET_MR(r9, 0x114, 0x2, &(0x7f0000002b40)={{&(0x7f0000002ac0)=""/57, 0x39}, &(0x7f0000002b00)}, 0x20)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x4000010, r1, 0x3686b000)

4m20.746876836s ago: executing program 5 (id=2604):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x13, 0x4, "339f020bbe82a398000000000000020000000d0ec0c1b4e9b1c4369d03740250ceaac594a4b3d741dd17a4c50d38ef2a565ef1e8a323691c50d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431ae777a68e174f000000000000000010e20000200000000800"}})
r2 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r2, 0x0, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @multicast1}, {{0x0, 0x6558, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d8621b", 0x0, "2c17a9"}}}}}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
waitid(0x1, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000001c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4090}, 0x2000000)
close_range(r1, 0xffffffffffffffff, 0x0)
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r3 = openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x21)
wait4(0x0, &(0x7f0000000000), 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x4b0, 0x98, 0x0, 0x248, 0x358, 0x358, 0x418, 0x418, 0x418, 0x418, 0x418, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1_macvtap\x00', 'veth0_to_team\x00', {}, {}, 0x11, 0x0, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x3f}, @loopback, 0xff, 0xffffff00, 'ip6gre0\x00', 'macvlan1\x00', {0xff}, {0xff}, 0x33, 0x1, 0xa}, 0x0, 0xd8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@set={{0x40}, {{0x0, [0x7, 0x1, 0x1, 0x4, 0x1d], 0x0, 0x6}}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x2, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e24}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, 0x0, 0x0, 'macvlan1\x00', 'rose0\x00', {}, {}, 0x0, 0x0, 0x1d}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x21, 0x6, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x102}, 0x1c)

4m17.542386462s ago: executing program 5 (id=2615):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) (async, rerun: 32)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0) (rerun: 32)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="26000000000000000005"], 0x26) (async)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) (async)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) (async)
sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) (async)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4) (async)
sendto$inet6(r5, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(r5, &(0x7f0000000080), 0x5e2, 0x2001, 0x0) (async, rerun: 64)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) (async, rerun: 64)
splice(r2, 0x0, r4, 0x0, 0x26, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYRES16=r1], 0x164}, 0x1, 0x0, 0x0, 0x4000800}, 0x4c005) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r6) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r7, 0x1, 0x3, 0x0, {{0xa}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x8, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48881}, 0x40) (async)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000001a80)=@filter={'filter\x00', 0x42, 0x4, 0x2d8, 0xffffffff, 0xf8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x240, 0x240, 0x240, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x73}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x5}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x338)

4m16.83375079s ago: executing program 5 (id=2618):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00')
read$FUSE(r1, &(0x7f0000006180)={0x2020}, 0x2020)
lseek(r1, 0xfffffffffffffffd, 0x1)
fgetxattr(r0, &(0x7f0000001600)=@known='trusted.overlay.origin\x00', &(0x7f0000000000)=""/7, 0x7)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x0, 0x111, 0x4b4, 0x0, 0x700, 0x2d8, 0x278, 0x278, 0x2d8, 0x278, 0x3, 0x0, {[{{@ipv6={@mcast2, @empty, [], [], 'vlan0\x00', 'team_slave_0\x00', {}, {}, 0x88}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@connmark={{0x30}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, [], [], 'geneve1\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvfrom(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r5, &(0x7f00000015c0)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
timer_create(0x0, &(0x7f00000013c0)={0x0, 0x41, 0x1, @thr={&(0x7f00000003c0)="c1fa40d6154eb0bae4ceaab7db05ccf854059b4657680b670a7b16d323802cab58ed2cbd705c1b092fc3760d29ccad960b27c3266f01c5c7361031a1c7eb6a52d5140a12b19e45d1376bdfcb36ba16225b51554853157830bf6fae38fabe2edd5c45cbf2592536a1bf3838eb4de173ece1968637443314ee6351bda4fcf37ef40ad0805a2f9a7efbed5aa24942278e4635556968207a5a0327da2a165dd8d3daed407e1168918798cc097d3e33aa474b6798952013cbc9b45f4dc984b36b292f2ca617579e998674cddbfe6a93c7d141bc382c747654b81a19c93aefcf2e2627c6fd0a07fc29e1fb24cae5725836dc79b6a5b6724438738e90e43e652fa0aedf8b605f03f49f0da6e5187167f875027041c0d002ba9dbe1595d15cb5ef6e772c48e683eada6c3ccfbf00deac6a62d193af51dc9831bad1116039f114dd36a8f8c20460c24fa4ab42e0169d0602f4a635544133eea226129f0fb7d1f725b912d1c1b23ef034ad8d3fc9d7ee226b0b0f13acf2da00efb9d7399643037b5b8a90a5849372da9327097099aa18f9540ec73f648ba6c62187d7029e967e802df75ce6452ca82b7bc753d7d1ff49f1fb3930384537cafa443b07ee30a7a2428590f7c1179a20685387dbad52cd1fb6eeeeaf19c56bc2470e8c6b171557727f2f039b9bcb6c77b1fcbd377fdeb98c2c8fc0d007f65df7306470636b0b87415896530ede74c3708238af4bd6c9fd7a221b1dd264627aa47805a5c388c278b7396176249d1ce481a66d5aba13aad79841c0b07c64f5e34a7cccb2163239100fea09abbebf6dafdb78098a7a2681e14c193d3fd9103882459ab638c59ad3aa53ca2c3908682f9417483c53e0f66db96facfdf2b267d75df995583f1498badfaa11a397b76701d8b04b5d0ac307fc0c502d4808219bcd47bae2dc59ee3f81cb4bdfe5be609d536e9e586567590f6d7d62b43b431ab7379b74fb41f3f712477f3844b02a168c7d1029231f7adcc7276993f024f87cd8579dd1659b67763eff10711ba96de2b9ea46c5f1e18c885972b7a0b5a7bd4ad1f035d4972b56c15e5a09cfea05629abe47746e60c1ec092f7489c67402dd9f757709e3844d0264aa2492822d8d444cff0b79d142118b1a9064c0e34a0032b8e1d64958f7fb2674d4dde4c66770e7d7426200ea47a6aead3afc1e826721e525756523211fb07d180a0abf477cb9eb1e657098863939c4deaab244114c402fa949280096d2e5fa6876c8ca6e5e1b751efb4d5b47d402950fd498998c1474752b67b9dd71e1052e1c2341ed212e63f101e39f2d0a0986879bcf561ed24ed48bf3b4df865d407e770668c63f75876e4d15db69758ca9a9ce33c0e935a2a350bf3ec27f581118ddf7b3720b2ae5ef7ab59e016cc978658ca4d80fe8170ac52971ac4645910de679b98f26eff038cead03a390fd9961505e7f2e925ea4fbcb23359ae0f5116eb39bc9db39d717cb4b04f99eb60f9771360b28afb6784349701b3c5e116acdc1dfcf7da32fe8d73f124e9cce844d4dfa55b532a5538d6a11552740eecda059304fb80a19b8c23e7618bb2fc39a38d5a55acffc54e10885e262998c5081df15108bdefd4ca1236a7e73c364ccc62da9a6042ca00e134d600c2f0e97d914de98d8148618c748e4a78395c03334981694567b6b80559e058d075e6d3d013a66e5c7c0414c216f7aaae9fe87dcf32349f7cf99945f6e742235eb727921b5ed38630be5e9be67eda09347453a07273f9b2fa36f23a0feb07f5c572df79b506b4826ac54be7be459da34f7ef838a0fffb5e3e9724dd2c8fda451a57412c8bada2b7295a2445591751196e8acf53ac218f01e358e2d779002a36a07f04481d2f654e1fc0d9e8167afc7e95ff2ddfef648582fbea36c57d616e7888de7cf986ebfb922e426ab7691005d5c5416b7c1ff36420fbaf23bc1398e4188b278f65ba53aa41b59f35d33a678748ab270a6e58b5cfbb0572217f88db16106b47fa67b46a20f86a1a12aa174ecf714c77d17e5da3b14c8df7fc23353c466670fa57ae6a89abc38b307f8838b5f5e4c09c14a8ca271d2ec1e018520f7d4b38cf62a2e31251c24e0c9b594fdd5363e919407e7981c024880370d7af892ff872ca8bbba666ee01d0d10a99e40c4409ea08abb1ff97ef098532f33dc5a4a3a78ac82cb7b773fee86122468ea543b8f3c19d913c227a32450b81b3e7177167babb43a386b33fd417002371285e1ea9b2c885981a5e2823ec0cc4689b2769150c6d1af886489453bda6516375dfb7ec60620573aea72296b581b7342a5da08efa45928774b52a2f448b1c255bb16fa10a60dd3b7729511b5d21551651c0de91fbcbdfacead04f7f529bd90279fbb287588a118031c74ff93ef0adb56d4d0f502560869efbd06b37b9545189789dcec1602dc80cbd53e80e06f629282034c6593e441aea24d9b0d8187e278fdfed1c11a3e32ffb98ffaf853c6cbe5f555a21023974bc0a29ec1acfa9a2194bd26424077a70ac169efefff847574887c29f3dfc9cda5fff7f82033e4d66013717ffec9c4e462ab0aa86f9b89e555acb9c759c85dc5288c53347715dc875c9d04fcd865b70ff2f9753f9373987114715bb2849269f784b6511cf64ecb646c21050496d06b84bdc033137389fb1fc4d7640a25f82218ab946902a54d54deedbdb798364f19868c051db20d6a92137e40f0cd4c189d7badfe1839458b6597cf23efe683bcb1081bb0d8cca44d4f25e860fc7f76d10ffe1588e89c8a34b9b6d43087cc65d0535fab1f21b1bd3df68b4f375358c26b2d9eb55577267a7924fbc956efb6aac5da1d97b15588d8f70932de0490f68c832321f3b1a535d59d07d9686c1097ca8e08375fc8d88879fdc1c37aa056f17a07a7dfb7af3c509789bbbc297b8100b5533d16d76649839b9205d1f461989276d27c50db8cda3bcd8bc06aaf0a40b69d9007ef592f74eb50795d5cbf6918fd8fd8ece3b8aeb4dbae7490a682be0f9b77c4300a823fd54a9ae7e71e949ffd5f4ed1481806893cab53620f0e432cc2b846b5353cf2bf5691a6ca9d0dfa2b2e2faeb2fbcec1c57151af4fdb954a90c5d2b7e74526d42ea3fabc834c32de59d66678d38282b8a4156112df28b43c20bdf8fd3cd8305550735ac5f68cd42916d561d45574ac87236a7353b185a74da5f36953d3113b726dc70c37304b3a4d2e72fd9fc9819717655f5a7fce21c6c206a44b1e010cc439f7cd1a35688d12b4bf41e08ccce510a14e86de3cf59207db122932dd900a835f82847ad077f91e4fac7fce6548387fc479b3e5911d19e849f1606a549011af4f951bd43321528b4fa560e3c6c02752b0fbce35984b147ff07d905b3d0780f7a5219da3da32e9042efee8037a4092d5097938f57e7fbd4832061ffb2813b5aac41031ab47dc4864bafcf41b81a47a5dc845f4cda68252f9abff28079565c1edc7360504c448c0ef06a5434a6421dfc9dc254b9a4987e8b853e35d6c36e3574043ebb788ea0dffec8ca02be3f1205584c4bf5319a81ad47992e1af0cb1eedc01b1a4d578dee6c403e73e723f82f14ebe398aa60d989dc71b5e3c15f6b951d29c48f03203a7cef30927bf851a1d2e00214d2193574eef1e61423b8ba7b1df2c9130c300431b3280e23f2e6bec9e0b2fbfd9d6a9fff3f572c3743f622a934065cf311a028cdc9a4ff8eddae8ecee77b10560f5caf0723bfabaf85f3c2a72cef7861a888448325a0e8e1f476e0a63e4e637a7e171342d96ef1380afff9d56b856693c53fdd3878450b2aacb9995cea56490379e4cff360746f76ffbb391ab8893d38c3d31444704de1163c3fcb7e08149799c7c11b37955ee43ae1641ba0f942c6109b170e58131a67d585142ac3d7efc5eca7f970bebfa1b42194e597199275c47431a50f9e34627cea5c1105dbeacbc9dc623f685c7b97b0f94ad102927c71723eddd856290e4d0a67434a38dc93bd38a405d5145e3d083302ae4b88257f55e5672c17c584ddac34877189d60fd268cb3b59a3753f5a1d9ce873298bec0af46a12da1e3e02f3f30c0f1e73c02f314d87d359074815afd6012fe912607eefa3cebfc2e100059ff4eaf793940c9f758df99d5a066c03dc561e9a1487a4c9a6d6846ba2b5c42ac27b53fbfff7d64e58e381be3f0388ef0a16c9aa40a36ed26e054b425527380208992969cd0de7951d2db43cf5b72ca8f5c83cf8ff31f3abf6079ef9b3a20ece662591c419619bcfba26a36db42a6ee643f79d984774d6ac0f329c16ffb2adee7335fd63f0d69da151384258c37e8f67b3540d2cdcec9a5c3809a84d4cb28bacd88a981b5d7f8754b0691f4483877cfea799d2389d2a1d971217c1676f8e63c52e2bc0fd155c8aaa2ac792315c5da24732254562927254e4fd9273e588b13153ab9a5c10cf9711ab00f6e802cd3ae7c7ef75b8efd07ddf553c6b1206d68941c504e0788d283ac4336ee1c8a0d8f865eef776090eb05e0f2a923e90f5cd5e482f2bea7a0180c351857c92d411d632b4f381fea297f212911a54a5d6936e67c152840995a748cf72465d8e5b5a9f042e6bc1b438af6d9fa50484959f5cb53a3a5249eeba216fdfe821fa69820d10c6f4d83d576dacc41336f74510ca789d8152e73b5f123a41d0d1b0f24846060bcfb61e62e2bced1f29f1563a9e71162be7c30fb5a47a396c986a9270df93601e67ea10fbbcb5798f691070a78689ba5b91ef90091f6f675cc7ede586e8046960d03d2376e25d65e2ac661d1fff3bd3d65bebe6b9af0fa173984e4fa0c77ee614e10dacfb5c9396e1c2398e1c8325c5eb1363e614e9dcfc2a095a7312650f27ebfad77ecd37e316c8a06043995448e4c89e8d439b3bfd8a98866de1835d79faa9329d923cc8c2fd2b0cbf5c79e6b5ae201445a8f68dfdc11bb241d267dc893faaa67d713895298eb9a93e61ea2c3e1e3b9f09ce50acbbdc437a3f2a828e22f963214e16a85878ceb904a98f088ec534b2d4f1b75381535d94aa518fdac6df098c26606d0e04f952ddb0b33fb64d8aab2d43c1cea78c5c89fb06cf1e73eecb76cd5880c8c7e2ad697b604450aa0fc947021d2640469d80dedb1b28caa74ae44dd4ca88338796a7a6ec2373fd28130f041c0eceb06964565e4c705dc75562580f5265c3af4ab6dbec8e0df486494904cb98a08dd6379377e1166926f9f73bc7b94d58021b8ff7227a2637907c9ad3dc7ea65fb005aa9e34f863534a9b0b2b85a5426ae5bf78e09e9ffcfd7b5b840742f2abda86493c98d982844ca7b04361e972e907dc352eaf7dce3eeb177e3d79d35fb8ec7b7261a11251c98ddcad43b2dd1716a18e013469bb6c2a5294c1692383f057bb4069f12259f9820a8a1621dc90ab7777c883b5f629457035c4b635b16a4d615d88f476a3ac32125ff710be119829af5baf8372d03bba19901b53a4134b70b107aacaa782140d4963823eca3c0cda1df6f553a7a43a54e212027deb61c381cf37b1b38299c0f987bde476356e290ac3d21d2193165175883dd68855d67873e715657953b4f04884f8a07565ecb9232382b18992fd1cf75a36e9ce7080e6134b3cf81b2aff5e7f42142d27649f3d3d5ee38326e7f7f417a4d9706a9a470f6c012e51af6e788212384b3d2c2302ed67d3b9878195c02fcb54cdcac4437927c4964cfdf12f0b9ba7c7996e39e34ca1cf5a806b38ba54b7eaf239c175f19c9795b593f5193d31f443f28834282ed31e3d22e54d8d32b41f85063167040cd78ac0bfbd20bf01a3b", &(0x7f0000000280)="7b2182c82bee104e3deceb199a02265eb50b1e13cfc2fd3b8b91a00303ebc7f2448caadd1d70caea1ff1e43132040cd11e2e28abd9f60cfbf1fbe48d4fb01df0f4391ed44ca6b4fa83fa4bfb87bfcaea"}}, &(0x7f0000001400)=<r6=>0x0)
clock_gettime(0x0, &(0x7f0000001440)={<r7=>0x0, <r8=>0x0})
timer_settime(r6, 0x1, &(0x7f0000001480)={{}, {r7, r8+10000000}}, &(0x7f00000014c0))
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
timer_delete(r6)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
bind$rds(r5, &(0x7f0000001580)={0x2, 0x4e23, @multicast2}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r11, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r12, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000001000000400cc00080005000a"], 0xe4}}, 0x0)
timer_settime(r6, 0x1, &(0x7f0000001500)={{}, {0x77359400}}, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000001540), 0x280800, 0x0)
timer_getoverrun(r6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r13=>0x0})
shutdown(r9, 0x0)
sendmsg$NL80211_CMD_GET_SURVEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="02000000", @ANYRES16=r11, @ANYBLOB="010029bd7000fedbdf253200000008000300", @ANYRES32=r13, @ANYBLOB="0c0099000004000061000000"], 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x800)

4m16.250958404s ago: executing program 5 (id=2620):
fsopen(&(0x7f0000000300)='befs\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x8d0, &(0x7f00000000c0)={0x0, 0xc48a, 0x800, 0x3}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47b9, 0x3e80, 0x2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1c3880, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$packet(0x11, 0x3, 0x300)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x5)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
socket$kcm(0x11, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000000000/0x4000)=nil)
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000001280)=ANY=[@ANYBLOB="1201330802a522abd2f1a1a440000102030109025c00020107e0f10904000001020d0000052406000105240008000d240f0107000000227303007206241a0180000905810348005008fc0904010000020d00000904010102020d0000090582022000010206090503020800000581"], &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0x1007}}, {0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="040328dadcf603611b9229b5c1fe699d6f7b7495b36e18d8615414ea7fd60bf455ffd26a433e19a6b40d6862cd036f279b176e4f961417d34c67dfe99d5f9236725b8de668d1e61658fb3d200660f660"]}]})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@gettaction={0x38, 0x32, 0x100, 0x703d27, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x5}, @action_gd=@TCA_ACT_TAB={0x18, 0x1, [{0x14, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
socket$unix(0x1, 0x5, 0x0)

4m1.008359424s ago: executing program 33 (id=2620):
fsopen(&(0x7f0000000300)='befs\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x8d0, &(0x7f00000000c0)={0x0, 0xc48a, 0x800, 0x3}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47b9, 0x3e80, 0x2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1c3880, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$packet(0x11, 0x3, 0x300)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x5)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
socket$kcm(0x11, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000000000/0x4000)=nil)
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000001280)=ANY=[@ANYBLOB="1201330802a522abd2f1a1a440000102030109025c00020107e0f10904000001020d0000052406000105240008000d240f0107000000227303007206241a0180000905810348005008fc0904010000020d00000904010102020d0000090582022000010206090503020800000581"], &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0x1007}}, {0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="040328dadcf603611b9229b5c1fe699d6f7b7495b36e18d8615414ea7fd60bf455ffd26a433e19a6b40d6862cd036f279b176e4f961417d34c67dfe99d5f9236725b8de668d1e61658fb3d200660f660"]}]})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@gettaction={0x38, 0x32, 0x100, 0x703d27, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x5}, @action_gd=@TCA_ACT_TAB={0x18, 0x1, [{0x14, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
socket$unix(0x1, 0x5, 0x0)

9.338705965s ago: executing program 0 (id=3510):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r3)
read$char_usb(r4, &(0x7f0000000100)=""/242, 0xf2)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030300000007000000002a0000696d0000000f0002006e657464527673696d300008000000000000000000000000c71e6e307495baf6268875bcc33e8073efddd5f81de326ce8587ce9ac563419b35e62485ecde34bf063defe31986f03c15ac8d62cc639a435513f0fbb1aecb96e801bb7d6de7986eb56d727d708bc311db109cffcf8f82402204a57acded77aae3c5a20c93c70c3d828cb4140154cec215c4cceb2fbc7992b7d488ae7761dfca979f713329205ae8fb0e3a9d195d80f141ab715ab3c7e3"], 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000080)={@loopback={0xfec0ffff00000000}, @private1, @local, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x280})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x37, 0x4000)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0xffe8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r9 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10)
write(r9, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x3a)

9.010973829s ago: executing program 1 (id=3511):
pread64(0xffffffffffffffff, 0x0, 0x0, 0x4eb)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000b00)={'hsr0\x00', 0x9})
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a18100310000000109000000ff00000e000a000f00e4ff2f8002002d1f", 0x2e}], 0x1}, 0x4000)

8.599080334s ago: executing program 1 (id=3512):
socket(0x10, 0x3, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
open(&(0x7f0000000040)='./file0\x00', 0x40000, 0xa)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
open(&(0x7f0000000180)='./file0\x00', 0x903, 0x1)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000140)=0x81)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000002380)={0x48, 0x0, &(0x7f0000001300)=[@register_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000001380)='r'})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000007c0)={0x44, 0x0, &(0x7f0000000b40)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000780)='^'})
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r7, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)

8.384608486s ago: executing program 1 (id=3514):
fanotify_init(0x200, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$nullb(0xffffff9c, &(0x7f0000000040), 0x800, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$xdp(0x2c, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="64000000100003040000000000000000000ffe00", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)

7.963364047s ago: executing program 1 (id=3516):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r1 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})

7.670349109s ago: executing program 1 (id=3518):
mmap(&(0x7f000093a000/0x4000)=nil, 0x4000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
timer_create(0xff010000, 0x0, &(0x7f0000000280))
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f00000000c0), 0x2)
read(r1, &(0x7f00000001c0)=""/93, 0x5d)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000000)={0x2, 0x4}, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000280), 0x2)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x7, {0x7, 0x23, "12273a0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004"], 0x122}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000800)={0x24, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="000304100001a3e769bb040300008eae686ebf92eaa5f060bf1cb14536ce2c95b9d9db0a25f226608d9cd5562678c0c9d9c5fe2c21d52fa77e7053fb4b7e95a5358416c25bba5b3b7d702621e120b7d15a83023882c29b713954f52e111a587d3660f5d8484821d8d7f81cfc6c71d326b0a93e5243114a426a5f1dd1d1ef8517add565"], 0x0, 0x0}, 0x0)

5.882593339s ago: executing program 2 (id=3522):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0xffffffd5, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x1}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x800)
socket$igmp(0x2, 0x3, 0x2)
syz_io_uring_setup(0x1f8, &(0x7f0000000080)={0x0, 0x6c0e, 0x10100}, &(0x7f0000000440), &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_setup(0x25e9, &(0x7f00000017c0)={0x0, 0x82ea, 0x1, 0x1}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000840))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000430001"], 0x24}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x38, 0x701, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x4000000)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
r9 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r9, 0x107, 0xe, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="000086dd0203030009000a004000623d885d009c11fffc000000000000000000000000000000ff0200000000000000000000000000014e224e21009c90"], 0xd2)

5.648575605s ago: executing program 0 (id=3523):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000010000104f0ffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="8a450200000000002400128009000100626f6e640000000014000280050001000600000008000200", @ANYRES32=r1, @ANYBLOB="e282dc403d10"], 0x44}}, 0x40)

4.283962157s ago: executing program 0 (id=3525):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r1, &(0x7f00000065c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20080, 0x0)
dup3(r4, r1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x300, 0x300, 0x0, 0x0, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfd, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)

4.01109818s ago: executing program 2 (id=3528):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r1 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})

3.90438827s ago: executing program 2 (id=3529):
syz_open_dev$usbmon(0x0, 0x18b, 0x900)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x95b0, 0x400}, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000100)="240000005a001f001007f41108000400020100020800038005000000ffc8bbb86ec81f7d", 0x24)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
getsockopt$IP_SET_OP_GET_BYINDEX(r4, 0x1, 0x53, 0x0, &(0x7f0000000200))
mbind(&(0x7f0000126000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00')
pread64(r5, 0x0, 0x0, 0x1000004100)
syz_usb_connect(0x3, 0xf4, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES32], 0x0)

3.885201035s ago: executing program 0 (id=3530):
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
ioprio_set$pid(0x1, r1, 0x4000)
ioctl$RTC_UIE_ON(r0, 0x7003)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x1b, &(0x7f0000000180)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @alu={0x4, 0x1, 0x3, 0x0, 0x9, 0x0, 0xc080cf2a35bae3c4}, @ringbuf_query, @tail_call, @alu={0x7, 0x1, 0x2, 0x0, 0x7, 0xffffffffffffffff, 0x1}, @cb_func={0x18, 0xd, 0x4, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xa2, &(0x7f0000000280)=""/162, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x4, 0xd, 0x2abb, 0xa39}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x0, 0x3, 0x5, 0x3}], 0x10, 0xf8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001600)={r3, 0x0, 0x4f, 0x7c, &(0x7f0000000440)="8e30f50f64ad3e967ff94d40b2ed2c1b9c48fb7c1ec221eb1c4597b232879438c88b31c3dbc06704ced69bc08d0c06e832707e2eebfdeb9fc6826d03c94c37cbe3a1e27804701b5b4ff3880f4259cb", &(0x7f00000004c0)=""/124, 0x100, 0x0, 0xb2, 0x1000, &(0x7f0000000540)="054ea413cc7ba7336858e2543b1d6a4fa7e77db246858281e75eb013fa3d835a15a65084df660858069922937e141a90f98ef467954b9f8efe60f1bab8be29a7e214ed868b4c163aba5be8d63ff1b2790135d0154756ebbbb856a49d6d22584fdf55756735f80194dd56b45622acd7067883f0fac99886282db1111ecdf609457b905d06ba5f05e998e02d920f5d37e45c9e60975ba67c23de77cd362d82b965ec49f721100542b7730e95527361a8c82d5e", &(0x7f0000000600)="27a8860c3fc4f045f7d846a4f2d04e187b0defb1f34bbec761f42992770219dc4d66f37eb6a35e4d128090e65a37bdb2998d412d20e78ddf378fd6e8a8c87270cea7458f714ef774fb885f32db6bd9c2242e9c0e12ff7b2f118730e95e4e11332419bddcfde410f9b4977b0002dc6155a11dc321552a09ee3b23f88481744fb7bd384f73817e7ad9dae23e884fda7bad3bab7e5bda1e6a9fcd72c1d12ca246a30519fcce8d9909f1f70613592bf5f9ccf72caee3845d44560528b347ef431059d266676eb4797a9f8d78780b81cb906ad7f63a049b4eb62072df4822c3134265cb000f2b971fd28091ff34e8b15b3774adb7aff9b54f28c0ca3b0592fa4e74d734eff0fac8dec1607a5134c2691782c8e9e411d7930198580c628e4eec69ff9d7161bf4ca3bac1bfbae3b7ef0c5ef7be95ffd3e727f7ab9a1b54f67d4764d67f5382e4d9764768cfbc061194d9511801a1c3b7a93cafe4776e49c911200786760b1fabbad033eb9874a93a6371f286dabf56dd989d65e8ded04f58090c09c594c6204bae1e41c9cf70a827c2d1b8403359a0b153e49dd9cacd62f180e21b3fcc29e295635c8b6b74bc80770f753f6ec14b398254b0e1d5265c46adfad7dd3b7e4f78130d93975882d9603d5a98742377622a6d009047f88fba1e7107ffe960db0965f49bf5550775491ac15d0f4a9f8f7b06bb6b146d5ec4330b0069b8c6a28e5f6870069d53bd4b181a1b5a0862846dd8c9cd46ae1f016e3881c9b7b364e11a4e1212c2e8b1ce8f6252dd1fabf3235ea35bfaa07935c91ef79e3f554fa4ba9e3ab8dd4ab45e242d5481413f756874dcc20bf5f26ec9bbc9778534706585b640aa27d0f66e2cf4dc4fb4edbbe26e200284fad09f068ffb4d8c9e3bb1658aced340b3d5933bfcb2fb5f6135b240c9bb5f21074d6c96ac21005e4690cf8b44290eda9e2f22a2dc12d4532c95cdebbbde63fac5f0a763d7bb7cfced6ad55e877393db08168039c0db89bed846b0d73933dd9c129a68379c8593a5d2e4bfcfe72ce1b0b19eef7e0b20d272f8a7c1e27b969c8788c1cfb960f5d5e80bebee0055eda5a877d448041d5f56ca46652c5eb19399ba0e4bf463e2a9c373cc620b9e19bc56d4403881c029bf8fe6b18c4a8343ceb8108917ad119fd1416eab74a032ee59ef5eb38691c04bb65b1e2b87f1b187196755eab1939add1eef6959133c8de940a9ccb205bed0302a351aac479d87e74da024bbfe63f80685013fde03da25e10c916343467459c74fb630438e48105d4964d3149afc8be696ce4f55de7d1617490fe105e1c4b4fe7cdd0770da6a21a445cad291486cd28653801d1c3eb6d47232e983a680c1db4f702f263650dbc8e46133eab8a1b3e5219facd916e153b99ccdf9fde8c1b9aa016bf63bcc95b6770f1a86816105838d57d5ed35637989dd2147c07f1ceb1d5a24d4b155601b612d6e1739de2bcc842ada44bb9c78413c0a9a30e312ce1bdf8cbb648323b126fa7fc1901e814240c9c8b8b879ae58b88c34e41fd81e04240c0218151b5b300884ebd27dd4f51a1e9bff1e0fe9671f943fb8531578cfc5f04fe65829370a84b41c9e1157197399f8b3ddd29f62b6e363fa0168029cb3367ee714c696e7541cfdafcd4840b0ed5ee3c0a923e646547099ddedcafb841cb05e4f5ab014ea4f909553e68bf30b1ad6f84f8e6fc8f3623be03ff0d7e4eff1a288b698c663a3340bd82024f474b6e454458750d79dfcce61e8b66697b8a2e6bf4cdcb0971cff0d0fc9221c75fbef014b545765cb01ca3ccc9c20faa11ef524b184a85f9f2c281aca306445bb8542866fc44ff515a1d09ebf3679e9a102f242f4ab054506630293e32818753d78ccf6ac37537b124f0a560871f5e2aca240d02031bfd4e98a2b72551a9a07ca81a660dfd4de6cf7edfe26471e08d9d977264cca6223b85e75da30cd4bf3f14cecd0871bba5431901b9d036c8f53355b682b59ab1ab9dd9c628613422ee73ed0211226cae38f86e6080592c8bd309d26379f6374efa30b607f0571dc624a650631506ece44f82c79a07e4463cc233d2634bfbe2094c980b8a4e39faad968273d7808abf00581bd1dc8a28138e5fd023186d8f92bc89e4e9f8dcd405caaf813affb8bb681bcd8c346666c54ec8ce0396585dcf5e20f0855e1a8093a1737bdc5406bf0876c1e562eb21f4945588105d677a409e80730a09f6545c706ef9bfe5d4ad5edabe3a89027e4b23d197536e2b5433776b4b765e154e7088bd7ebbfe905fd3224a2d6a3bf17aad7bf8febdff7bc4e8b00c34cfd2e0341a9425e41a94c77f0125652194f8dfdfc1a11527109568e2130ff9fa3fa461096133e4f2a670f15c579ea6d9a74e371961610dfcccf63cb5da93f174bd7e6a79c0164359b4ca8031bfb2db9820feec21b49e624061b1a9e7b7f01165f1e2b5056b0aa02f97f6b35943fa759b7d4729b201a5bc703a5dad029da2b3e29d71a4853051cbf7fe7b34542e17336ddeb72c235e5e23eda3a97c30e33183c14d01689d831b5fdea40736b2d71a0b3ed329e781dd50b441a572795a9305c921023b61d925654541d79a6fa4b2d885d2d8e81773c621429eea5019515edbbacf8c0582844e4c04ce2975357b03238c1090ecaac56b24457740cb98a23f357d6267e035f43d3f18ac05024b24290116f889cf244a411480194ba92ee7ae3554afd1f949361ffaef57a8a7f9306ee26abd6f676585fa16946c01f4abbb8064a0b9f5949cdfcc18866f966d62e4c04091feb2944de949a27ac54a426817a4148f81ba6c74d37f57ab470f90d678a4b061cd0b350bb6cf3b317924db4c69dc099537470b10efea62e9ef5eae3abf23c00f622b85e01505998e57cb085d97de145e82581f7d2413b57bea0259f9ef45fa2e7800dfd9029577519ca0d7d9aa0ed30c048b6b3561d0075b61d837e650db1db4c9891e0d4e534d78d3a1a7bd7802327b326ccdd210409a270d3e7b9b191a0a33c68d1849f8eb138acd9c3d1b9dc8d271bd11263ac555fec5c8f32d1faf5137ac3f47cadb67f8d18490bc5279b574b7918a0283b588a6c18379d9317ddc3678f39f38e4779469e19232c5d40c2cb7ca2dd11b74b5e60ea785505a92447eedca820ae5f71f4a4bb507445f02325b94cc7561c1a2c8588d7f86955a01b1694d1936247a9a4c4674947ecbec6872e978aeaa91717c3e6cfaa42dd7fa1627a40882d33c857e247240e85fa6d59b6415432544bcd095ffa02b48f333125b3a0d5ab9bc7f71444121c285f5dd9bbc31a1df5760205ac5e5340d4596f98354212da4846e794ba51d37178c7785bf853a74038f00424b3d934d901f35774ed60beb9f459059f988e1207e6487dab6baac8e5a9ddb80d7f5a5dd044ae23ec4c2ffe2a7c41144d6f8a818160a407b3b7c77a2a52a68be6ab993f0cd4e236c3b1bf72c9e0a9a6a6229f77ba9f9507dd9e292dca7e1487f94bb68c5d06ebfcbb7fb4f0f5033eacecdb64a210a542ed61bf33483b45b3cf9fb2beb4c7964610c56aa365b6cbbc50f20f5fd197d0d98d23e88f96faea1c9181dc3d05c4153fc2763d5a8e1cbd35c1a08d6f238739f102fdca5d1a808a93cd8d1125de08ad757e61448702455e51407512e8f4952a60e3d757a72ee21ea3b76ebf617b0896dcd057e6224e66231246b65567ca47f4ececbc4dfbe0d2739cba5846c950799f17bd633ea446e4412e13bc82b42a8e71e77007fac7dea0fedc7f86966bd04d5ea4e8a24a099f2787915dc60a1083b4465d783069e6cfeb5b3d89ca00c6a782f617c28a311cd52c059e3f1dc77f7f74e4611c513f894096f093d0728343a4815d1069ee964fbacd6ebb7d587eea453d96b2c4bf8c38917e1c1e0fbe4f88b902fd01d11f33b9295bb609a74b4c683d42e0e052d5ec05fbb02fe35c782d67ea3eaf0776203bc652fe89230f20c95583a4dd396b1fb600250abf9b4678ececd00d008ef7ac22114cf729ab422cff06c99a5921bb6f8469414e0db46d5aa29870cb8d93b684f36e3bff7680ea601284c9c550829a97df15bad850cd295d793c37758ad26b8e1fc73c6900a764123a8eed5fff9984171980f878388cfc1d1c7db7de1da51896ba9a9d893bc6d494caa888f8adbc7ea4656426959d8a960a245e50580eb5f6ae737cc1183142d2441cd337204a6f72baded95c0e1d0ac3f2f6fc5881673bd60ab2fe4235eff5336900964a8ac9dabbd4995e3564aa26c8fdb2dbbb8aecb99f10ee8b630ebf316c7f49d1091aa605b588e7aee47b0241f053e58c74112416a303955fcfdb5ad58a7f18a52289d3b7e414496891d112101d5bd655b38a90d9f5ebd4a7f529496c8722dc8efc754fedefb6e06a4d92aaf84af4eab3cd5fe069e62513e91f0c0b5da77dba733040a41bb79f138a68251b0702c69d1848df0512f9d8f16d32770e126eb7cd9dc370668ccf35ec3948c6fccd35763718979ad47efac99e1cc557c978020f051012e13f007d703de87cbb2cf33493f646b01ed57d1465c6b3ca4aa7e440ec72efa54444fa7243aa534e34b4ec9b180d6d4dd63708d3b15f24be9d3d31c745a6208bca68d843d0d1909e40126f7cc9d4d1e4a92fb27d05de3886bcf508ecd30d368f02e865ea09f7be77be4b49fc6c45f1540031698fe7a5bcdbea1a415eb8d2640059724167e28dd5f5bf6f2a470ec2bc2680993da67b640436ff8c90699b461c93493d5499822466261247582bd7aa9691f977210c237009c6039b5244975d28f6ad3f323fd32b0e9a4ff067d6d5e5a4b1df481b3bf2656588f2492a27cc1c21bc26197132b0d91778f213548a5aa39daac4fe5d39f247383171723ffa347c00b2f0bc8fee7f33df6bd20b37d3a4a775dba075f68570df79e7f23c17534617bf0c01a17014f37b818c1b18d042b929a9652f16b089910ae6bc4fdc19fed5a6facc4c70bc1fed31579df62a3a4ee3c35dffa86f806efd6a6e19da06e60346725dc99166ad56e36a05cd23468c1211325d8f9eb7de135d85b9d6a9011e8d19407c129e70a3246ec002caf8f4dd3355b42be56895494b1ae0cf0be5b5a29348a50d47f05a54113fd99968e125558d1c7701a77f03dc65870d8774e543b4d874a9b4b037ff2daaf4d15585c8448ba52923d2391ac4e336d533faeaf4247be7ee7a072d85972d2f855af6369b036685fe21cfac4cff0e5c0757ce40c15e9a7767e99f13fab1ee14195c94cbdc6abc34e5e84a60935aa3b5016852ec7630b3b58d18d7b680bb2c9599fb489f03fa3eddf15e609f11139b480660adf99a2d87871056ec19cbbce6e575cb53acb91c118f35ee3d95a0cb6b86be09f6ae666f2d4954f3d53f3fa9ecf1abe6e72a46cd3a7af98d237b9f0f7a131d97344f750886798501d8a2d3982a21bdb0d4ed8b959c379a868e5349a7445483937ea0082abc23da763ff64e40d8191caa7f101d55316b681a89b776a3d859f0785f565ee912299a5306038fe5ede55c458446c02f40211d66fdb5e2a18e144fb0ac3f9f09a343788e242bac5b2cc5c3ab29ba591f6c89a9aaa187c6c23da8948991f5c32b6c01cc1bb519e9a19991806d7ee188198a7222fe7a998b1bbe1185232298662fae54910ddef7a0c59976e01003a2dcde06889a32c9b7ff9bf71ffaff833ae82d220afa131b86b882464b211dd8a00cefb8e12bae01b01829f6d82daefcc41ef917450c36a12e5130b9eab99d75c9ba9e43d1f1cacf76b4352e5dd125ceda665d218192b999241d0f246e8e9e235068464b", 0x1, 0x0, 0x1ff}, 0x50)
syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_usb_disconnect(0xffffffffffffffff) (async)
ioprio_set$pid(0x1, r1, 0x4000) (async)
ioctl$RTC_UIE_ON(r0, 0x7003) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x1b, &(0x7f0000000180)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @alu={0x4, 0x1, 0x3, 0x0, 0x9, 0x0, 0xc080cf2a35bae3c4}, @ringbuf_query, @tail_call, @alu={0x7, 0x1, 0x2, 0x0, 0x7, 0xffffffffffffffff, 0x1}, @cb_func={0x18, 0xd, 0x4, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xa2, &(0x7f0000000280)=""/162, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x4, 0xd, 0x2abb, 0xa39}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x0, 0x3, 0x5, 0x3}], 0x10, 0xf8, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001600)={r3, 0x0, 0x4f, 0x7c, &(0x7f0000000440)="8e30f50f64ad3e967ff94d40b2ed2c1b9c48fb7c1ec221eb1c4597b232879438c88b31c3dbc06704ced69bc08d0c06e832707e2eebfdeb9fc6826d03c94c37cbe3a1e27804701b5b4ff3880f4259cb", &(0x7f00000004c0)=""/124, 0x100, 0x0, 0xb2, 0x1000, &(0x7f0000000540)="054ea413cc7ba7336858e2543b1d6a4fa7e77db246858281e75eb013fa3d835a15a65084df660858069922937e141a90f98ef467954b9f8efe60f1bab8be29a7e214ed868b4c163aba5be8d63ff1b2790135d0154756ebbbb856a49d6d22584fdf55756735f80194dd56b45622acd7067883f0fac99886282db1111ecdf609457b905d06ba5f05e998e02d920f5d37e45c9e60975ba67c23de77cd362d82b965ec49f721100542b7730e95527361a8c82d5e", &(0x7f0000000600)="27a8860c3fc4f045f7d846a4f2d04e187b0defb1f34bbec761f42992770219dc4d66f37eb6a35e4d128090e65a37bdb2998d412d20e78ddf378fd6e8a8c87270cea7458f714ef774fb885f32db6bd9c2242e9c0e12ff7b2f118730e95e4e11332419bddcfde410f9b4977b0002dc6155a11dc321552a09ee3b23f88481744fb7bd384f73817e7ad9dae23e884fda7bad3bab7e5bda1e6a9fcd72c1d12ca246a30519fcce8d9909f1f70613592bf5f9ccf72caee3845d44560528b347ef431059d266676eb4797a9f8d78780b81cb906ad7f63a049b4eb62072df4822c3134265cb000f2b971fd28091ff34e8b15b3774adb7aff9b54f28c0ca3b0592fa4e74d734eff0fac8dec1607a5134c2691782c8e9e411d7930198580c628e4eec69ff9d7161bf4ca3bac1bfbae3b7ef0c5ef7be95ffd3e727f7ab9a1b54f67d4764d67f5382e4d9764768cfbc061194d9511801a1c3b7a93cafe4776e49c911200786760b1fabbad033eb9874a93a6371f286dabf56dd989d65e8ded04f58090c09c594c6204bae1e41c9cf70a827c2d1b8403359a0b153e49dd9cacd62f180e21b3fcc29e295635c8b6b74bc80770f753f6ec14b398254b0e1d5265c46adfad7dd3b7e4f78130d93975882d9603d5a98742377622a6d009047f88fba1e7107ffe960db0965f49bf5550775491ac15d0f4a9f8f7b06bb6b146d5ec4330b0069b8c6a28e5f6870069d53bd4b181a1b5a0862846dd8c9cd46ae1f016e3881c9b7b364e11a4e1212c2e8b1ce8f6252dd1fabf3235ea35bfaa07935c91ef79e3f554fa4ba9e3ab8dd4ab45e242d5481413f756874dcc20bf5f26ec9bbc9778534706585b640aa27d0f66e2cf4dc4fb4edbbe26e200284fad09f068ffb4d8c9e3bb1658aced340b3d5933bfcb2fb5f6135b240c9bb5f21074d6c96ac21005e4690cf8b44290eda9e2f22a2dc12d4532c95cdebbbde63fac5f0a763d7bb7cfced6ad55e877393db08168039c0db89bed846b0d73933dd9c129a68379c8593a5d2e4bfcfe72ce1b0b19eef7e0b20d272f8a7c1e27b969c8788c1cfb960f5d5e80bebee0055eda5a877d448041d5f56ca46652c5eb19399ba0e4bf463e2a9c373cc620b9e19bc56d4403881c029bf8fe6b18c4a8343ceb8108917ad119fd1416eab74a032ee59ef5eb38691c04bb65b1e2b87f1b187196755eab1939add1eef6959133c8de940a9ccb205bed0302a351aac479d87e74da024bbfe63f80685013fde03da25e10c916343467459c74fb630438e48105d4964d3149afc8be696ce4f55de7d1617490fe105e1c4b4fe7cdd0770da6a21a445cad291486cd28653801d1c3eb6d47232e983a680c1db4f702f263650dbc8e46133eab8a1b3e5219facd916e153b99ccdf9fde8c1b9aa016bf63bcc95b6770f1a86816105838d57d5ed35637989dd2147c07f1ceb1d5a24d4b155601b612d6e1739de2bcc842ada44bb9c78413c0a9a30e312ce1bdf8cbb648323b126fa7fc1901e814240c9c8b8b879ae58b88c34e41fd81e04240c0218151b5b300884ebd27dd4f51a1e9bff1e0fe9671f943fb8531578cfc5f04fe65829370a84b41c9e1157197399f8b3ddd29f62b6e363fa0168029cb3367ee714c696e7541cfdafcd4840b0ed5ee3c0a923e646547099ddedcafb841cb05e4f5ab014ea4f909553e68bf30b1ad6f84f8e6fc8f3623be03ff0d7e4eff1a288b698c663a3340bd82024f474b6e454458750d79dfcce61e8b66697b8a2e6bf4cdcb0971cff0d0fc9221c75fbef014b545765cb01ca3ccc9c20faa11ef524b184a85f9f2c281aca306445bb8542866fc44ff515a1d09ebf3679e9a102f242f4ab054506630293e32818753d78ccf6ac37537b124f0a560871f5e2aca240d02031bfd4e98a2b72551a9a07ca81a660dfd4de6cf7edfe26471e08d9d977264cca6223b85e75da30cd4bf3f14cecd0871bba5431901b9d036c8f53355b682b59ab1ab9dd9c628613422ee73ed0211226cae38f86e6080592c8bd309d26379f6374efa30b607f0571dc624a650631506ece44f82c79a07e4463cc233d2634bfbe2094c980b8a4e39faad968273d7808abf00581bd1dc8a28138e5fd023186d8f92bc89e4e9f8dcd405caaf813affb8bb681bcd8c346666c54ec8ce0396585dcf5e20f0855e1a8093a1737bdc5406bf0876c1e562eb21f4945588105d677a409e80730a09f6545c706ef9bfe5d4ad5edabe3a89027e4b23d197536e2b5433776b4b765e154e7088bd7ebbfe905fd3224a2d6a3bf17aad7bf8febdff7bc4e8b00c34cfd2e0341a9425e41a94c77f0125652194f8dfdfc1a11527109568e2130ff9fa3fa461096133e4f2a670f15c579ea6d9a74e371961610dfcccf63cb5da93f174bd7e6a79c0164359b4ca8031bfb2db9820feec21b49e624061b1a9e7b7f01165f1e2b5056b0aa02f97f6b35943fa759b7d4729b201a5bc703a5dad029da2b3e29d71a4853051cbf7fe7b34542e17336ddeb72c235e5e23eda3a97c30e33183c14d01689d831b5fdea40736b2d71a0b3ed329e781dd50b441a572795a9305c921023b61d925654541d79a6fa4b2d885d2d8e81773c621429eea5019515edbbacf8c0582844e4c04ce2975357b03238c1090ecaac56b24457740cb98a23f357d6267e035f43d3f18ac05024b24290116f889cf244a411480194ba92ee7ae3554afd1f949361ffaef57a8a7f9306ee26abd6f676585fa16946c01f4abbb8064a0b9f5949cdfcc18866f966d62e4c04091feb2944de949a27ac54a426817a4148f81ba6c74d37f57ab470f90d678a4b061cd0b350bb6cf3b317924db4c69dc099537470b10efea62e9ef5eae3abf23c00f622b85e01505998e57cb085d97de145e82581f7d2413b57bea0259f9ef45fa2e7800dfd9029577519ca0d7d9aa0ed30c048b6b3561d0075b61d837e650db1db4c9891e0d4e534d78d3a1a7bd7802327b326ccdd210409a270d3e7b9b191a0a33c68d1849f8eb138acd9c3d1b9dc8d271bd11263ac555fec5c8f32d1faf5137ac3f47cadb67f8d18490bc5279b574b7918a0283b588a6c18379d9317ddc3678f39f38e4779469e19232c5d40c2cb7ca2dd11b74b5e60ea785505a92447eedca820ae5f71f4a4bb507445f02325b94cc7561c1a2c8588d7f86955a01b1694d1936247a9a4c4674947ecbec6872e978aeaa91717c3e6cfaa42dd7fa1627a40882d33c857e247240e85fa6d59b6415432544bcd095ffa02b48f333125b3a0d5ab9bc7f71444121c285f5dd9bbc31a1df5760205ac5e5340d4596f98354212da4846e794ba51d37178c7785bf853a74038f00424b3d934d901f35774ed60beb9f459059f988e1207e6487dab6baac8e5a9ddb80d7f5a5dd044ae23ec4c2ffe2a7c41144d6f8a818160a407b3b7c77a2a52a68be6ab993f0cd4e236c3b1bf72c9e0a9a6a6229f77ba9f9507dd9e292dca7e1487f94bb68c5d06ebfcbb7fb4f0f5033eacecdb64a210a542ed61bf33483b45b3cf9fb2beb4c7964610c56aa365b6cbbc50f20f5fd197d0d98d23e88f96faea1c9181dc3d05c4153fc2763d5a8e1cbd35c1a08d6f238739f102fdca5d1a808a93cd8d1125de08ad757e61448702455e51407512e8f4952a60e3d757a72ee21ea3b76ebf617b0896dcd057e6224e66231246b65567ca47f4ececbc4dfbe0d2739cba5846c950799f17bd633ea446e4412e13bc82b42a8e71e77007fac7dea0fedc7f86966bd04d5ea4e8a24a099f2787915dc60a1083b4465d783069e6cfeb5b3d89ca00c6a782f617c28a311cd52c059e3f1dc77f7f74e4611c513f894096f093d0728343a4815d1069ee964fbacd6ebb7d587eea453d96b2c4bf8c38917e1c1e0fbe4f88b902fd01d11f33b9295bb609a74b4c683d42e0e052d5ec05fbb02fe35c782d67ea3eaf0776203bc652fe89230f20c95583a4dd396b1fb600250abf9b4678ececd00d008ef7ac22114cf729ab422cff06c99a5921bb6f8469414e0db46d5aa29870cb8d93b684f36e3bff7680ea601284c9c550829a97df15bad850cd295d793c37758ad26b8e1fc73c6900a764123a8eed5fff9984171980f878388cfc1d1c7db7de1da51896ba9a9d893bc6d494caa888f8adbc7ea4656426959d8a960a245e50580eb5f6ae737cc1183142d2441cd337204a6f72baded95c0e1d0ac3f2f6fc5881673bd60ab2fe4235eff5336900964a8ac9dabbd4995e3564aa26c8fdb2dbbb8aecb99f10ee8b630ebf316c7f49d1091aa605b588e7aee47b0241f053e58c74112416a303955fcfdb5ad58a7f18a52289d3b7e414496891d112101d5bd655b38a90d9f5ebd4a7f529496c8722dc8efc754fedefb6e06a4d92aaf84af4eab3cd5fe069e62513e91f0c0b5da77dba733040a41bb79f138a68251b0702c69d1848df0512f9d8f16d32770e126eb7cd9dc370668ccf35ec3948c6fccd35763718979ad47efac99e1cc557c978020f051012e13f007d703de87cbb2cf33493f646b01ed57d1465c6b3ca4aa7e440ec72efa54444fa7243aa534e34b4ec9b180d6d4dd63708d3b15f24be9d3d31c745a6208bca68d843d0d1909e40126f7cc9d4d1e4a92fb27d05de3886bcf508ecd30d368f02e865ea09f7be77be4b49fc6c45f1540031698fe7a5bcdbea1a415eb8d2640059724167e28dd5f5bf6f2a470ec2bc2680993da67b640436ff8c90699b461c93493d5499822466261247582bd7aa9691f977210c237009c6039b5244975d28f6ad3f323fd32b0e9a4ff067d6d5e5a4b1df481b3bf2656588f2492a27cc1c21bc26197132b0d91778f213548a5aa39daac4fe5d39f247383171723ffa347c00b2f0bc8fee7f33df6bd20b37d3a4a775dba075f68570df79e7f23c17534617bf0c01a17014f37b818c1b18d042b929a9652f16b089910ae6bc4fdc19fed5a6facc4c70bc1fed31579df62a3a4ee3c35dffa86f806efd6a6e19da06e60346725dc99166ad56e36a05cd23468c1211325d8f9eb7de135d85b9d6a9011e8d19407c129e70a3246ec002caf8f4dd3355b42be56895494b1ae0cf0be5b5a29348a50d47f05a54113fd99968e125558d1c7701a77f03dc65870d8774e543b4d874a9b4b037ff2daaf4d15585c8448ba52923d2391ac4e336d533faeaf4247be7ee7a072d85972d2f855af6369b036685fe21cfac4cff0e5c0757ce40c15e9a7767e99f13fab1ee14195c94cbdc6abc34e5e84a60935aa3b5016852ec7630b3b58d18d7b680bb2c9599fb489f03fa3eddf15e609f11139b480660adf99a2d87871056ec19cbbce6e575cb53acb91c118f35ee3d95a0cb6b86be09f6ae666f2d4954f3d53f3fa9ecf1abe6e72a46cd3a7af98d237b9f0f7a131d97344f750886798501d8a2d3982a21bdb0d4ed8b959c379a868e5349a7445483937ea0082abc23da763ff64e40d8191caa7f101d55316b681a89b776a3d859f0785f565ee912299a5306038fe5ede55c458446c02f40211d66fdb5e2a18e144fb0ac3f9f09a343788e242bac5b2cc5c3ab29ba591f6c89a9aaa187c6c23da8948991f5c32b6c01cc1bb519e9a19991806d7ee188198a7222fe7a998b1bbe1185232298662fae54910ddef7a0c59976e01003a2dcde06889a32c9b7ff9bf71ffaff833ae82d220afa131b86b882464b211dd8a00cefb8e12bae01b01829f6d82daefcc41ef917450c36a12e5130b9eab99d75c9ba9e43d1f1cacf76b4352e5dd125ceda665d218192b999241d0f246e8e9e235068464b", 0x1, 0x0, 0x1ff}, 0x50) (async)

3.355068303s ago: executing program 0 (id=3531):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r0 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x5, 0x5, 0xfffffffffffffffd})
mq_getsetattr(r0, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x5, @mcast2, 0xffffffff}, {0xa, 0x0, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, 0x3c}, r2}}, 0x48)

3.197722595s ago: executing program 0 (id=3532):
io_uring_setup(0x4c2a, &(0x7f0000000080)={0x0, 0x3631, 0x0, 0x2, 0x30e})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$igmp6(0xa, 0x3, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x807, 0x83, 0x6, 0xfffa}, 0x2000001d, [0x8000, 0xc95a, 0x12, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x49, 0x39cc191b, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x4, 0x8, 0x2, 0x4, 0x3c5b, 0x90, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x2, 0x4c74, 0x80000000, 0x242, 0x0, 0xe, 0x1000, 0x71, 0x7, 0x7, 0x1, 0x7, 0x0, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x0, 0x8, 0x0, 0x5, 0x0, 0x5, 0x6, 0xb, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x8000012d, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcd, 0x40c, 0x9, 0x2bf, 0x6c9, 0x8, 0xfffffffc, 0x3, 0x0, 0x7, 0xeb, 0x5573, 0xe, 0x312, 0x78, 0x33bb, 0x0, 0xda7a, 0x4, 0x8000, 0x2009, 0x400, 0x401, 0x6, 0x7, 0x4, 0x5, 0x5, 0x5f2e, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x0, 0x6, 0x7, 0x8000, 0x0, 0xfe000000, 0xffff, 0x2, 0x7f, 0x5, 0x3, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x3, 0x0, 0x4, 0xfffffffe, 0x9, 0x8d2, 0x8, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x20004, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x83, 0x3, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0xd, 0x4, 0x6d01, 0x5, 0x9, 0x7ffffc, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x5, 0x5, 0x5, 0xac6, 0x7, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x3, 0x6, 0x1c, 0x120000, 0x3, 0x3, 0xa2ed, 0x404, 0x25], [0x9, 0xbb31, 0x296, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x53f53814, 0x2, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x207fff, 0xffff, 0x2, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x20100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x19b0, 0x5, 0x8, 0x1000, 0xa1f, 0xc, 0x7, 0x1, 0x6c1b, 0x8000, 0x4, 0x5, 0xb1e, 0x1, 0x200, 0xffff3441, 0x7]}, 0x45c)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0xffffffff, "421ae3753785251500e9e29b00"})
r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

2.786911456s ago: executing program 3 (id=3535):
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000ac0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3, r2}]}, 0x40}, 0x1, 0xd, 0x0, 0x4000000}, 0x20)

2.575487405s ago: executing program 3 (id=3536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3}, 0x14}}, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000020303000000000000000020000000100800010001"], 0x1c}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4008, 0x3, 0x260, 0x0, 0x500b, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0x0, 0xffffff00, 'lo\x00', 'team_slave_0\x00', {}, {}, 0x1, 0x3}, 0x0, 0x90, 0xf8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x0, 0xe, [0x0, 0x0, 0xa, 0x0, 0xfffe, 0x23, 0x1, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000271000/0x2000)=nil, 0x2000, 0x3000004, 0x10010, r0, 0x9b016000)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r3, 0xc00464af, &(0x7f00000002c0))
socket$inet6(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000780)={{r5}, 0x0, 0x16, @unused=[0x7ff, 0xfffffffffffffff7, 0x9, 0x8], @devid})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r6, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000200027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)

2.343003894s ago: executing program 3 (id=3537):
socket(0x10, 0x3, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
open(&(0x7f0000000040)='./file0\x00', 0x40000, 0xa)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
open(&(0x7f0000000180)='./file0\x00', 0x903, 0x1)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000140)=0x81)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000002380)={0x48, 0x0, &(0x7f0000001300)=[@register_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000001380)='r'})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000007c0)={0x44, 0x0, &(0x7f0000000b40)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000780)='^'})
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r7, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)

2.16061584s ago: executing program 3 (id=3538):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000006001c005a80180001"], 0x4c}}, 0x0)

1.956169014s ago: executing program 6 (id=3540):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r1, &(0x7f00000065c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20080, 0x0)
dup3(r4, r1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x300, 0x300, 0x0, 0x0, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfd, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)

1.858813774s ago: executing program 3 (id=3541):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, 0x0, 0x8)
openat$audio(0xffffff9c, 0x0, 0x80, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0xee24, 0xffffffffffffffff, 0x0, 0x3}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x6c3, 0x4)
sendmmsg$inet(r3, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000011000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff000000001000"/24], 0x30}}], 0x1, 0x4008804)
sendmsg$inet(r3, &(0x7f0000002a80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002980)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @private=0xa010102}}}, @ip_retopts={{0x38, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x24, 0xc, 0x3, 0x9, [{@rand_addr=0x64010102, 0x46c}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}, {@rand_addr=0x64010102, 0x1dd47b6d}, {@local}]}, @noop, @noop]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xe}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4}}], 0x88}, 0x6000000)
r4 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000380)={0x8, 0x0, 0x3, 0x0, 0x6})
r6 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000001c0)=@multiplanar_fd={0x7, 0x2, 0x4, 0x20, 0xa, {0x0, 0x2710}, {0x4, 0x0, 0x5, 0x3, 0x14, 0x6, "00000300"}, 0x1b1, 0x4, {&(0x7f0000000440)=[{0x5, 0x9683, {r6}, 0xfffffff8}, {0x6, 0x6, {}, 0x1ff}]}, 0xedc5})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000200000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.779486793s ago: executing program 6 (id=3542):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000740)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3d0, 0x198, 0x320, 0x98, 0x230, 0x98, 0x440, 0x440, 0x440, 0x440, 0x440, 0x6, 0x0, {[{{@ip={@rand_addr=0x64010101, @local, 0x0, 0xff, 'vxcan1\x00', 'veth0_vlan\x00', {0xff}, {0xff}, 0x1d, 0x1, 0x40}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x6}}}, {{@uncond, 0x0, 0x70, 0x98, 0x1e01}, @ECN={0x28, 'ECN\x00', 0x0, {0x1, 0x0, 0x2}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1, 0x80}}}, {{@ip={@multicast1, @multicast2, 0xff000000, 0xffffffff, 'veth1_to_batadv\x00', 'veth0_to_batadv\x00', {0xff}, {}, 0x6, 0x3, 0xd92366ba3e370bfa}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x2, 0x6, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e21}}}, {{@ip={@local, @local, 0xff000000, 0xffffffff, 'gretap0\x00', 'bond0\x00', {0xff}, {}, 0x33, 0x3, 0x35}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x6, 0x6, 0x7, 0x3, 0x3, 0x6], 0x5, 0xa}, {0x0, [0x6, 0x6, 0x6, 0x0, 0x2, 0x4], 0x3, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)

1.690519708s ago: executing program 6 (id=3543):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x0, 0x901000, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x80000000006, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x1, @pix_mp={0xedd, 0x2, 0x34324142, 0x0, 0xc, [{0x1cd5, 0x37f6}, {0xffff, 0x2}, {0xdff, 0x5580}, {0x24, 0x1}, {0x5, 0x101}, {0xe0, 0x3}, {0x4, 0x6}, {0xd, 0x6}], 0x0, 0xf, 0x6, 0x1, 0x1}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000cf", @ANYRESOCT=r1, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = add_key$keyring(&(0x7f0000000380), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r4)
add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$get_keyring_id(0x0, r4, 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
unshare(0x20400)
inotify_add_watch(r6, 0x0, 0x4000002)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r4, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0x10, 0x0, 0xfe, 0x2, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
r7 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0)
write$tun(r7, &(0x7f0000000080)={@val={0x0, 0x8035}, @val={0x2, 0x0, 0xa83, 0x9ab, 0x9da, 0x7}, @eth={@random="95817960d97a", @local, @void, {@llc_tr={0x11, {@snap={0x0, 0x0, 'g', "fc1b10", 0xa00}}}}}}, 0x24)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

606.012609ms ago: executing program 6 (id=3544):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x38, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x12, 0x2, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x20, 0x7e, 0x0, 0x0, @u32=0x9}]}, @generic="568b"]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1e0000000500000007000000ffffffff10400000", @ANYRESDEC=r0, @ANYBLOB="01000100000000000000000000000000000000000bffae40f7333dbaf8a61c5d84489111adfbe4bc0f43887d1e51b0d8d225ee784774af282f4a12727ca1dd1aa4152905776bfe57293649ca776747d308778b3968f87fc952f99c9d9bcc43a1c38c03331d01ec6a83052675e6e1e9f24a20c29fd6f0cc43c95557c66ff8ea4db0cb02a5f6d615be45d29f363f6ed6fd218d37b45bd0699071b4f31ee38b9462d49bc8922072592f2e551ae009a2f414fe5180d999fc1f2420dcc33752a3086bd3d45c35f9ccd4f62bc4423c04a5c825cc91ea597929913f44a2e3d79aeffe63bc10", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000004000000030000000e00"/28], 0x50)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f00000004c0)=""/4096)

605.132347ms ago: executing program 2 (id=3545):
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x7}, &(0x7f0000001400))
timer_settime(0x0, 0x1, &(0x7f0000000500)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, 0x0, @void, @value, @void, @value=0x80010000}, 0x48)

359.099035ms ago: executing program 1 (id=3546):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000010000304e41e3bacfedbdf2500007400", @ANYRES32=r1, @ANYBLOB="00080000075005003c0012800b00010062726964676500002c00028005001900020000000c00230001000000000000000c00220006f5ff0000000000050024"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

295.48884ms ago: executing program 6 (id=3547):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000400000000000008000000180001801400020073797a5f74756e0000090000000000001c0002800400010014000380"], 0x48}, 0x1, 0x0, 0x0, 0x20004084}, 0x0)

222.50583ms ago: executing program 2 (id=3548):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)

55.918013ms ago: executing program 3 (id=3549):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x800)
socket$igmp(0x2, 0x3, 0x2)
r5 = syz_io_uring_setup(0x1f8, &(0x7f0000000080)={0x0, 0x6c0e, 0x10100}, &(0x7f0000000440), &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_setup(0x25e9, &(0x7f00000017c0)={0x0, 0x82ea, 0x1, 0x1}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000840))
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r5, 0xb15, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000430001"], 0x24}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x38, 0x701, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x4000000)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r9 = socket$kcm(0x2, 0xa, 0x2)
r10 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r10, 0x107, 0xe, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="000086dd0203030009000a004000623d885d009c11fffc000000000000000000000000000000ff0200000000000000000000000000014e224e21009c90"], 0xd2)

11.110075ms ago: executing program 2 (id=3550):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, 0x0)

0s ago: executing program 6 (id=3551):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010004b0400000000fcdbdf257a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280080008"], 0x44}, 0x1, 0x88a8ffff, 0x0, 0xc0}, 0x0)

kernel console output (not intermixed with test programs):

 879.515617][ T5835] usb 2-1: Manufacturer: syz
[  879.554975][ T5835] usb 2-1: SerialNumber: syz
[  879.575543][ T5835] usb 2-1: config 0 descriptor??
[  879.672017][ T5894] usb 3-1: config 32 has an invalid interface number: 72 but max is 0
[  879.682939][ T5894] usb 3-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  879.714218][ T5894] usb 3-1: config 32 has no interface number 0
[  879.733520][T16539] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3027'.
[  879.744742][ T5894] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=5d.bf
[  879.803694][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.050361][T16539] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3027'.
[  880.649589][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.702325][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  880.905554][  T772] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.951891][  T772] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  882.321874][ T5985] usb 2-1: USB disconnect, device number 110
[  882.580288][T16570] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3032'.
[  882.643958][T16570] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3032'.
[  882.981499][T16580] kernel read not supported for file / 
œ7³ÏüâW)ës“§Ç!Q�öì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|�Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 16580 comm: syz.1.3033)
[  883.040589][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  883.040605][   T30] audit: type=1800 audit(1749123627.652:571): pid=16580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3033" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=64019 res=0 errno=0
[  883.954606][ T5894] usb 3-1: USB disconnect, device number 110
[  884.079694][T16594] vlan2: entered allmulticast mode
[  884.300312][T16598] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3037'.
[  884.532871][T16603] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3039'.
[  884.581735][T16603] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3039'.
[  884.614492][T16598] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3037'.
[  885.546669][T16622] netlink: 'syz.6.3043': attribute type 2 has an invalid length.
[  885.582421][T16622] netlink: 723 bytes leftover after parsing attributes in process `syz.6.3043'.
[  885.649130][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  885.663343][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  885.672879][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  885.684162][T16628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3045'.
[  885.703587][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  885.714256][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  885.795855][  T772] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.808242][  T772] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  885.836767][T16625] netlink: 'syz.3.3044': attribute type 29 has an invalid length.
[  885.846172][T16631] netlink: 'syz.3.3044': attribute type 29 has an invalid length.
[  885.963205][  T772] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.973846][  T772] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  886.011105][   T24] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  886.084151][  T772] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  886.095375][  T772] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  886.162455][   T24] usb 2-1: device descriptor read/64, error -71
[  886.252249][  T772] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  886.263335][  T772] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  886.421360][   T24] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  886.458472][T16630] chnl_net:caif_netlink_parms(): no params data found
[  886.555898][   T24] usb 2-1: device descriptor read/64, error -71
[  886.686823][   T24] usb usb2-port1: attempt power cycle
[  887.106498][   T24] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  887.148676][T16654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3050'.
[  887.174140][   T24] usb 2-1: device descriptor read/8, error -71
[  887.180798][T16654] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3050'.
[  887.432151][   T24] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  887.462009][   T24] usb 2-1: device descriptor read/8, error -71
[  887.571661][   T24] usb usb2-port1: unable to enumerate USB device
[  887.581087][ T5894] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  887.734526][ T5894] usb 1-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad
[  887.758099][ T5834] Bluetooth: hci1: command tx timeout
[  887.770571][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.865864][ T5894] usb 1-1: config 0 descriptor??
[  887.892660][ T5894] gspca_main: tv8532-2.14.0 probing 0545:808b
[  888.691195][ T5835] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  888.849745][  T772] bond0 (unregistering): Released all slaves
[  888.868185][ T5835] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[  888.880640][  T772] bond1 (unregistering): Released all slaves
[  888.880804][ T5835] usb 7-1: config 0 has no interface number 0
[  888.919530][ T5835] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  888.937324][ T5835] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  888.955090][ T5835] usb 7-1: config 0 interface 255 has no altsetting 0
[  888.962497][ T5835] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  888.978706][ T5835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.018540][ T5835] usb 7-1: config 0 descriptor??
[  889.047238][ T5835] ums-realtek 7-1:0.255: USB Mass Storage device detected
[  889.141162][ T5985] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  889.268888][T16669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  889.312005][T16669] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  889.325998][ T5894] usb 7-1: USB disconnect, device number 21
[  889.330609][ T5985] usb 2-1: Using ep0 maxpacket: 16
[  889.339333][ T5985] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  889.351635][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.410807][ T5985] usb 2-1: config 0 descriptor??
[  889.422477][  T772] bond2 (unregistering): Released all slaves
[  889.435286][ T5985] gspca_main: sonixj-2.14.0 probing 0471:0327
[  889.713943][T16676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3056'.
[  889.780673][  T772] bond3 (unregistering): Released all slaves
[  889.822493][  T772] bond4 (unregistering): Released all slaves
[  889.831673][ T5834] Bluetooth: hci1: command tx timeout
[  890.199735][  T772] bond5 (unregistering): left promiscuous mode
[  890.226884][  T772] team0: Port device bond5 removed
[  890.241855][  T772] bond5 (unregistering): Released all slaves
[  890.352891][T16672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  890.374020][T16679] netlink: 'syz.3.3057': attribute type 29 has an invalid length.
[  890.388957][T16672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  890.407265][T16683] netlink: 'syz.3.3057': attribute type 29 has an invalid length.
[  890.546901][T16630] bridge0: port 1(bridge_slave_0) entered blocking state
[  890.569201][T16630] bridge0: port 1(bridge_slave_0) entered disabled state
[  890.593678][T16630] bridge_slave_0: entered allmulticast mode
[  890.658554][T16630] bridge_slave_0: entered promiscuous mode
[  890.771772][ T5985] gspca_sonixj: reg_w1 err -71
[  890.796328][ T5985] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  890.811899][T16630] bridge0: port 2(bridge_slave_1) entered blocking state
[  890.836383][T16630] bridge0: port 2(bridge_slave_1) entered disabled state
[  890.891879][T16630] bridge_slave_1: entered allmulticast mode
[  890.898335][ T5985] usb 2-1: USB disconnect, device number 115
[  890.966754][T16630] bridge_slave_1: entered promiscuous mode
[  891.678428][T16630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  891.735271][T16630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  891.754170][T16706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3060'.
[  891.790187][T16706] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3060'.
[  891.913377][ T5834] Bluetooth: hci1: command tx timeout
[  892.210210][T16712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3061'.
[  892.274913][T16630] team0: Port device team_slave_0 added
[  892.428847][T16630] team0: Port device team_slave_1 added
[  892.640378][  T772] hsr_slave_0: left promiscuous mode
[  892.674834][  T772] veth1_macvtap: left promiscuous mode
[  892.680602][  T772] veth0_macvtap: left promiscuous mode
[  892.687061][  T772] veth1_vlan: left promiscuous mode
[  892.691197][ T5835] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  892.694025][  T772] 
@ÿ: left promiscuous mode
[  893.110011][ T5835] usb 2-1: Using ep0 maxpacket: 16
[  893.117832][ T5835] usb 2-1: config index 0 descriptor too short (expected 55488, got 68)
[  893.131154][ T5835] usb 2-1: config 0 has an invalid descriptor of length 216, skipping remainder of the config
[  893.148341][ T5835] usb 2-1: config 0 has no interfaces?
[  893.180672][ T5835] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  893.218039][ T5835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  893.323401][ T5835] usb 2-1: SerialNumber: syz
[  893.348405][ T5835] usb 2-1: config 0 descriptor??
[  893.391907][T16727] Invalid logical block size (1437270015)
[  893.530112][  T772] pimreg (unregistering): left allmulticast mode
[  893.986170][ T5835] usb 2-1: USB disconnect, device number 116
[  894.014492][ T5834] Bluetooth: hci1: command tx timeout
[  894.451181][ T5985] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  894.641389][ T5985] usb 4-1: Using ep0 maxpacket: 16
[  894.654443][ T5985] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  894.669064][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  894.690226][ T5985] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  894.700840][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.712213][ T5985] usb 4-1: Product: syz
[  894.716418][ T5985] usb 4-1: Manufacturer: syz
[  894.727039][ T5985] usb 4-1: SerialNumber: syz
[  894.744752][ T5985] usb 4-1: config 0 descriptor??
[  894.769502][ T5985] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  894.779610][ T5985] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  895.891483][ T5985] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  895.920065][ T5985] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  895.937908][ T5985] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  895.953772][ T5985] em28xx 4-1:0.0: No AC97 audio processor
[  896.079196][T16764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3070'.
[  896.106592][T16764] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3070'.
[  896.128246][T16630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  896.137402][T16630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  896.163626][    C0] vkms_vblank_simulate: vblank timer overrun
[  896.211511][T16630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  896.245489][T16630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  896.253064][T16630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  896.310194][T16630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  896.469699][T16630] hsr_slave_0: entered promiscuous mode
[  896.476471][T16630] hsr_slave_1: entered promiscuous mode
[  896.485378][T16630] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  896.493135][T16630] Cannot create hsr debugfs directory
[  896.670508][ T5985] usb 1-1: USB disconnect, device number 84
[  897.149200][ T5893] usb 4-1: USB disconnect, device number 123
[  897.338894][ T5893] em28xx 4-1:0.0: Disconnecting em28xx
[  897.370168][ T5893] em28xx 4-1:0.0: Freeing device
[  897.485408][T16779] netlink: 'syz.3.3074': attribute type 29 has an invalid length.
[  897.548042][T16786] netlink: 'syz.0.3076': attribute type 1 has an invalid length.
[  897.852387][T16785] netlink: 'syz.3.3074': attribute type 29 has an invalid length.
[  898.845401][T16812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3080'.
[  898.866916][T16812] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3080'.
[  899.715104][T16630] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  899.728947][T16830] netlink: 'syz.0.3085': attribute type 1 has an invalid length.
[  899.828365][T16630] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  899.915237][T16833] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  899.933263][T16630] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  899.995962][T16830] veth3: entered promiscuous mode
[  900.012025][T16830] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  900.027022][T16630] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  900.390532][T16839] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3087'.
[  900.410809][T16630] 8021q: adding VLAN 0 to HW filter on device bond0
[  900.505885][T16630] 8021q: adding VLAN 0 to HW filter on device team0
[  900.589521][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  900.596734][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  900.649867][T16839] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3087'.
[  900.698135][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state
[  900.705317][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state
[  900.729568][    T9] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  900.921334][    T9] usb 2-1: Using ep0 maxpacket: 16
[  900.949750][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  901.019197][    T9] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  901.057673][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.108938][T16839] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3087'.
[  901.114881][    T9] usb 2-1: config 0 descriptor??
[  901.161361][T16862] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.3091'.
[  901.181733][T16630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  901.344960][T16630] veth0_vlan: entered promiscuous mode
[  901.450173][T16630] veth1_vlan: entered promiscuous mode
[  901.597750][    T9] hid-led 0003:1294:1320.001C: unknown main item tag 0x0
[  901.628884][    T9] hid-led 0003:1294:1320.001C: unknown main item tag 0x0
[  901.671309][    T9] hid-led 0003:1294:1320.001C: unknown main item tag 0x0
[  901.702161][    T9] hid-led 0003:1294:1320.001C: unknown main item tag 0x0
[  901.719496][    T9] hid-led 0003:1294:1320.001C: unknown main item tag 0x0
[  901.764675][    T9] hid-led 0003:1294:1320.001C: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0
[  901.789236][T16845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  901.820551][T16845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  901.843868][T16871] netdevsim netdevsim6 netdevsim0: entered allmulticast mode
[  901.857983][    T9] hid-led 0003:1294:1320.001C: Riso Kagaku Webmail Notifier initialized
[  901.870364][T16871] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  901.935896][    T9] usb 2-1: USB disconnect, device number 117
[  901.957301][T16630] veth0_macvtap: entered promiscuous mode
[  901.993375][T16362] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  902.036377][T16630] veth1_macvtap: entered promiscuous mode
[  902.043918][   T59] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  902.059811][T16873] fido_id[16873]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  902.180331][   T36] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  902.198944][T16630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  902.224254][T16881] loop7: detected capacity change from 0 to 6
[  902.299046][T16884] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3096'.
[  902.317492][T16630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  902.329631][T15742] Dev loop7: unable to read RDB block 6
[  902.341080][T15742]  loop7: unable to read partition table
[  902.362230][T16630] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  902.374349][T15742] loop7: partition table beyond EOD, truncated
[  902.405307][T16630] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  902.414641][T16881] Dev loop7: unable to read RDB block 6
[  902.420756][T16881]  loop7: unable to read partition table
[  902.438465][T16881] loop7: partition table beyond EOD, truncated
[  902.459213][T16630] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  902.481072][T16881] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
WÎÉ´å) failed (rc=-5)
[  902.509015][T16630] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  902.544946][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880352b9c00: rx timeout, send abort
[  902.805445][T16888] 8021q: adding VLAN 0 to HW filter on device bond3
[  902.827124][T16888] bond3: entered promiscuous mode
[  902.839490][T16888] team0: Port device bond3 added
[  903.139456][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.190572][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.635024][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.709670][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  904.638274][T16941] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  904.691915][T16941] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  904.731049][ T5894] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  904.943295][ T5894] usb 7-1: Using ep0 maxpacket: 16
[  904.983834][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  905.001036][ T5894] usb 7-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  905.010327][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.096626][ T5894] usb 7-1: config 0 descriptor??
[  905.794642][ T5894] hid-led 0003:1294:1320.001D: unknown main item tag 0x0
[  905.827388][ T5894] hid-led 0003:1294:1320.001D: unknown main item tag 0x0
[  905.847040][ T5894] hid-led 0003:1294:1320.001D: unknown main item tag 0x0
[  905.866014][ T5894] hid-led 0003:1294:1320.001D: unknown main item tag 0x0
[  905.886257][ T5894] hid-led 0003:1294:1320.001D: unknown main item tag 0x0
[  905.918410][ T5894] hid-led 0003:1294:1320.001D: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.6-1/input0
[  906.042587][T16934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  906.084030][T16934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  906.110317][ T5894] hid-led 0003:1294:1320.001D: Riso Kagaku Webmail Notifier initialized
[  906.226261][ T5894] usb 7-1: USB disconnect, device number 22
[  906.278350][T16975] netlink: 'syz.1.3119': attribute type 7 has an invalid length.
[  906.309014][   T36] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  906.394259][T16970] fido_id[16970]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  906.401409][   T36] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  906.463344][   T36] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  906.979326][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3123'.
[  907.509542][T17010] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3127'.
[  907.578776][T17011] program syz.3.3130 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  907.749095][T17018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3133'.
[  907.861010][ T5985] usb 4-1: new full-speed USB device number 124 using dummy_hcd
[  907.881246][   T24] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  908.198917][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  908.200783][ T5985] usb 4-1: config 0 has an invalid interface number: 200 but max is 0
[  908.210658][   T24] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  908.224705][ T5985] usb 4-1: config 0 has no interface number 0
[  908.228921][   T24] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  908.244642][ T5985] usb 4-1: config 0 interface 200 altsetting 2 has an endpoint descriptor with address 0xFB, changing to 0x8B
[  908.256959][    T9] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  908.275819][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  908.286535][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.296341][   T24] usb 2-1: Product: à°š
[  908.300576][   T24] usb 2-1: Manufacturer: 䣚ࡩ䭣뤨���꽋谇梚��ᇒ筅ᛃ�♸�둜녿�謽崳쎔��ꆚ뵮#<჎∡碎ﭴឱ烄⡠饷꫖�功⇯絀鴇ᷙ윕졈ﶒ镓佈Ȃ韉鼬曾��黦�澋䄉웅㔦礆７
[  908.394302][   T24] usb 2-1: SerialNumber: ౄⰘ奬䨲�廉岓䓫⧘ⓨ�炜﹔쓞ᕬִ�蛿㤭ﶛ�锥�ྌ酈⟧畧瀧Ỷ�ⴂ酽�軡
[  908.400982][ T5985] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  908.441054][    T9] usb 1-1: Using ep0 maxpacket: 16
[  908.490830][ T5985] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x8B has invalid wMaxPacketSize 0
[  908.510071][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  908.526854][ T5985] usb 4-1: config 0 interface 200 has no altsetting 0
[  908.538946][    T9] usb 1-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  908.549939][T17028] bridge0: port 2(bridge_slave_1) entered disabled state
[  908.557761][T17028] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.575231][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.587604][ T5985] usb 4-1: New USB device found, idVendor=0b57, idProduct=8520, bcdDevice=6d.39
[  908.602941][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.624840][    T9] usb 1-1: config 0 descriptor??
[  908.647142][ T5985] usb 4-1: Product: syz
[  908.670974][ T5985] usb 4-1: Manufacturer: syz
[  908.692321][ T5985] usb 4-1: SerialNumber: syz
[  908.743634][ T5985] usb 4-1: config 0 descriptor??
[  908.823938][   T24] cdc_ncm 2-1:1.0: bind() failure
[  908.865359][   T24] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  908.918363][   T24] cdc_ncm 2-1:1.1: bind() failure
[  908.960486][   T24] usb 2-1: USB disconnect, device number 118
[  909.104481][    T9] hid-led 0003:1294:1320.001E: unknown main item tag 0x0
[  909.160997][    T9] hid-led 0003:1294:1320.001E: unknown main item tag 0x0
[  909.192959][    T9] hid-led 0003:1294:1320.001E: unknown main item tag 0x0
[  909.244772][    T9] hid-led 0003:1294:1320.001E: unknown main item tag 0x0
[  909.280361][T17024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  909.316038][    T9] hid-led 0003:1294:1320.001E: unknown main item tag 0x0
[  909.323015][T17024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  909.352746][    T9] hid-led 0003:1294:1320.001E: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.0-1/input0
[  909.401282][    T9] hid-led 0003:1294:1320.001E: Riso Kagaku Webmail Notifier initialized
[  909.641040][T11796] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  909.681988][    T9] usb 1-1: USB disconnect, device number 85
[  909.719574][  T772] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  909.751417][  T772] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  909.774613][ T1165] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  909.843733][T11796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  909.862549][T11796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  909.895074][T11796] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  909.925830][T11796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.011968][T11796] usb 2-1: config 0 descriptor??
[  910.467746][ T5985] usb 4-1: USB disconnect, device number 124
[  910.478052][T11796] hid-steam 0003:28DE:1142.001F: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0
[  910.615641][T11796] hid-steam 0003:28DE:1142.001F: Steam wireless receiver connected
[  910.742147][T11796] hid-steam 0003:28DE:1142.0020: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0
[  910.798045][T11796] usb 2-1: USB disconnect, device number 119
[  910.898208][T11796] hid-steam 0003:28DE:1142.001F: Steam wireless receiver disconnected
[  911.012023][T17070] ipvlan1: entered promiscuous mode
[  911.056105][T17070] ipvlan1: entered allmulticast mode
[  911.110731][T17070] veth0_vlan: entered allmulticast mode
[  911.117193][T17077] fido_id[17077]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  911.443030][T17091] loop2: detected capacity change from 0 to 7
[  911.647243][T17091] Dev loop2: unable to read RDB block 7
[  911.661063][T17091]  loop2: unable to read partition table
[  911.681473][T17091] loop2: partition table beyond EOD, truncated
[  911.707131][T17091] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  911.871716][T17102] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3150'.
[  912.055583][T11796] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[  912.151624][ T5985] usb 7-1: new full-speed USB device number 23 using dummy_hcd
[  912.221165][T11796] usb 4-1: Using ep0 maxpacket: 16
[  912.228872][T11796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  912.275680][T11796] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  912.317735][T11796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  912.362579][T11796] usb 4-1: config 0 descriptor??
[  912.370167][ T5985] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  912.386562][ T5985] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  912.438262][   T24] usb 2-1: new low-speed USB device number 120 using dummy_hcd
[  912.449881][ T5985] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  912.483130][ T5985] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  912.511207][ T5985] usb 7-1: Manufacturer: syz
[  912.537593][ T5985] usb 7-1: config 0 descriptor??
[  912.644959][T17112] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  912.651641][T17112] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  912.708457][T17112] vhci_hcd vhci_hcd.0: Device attached
[  912.709570][   T24] usb 2-1: config 7 has an invalid interface number: 252 but max is 0
[  912.782727][   T24] usb 2-1: config 7 has no interface number 0
[  912.799214][T17112] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5)
[  912.800044][   T24] usb 2-1: config 7 interface 252 altsetting 8 endpoint 0xF has an invalid bInterval 232, changing to 4
[  912.805767][T17112] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  912.848398][T17119] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  912.877294][T17099] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  912.883348][T11796] hid-led 0003:1294:1320.0021: unknown main item tag 0x0
[  912.904975][ T5985] vhci_hcd: vhci_device speed not set
[  912.938307][   T24] usb 2-1: config 7 interface 252 altsetting 8 endpoint 0xF has invalid maxpacket 64, setting to 0
[  912.941417][T17112] vhci_hcd vhci_hcd.0: Device attached
[  912.959176][T11796] hid-led 0003:1294:1320.0021: unknown main item tag 0x0
[  912.979613][T17121] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(11)
[  912.986279][T17121] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  912.997572][T11796] hid-led 0003:1294:1320.0021: unknown main item tag 0x0
[  913.007386][ T5985] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  913.033225][   T24] usb 2-1: config 7 interface 252 has no altsetting 0
[  913.037892][T11796] hid-led 0003:1294:1320.0021: unknown main item tag 0x0
[  913.051589][T17101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  913.060313][T17101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  913.091061][T11796] hid-led 0003:1294:1320.0021: unknown main item tag 0x0
[  913.118834][   T24] usb 2-1: string descriptor 0 read error: -22
[  913.133211][   T24] usb 2-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  913.149814][T17121] vhci_hcd vhci_hcd.0: Device attached
[  913.181545][T11796] hid-led 0003:1294:1320.0021: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0
[  913.201864][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.224584][T17112] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  913.264360][T11796] hid-led 0003:1294:1320.0021: Riso Kagaku Webmail Notifier initialized
[  913.265320][   T24] idmouse 2-1:7.252: Unable to find bulk-in endpoint.
[  913.298384][T17112] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(13)
[  913.305076][T17112] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  913.328417][T11796] usb 4-1: USB disconnect, device number 125
[  913.356761][ T3489] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  913.376908][T17112] vhci_hcd vhci_hcd.0: Device attached
[  913.377528][T17119] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  913.393837][  T772] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  913.455859][T17121] vhci_hcd vhci_hcd.0: pdev(2) rhport(7) sockfd(15)
[  913.457570][   T36] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  913.462654][T17121] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  913.465323][ T5894] usb 2-1: USB disconnect, device number 120
[  913.498061][T17121] vhci_hcd vhci_hcd.0: Device attached
[  913.552220][T17122] vhci_hcd: connection closed
[  913.552717][   T36] vhci_hcd: stop threads
[  913.561996][T17113] vhci_hcd: connection reset by peer
[  913.567466][T17116] vhci_hcd: connection closed
[  913.614462][T17125] vhci_hcd: connection closed
[  913.614998][   T36] vhci_hcd: release socket
[  913.651201][T17134] loop6: detected capacity change from 0 to 7
[  913.667838][T17130] fido_id[17130]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  913.715486][   T36] vhci_hcd: disconnect device
[  913.783180][   T36] vhci_hcd: stop threads
[  913.811031][   T36] vhci_hcd: release socket
[  913.828951][T17134]  loop6: [CUMANA/ADFS] p1 [ADFS] p1
[  913.851328][   T36] vhci_hcd: disconnect device
[  913.856349][T17135] vhci_hcd: connection closed
[  913.858521][T17134] loop6: partition table partially beyond EOD, 
[  913.886869][   T36] vhci_hcd: stop threads
[  913.925620][T17134] truncated
[  913.936253][   T36] vhci_hcd: release socket
[  913.950205][T17134] loop6: p1 size 2989602745 extends beyond EOD, truncated
[  913.959098][   T36] vhci_hcd: disconnect device
[  913.975207][   T36] vhci_hcd: stop threads
[  913.979528][   T36] vhci_hcd: release socket
[  913.981975][T11796] IPVS: starting estimator thread 0...
[  914.029483][   T36] vhci_hcd: disconnect device
[  914.074952][   T36] vhci_hcd: stop threads
[  914.079249][   T36] vhci_hcd: release socket
[  914.092217][ T5894] usb 7-1: USB disconnect, device number 23
[  914.124233][T17144] IPVS: using max 26 ests per chain, 62400 per kthread
[  914.135295][   T36] vhci_hcd: disconnect device
[  914.271196][T11796] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  914.529744][T11796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  914.564210][T11796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  914.639371][T17156] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3158'.
[  914.687860][T11796] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00
[  914.721531][T11796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.751058][T11796] usb 4-1: config 0 descriptor??
[  915.308264][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: unknown main item tag 0x0
[  915.348190][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: unknown main item tag 0x0
[  915.405123][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: unknown main item tag 0x0
[  915.431013][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: unknown main item tag 0x0
[  915.439371][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: unknown main item tag 0x0
[  915.490729][T11796] aquacomputer_d5next 0003:0C70:F00D.0022: hidraw0: USB HID v0.00 Device [HID 0c70:f00d] on usb-dummy_hcd.3-1/input0
[  916.422124][T17166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  916.486955][T17166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  916.827877][T17179] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3163'.
[  916.902204][ T5893] usb 4-1: reset high-speed USB device number 126 using dummy_hcd
[  917.115913][T17179] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3163'.
[  917.207311][T17189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3166'.
[  917.407297][T17179] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3163'.
[  917.481115][ T5894] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  917.671652][ T5894] usb 3-1: Using ep0 maxpacket: 16
[  917.708010][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  917.731626][ T5894] usb 3-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  917.750841][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.763900][T17208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3172'.
[  917.778075][ T5894] usb 3-1: config 0 descriptor??
[  917.889917][T17206] 8021q: adding VLAN 0 to HW filter on device bond2
[  917.910051][T17206] team0: Port device bond2 added
[  918.141085][ T5985] vhci_hcd: vhci_device speed not set
[  918.222842][ T5894] hid-led 0003:1294:1320.0023: unknown main item tag 0x0
[  918.258006][T17223] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  918.268358][ T5894] hid-led 0003:1294:1320.0023: unknown main item tag 0x0
[  918.297090][ T5894] hid-led 0003:1294:1320.0023: unknown main item tag 0x0
[  918.305737][T17223] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  918.317751][ T5894] hid-led 0003:1294:1320.0023: unknown main item tag 0x0
[  918.335433][ T5894] hid-led 0003:1294:1320.0023: unknown main item tag 0x0
[  918.385642][ T5894] hid-led 0003:1294:1320.0023: hidraw1: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.2-1/input0
[  918.403395][T17195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  918.421654][T17195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  918.491482][ T5894] hid-led 0003:1294:1320.0023: Riso Kagaku Webmail Notifier initialized
[  918.576768][ T5894] usb 3-1: USB disconnect, device number 111
[  918.609112][   T30] audit: type=1326 audit(1749123663.242:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17234 comm="syz.6.3180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a278e929 code=0x7ffc0000
[  918.634691][T11796] usb 4-1: USB disconnect, device number 126
[  918.654006][   T12] leds riso_kagaku1:blue: Setting an LED's brightness failed (-38)
[  918.716442][   T30] audit: type=1326 audit(1749123663.242:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17234 comm="syz.6.3180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a278e929 code=0x7ffc0000
[  918.718352][T17229] fido_id[17229]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  918.776384][  T772] leds riso_kagaku1:green: Setting an LED's brightness failed (-38)
[  918.830615][  T772] leds riso_kagaku1:red: Setting an LED's brightness failed (-38)
[  918.867972][   T30] audit: type=1326 audit(1749123663.282:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17234 comm="syz.6.3180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f00a278e929 code=0x7ffc0000
[  918.958678][   T30] audit: type=1326 audit(1749123663.282:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17234 comm="syz.6.3180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a278e929 code=0x7ffc0000
[  919.188516][T17245] loop6: detected capacity change from 0 to 7
[  919.195204][ T5912] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  919.236666][T17245] Dev loop6: unable to read RDB block 7
[  919.254380][T17245]  loop6: unable to read partition table
[  919.260420][T17245] loop6: partition table beyond EOD, truncated
[  919.324201][T17245] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  919.347084][T17253] netlink: 'syz.2.3186': attribute type 2 has an invalid length.
[  919.362608][ T5912] usb 7-1: device descriptor read/64, error -71
[  919.398120][T17253] : entered promiscuous mode
[  919.495226][   T24] usb usb38-port8: attempt power cycle
[  919.601332][ T5912] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  919.901003][ T5912] usb 7-1: device descriptor read/64, error -71
[  920.013433][ T5912] usb usb7-port1: attempt power cycle
[  920.103151][   T24] usb usb38-port8: unable to enumerate USB device
[  920.378467][ T5912] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  920.421802][ T5912] usb 7-1: device descriptor read/8, error -71
[  920.481326][   T24] usb 3-1: new full-speed USB device number 112 using dummy_hcd
[  920.633936][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  920.664135][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  920.681187][ T5912] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  920.726507][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  920.738117][ T5912] usb 7-1: device descriptor read/8, error -71
[  920.775946][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  920.811471][   T24] usb 3-1: Product: syz
[  920.826725][   T24] usb 3-1: Manufacturer: syz
[  920.861414][ T5912] usb usb7-port1: unable to enumerate USB device
[  920.879856][   T24] usb 3-1: SerialNumber: syz
[  921.021098][ T5985] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  921.131832][T17277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  921.151414][T17277] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  921.183571][ T5985] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  921.184616][   T24] usb 3-1: 0:2 : does not exist
[  921.463911][ T5985] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  921.466328][   T24] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  921.542908][ T5985] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  921.553791][   T24] usb 3-1: USB disconnect, device number 112
[  921.561394][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  921.673974][ T5985] usb 2-1: SerialNumber: syz
[  921.806066][T15712] udevd[15712]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  921.943307][ T5985] usb 2-1: 0:2 : does not exist
[  922.208093][ T5985] usb 2-1: USB disconnect, device number 121
[  922.314215][T15712] udevd[15712]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  922.555662][T17309] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3198'.
[  922.641515][   T24] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  922.861887][   T24] usb 7-1: Using ep0 maxpacket: 16
[  922.869515][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  922.897003][   T24] usb 7-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  922.945997][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.967530][   T24] usb 7-1: config 0 descriptor??
[  923.061867][T17318] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3199'.
[  923.301033][ T5985] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  923.467477][ T5985] usb 2-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  923.489738][   T24] hid-led 0003:1294:1320.0024: unknown main item tag 0x0
[  923.525288][   T24] hid-led 0003:1294:1320.0024: unknown main item tag 0x0
[  923.536244][   T24] hid-led 0003:1294:1320.0024: unknown main item tag 0x0
[  923.547654][   T24] hid-led 0003:1294:1320.0024: unknown main item tag 0x0
[  923.556977][   T24] hid-led 0003:1294:1320.0024: unknown main item tag 0x0
[  923.560965][ T5985] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  923.617024][   T24] hid-led 0003:1294:1320.0024: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.6-1/input0
[  923.680583][T17306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  923.700075][T17306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  923.712261][ T5985] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  923.746408][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  923.765416][ T5985] usb 2-1: SerialNumber: syz
[  923.789565][   T24] hid-led 0003:1294:1320.0024: Riso Kagaku Webmail Notifier initialized
[  923.835759][   T24] usb 7-1: USB disconnect, device number 28
[  923.868645][   T12] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  924.092821][T17329] fuse: Bad value for 'fd'
[  924.133940][  T772] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  924.145535][T17324] fido_id[17324]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  924.207359][ T1165] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  924.701089][    T9] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  924.761550][T17335] No such timeout policy "syz0"
[  924.827678][T17335] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3206'.
[  924.839917][T17335] bridge0: port 2(bridge_slave_1) entered disabled state
[  924.847874][T17335] bridge0: port 1(bridge_slave_0) entered disabled state
[  924.864889][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  924.919423][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  924.970986][    T9] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  924.980494][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.008741][    T9] usb 4-1: config 0 descriptor??
[  925.451708][    T9] hid-steam 0003:28DE:1142.0025: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  925.591275][    T9] hid-steam 0003:28DE:1142.0025: Steam wireless receiver connected
[  925.692587][    T9] hid-steam 0003:28DE:1142.0026: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  925.749375][    T9] usb 4-1: USB disconnect, device number 127
[  926.007323][T17344] fido_id[17344]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  926.023067][    T9] hid-steam 0003:28DE:1142.0025: Steam wireless receiver disconnected
[  926.040646][ T5985] usb 2-1: 0:2 : does not exist
[  926.071485][ T5985] usb 2-1: unit 5 not found!
[  926.204322][T17348] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3210'.
[  926.236884][ T5985] usb 2-1: USB disconnect, device number 122
[  926.310463][T17348] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3210'.
[  926.384736][T15742] udevd[15742]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  926.876804][T17355] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3213'.
[  926.977154][T17359] vlan2: entered allmulticast mode
[  927.129598][T17365] netlink: 'syz.1.3211': attribute type 10 has an invalid length.
[  927.245991][T17365] hsr_slave_0: left promiscuous mode
[  927.261461][T17365] hsr_slave_1: left promiscuous mode
[  927.850100][T17382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3220'.
[  927.875247][ T5894] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  927.885776][T17380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3219'.
[  927.896897][T17380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3219'.
[  927.926699][T17380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3219'.
[  928.111055][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  928.134946][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  928.274188][ T5894] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  928.495921][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.687751][ T5894] usb 4-1: config 0 descriptor??
[  929.527200][ T5894] hid-led 0003:1294:1320.0027: unknown main item tag 0x0
[  929.536119][T17368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  929.621622][T17368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  929.712169][ T5894] hid-led 0003:1294:1320.0027: unknown main item tag 0x0
[  929.748249][ T5894] hid-led 0003:1294:1320.0027: unknown main item tag 0x0
[  929.773907][ T5894] hid-led 0003:1294:1320.0027: unknown main item tag 0x0
[  929.795361][ T5894] hid-led 0003:1294:1320.0027: unknown main item tag 0x0
[  929.835558][ T5894] hid-led 0003:1294:1320.0027: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0
[  929.906797][ T5894] hid-led 0003:1294:1320.0027: Riso Kagaku Webmail Notifier initialized
[  929.963994][ T5894] usb 4-1: USB disconnect, device number 2
[  930.038057][ T1165] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  930.104679][   T36] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  930.135527][T17400] fido_id[17400]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  930.178619][  T772] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  930.282137][T17406] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3226'.
[  931.151113][ T5894] usb 2-1: new full-speed USB device number 123 using dummy_hcd
[  931.263547][T17421] loop2: detected capacity change from 0 to 7
[  931.285754][T17421] Dev loop2: unable to read RDB block 7
[  931.291585][T17421]  loop2: unable to read partition table
[  931.342081][T17421] loop2: partition table beyond EOD, truncated
[  931.394818][ T5894] usb 2-1: not running at top speed; connect to a high speed hub
[  931.409602][T17421] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  931.431324][ T5894] usb 2-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  931.488909][ T5894] usb 2-1: config 1 interface 0 has no altsetting 0
[  931.507668][ T5894] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  931.532825][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.581478][ T5894] usb 2-1: Product: syz
[  931.598086][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.604720][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  931.633197][ T5894] usb 2-1: Manufacturer: 倊
[  931.655953][ T5894] usb 2-1: SerialNumber: syz
[  931.745815][T17414] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  931.839573][T17429] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3232'.
[  932.264778][ T5894] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 123 if 0 alt 8 proto 1 vid 0x0525 pid 0xA4A8
[  932.345527][ T5894] usb 2-1: USB disconnect, device number 123
[  932.399793][ T5894] usblp0: removed
[  932.577978][T17437] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  932.591341][T17437] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  933.210766][T17447] bridge2: entered promiscuous mode
[  933.671473][ T5842] Bluetooth: hci6: command 0x0406 tx timeout
[  933.963428][ T5895] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  934.225701][T17461] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3238'.
[  934.282760][ T5895] usb 2-1: Using ep0 maxpacket: 16
[  934.291960][ T5895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  934.308121][ T5895] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  934.330091][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.745397][ T5895] usb 2-1: config 0 descriptor??
[  935.165265][ T5895] hid-led 0003:1294:1320.0028: unknown main item tag 0x0
[  935.180694][ T5895] hid-led 0003:1294:1320.0028: unknown main item tag 0x0
[  935.188399][ T5895] hid-led 0003:1294:1320.0028: unknown main item tag 0x0
[  935.239541][ T5895] hid-led 0003:1294:1320.0028: unknown main item tag 0x0
[  935.266033][ T5895] hid-led 0003:1294:1320.0028: unknown main item tag 0x0
[  935.339077][ T5895] hid-led 0003:1294:1320.0028: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0
[  935.366248][T17450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  935.385897][T17450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  935.467066][ T5895] hid-led 0003:1294:1320.0028: Riso Kagaku Webmail Notifier initialized
[  935.556193][ T5895] usb 2-1: USB disconnect, device number 124
[  935.596597][ T1165] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  935.628585][ T3489] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  935.647236][ T3489] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  935.737904][T17471] fido_id[17471]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  936.572584][T17481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3245'.
[  936.683977][ T5894] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  936.996044][ T5894] usb 7-1: config 1 interface 0 altsetting 8 endpoint 0x2 has invalid maxpacket 1088, setting to 1024
[  937.044051][T17487] x_tables: duplicate underflow at hook 3
[  937.057552][ T5894] usb 7-1: config 1 interface 0 has no altsetting 0
[  937.068496][ T5894] usb 7-1: New USB device found, idVendor=0c16, idProduct=0002, bcdDevice= 0.40
[  937.085203][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.094744][T17489] x_tables: duplicate underflow at hook 3
[  937.109028][ T5894] usb 7-1: Product: 《
[  937.116184][ T5894] usb 7-1: Manufacturer: á°�
[  937.125093][ T5894] usb 7-1: SerialNumber: syz
[  937.148467][T17478] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  937.242865][ T5895] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  937.433989][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  937.448937][ T5895] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice=80.00
[  937.490276][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  937.541614][ T5895] usb 4-1: config 0 descriptor??
[  937.565923][T17478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  937.575231][T17478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.616584][T17478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  937.625763][T17478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.675451][T17478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  937.712377][T17478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.721203][   T24] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  937.762147][T17478] x_tables: duplicate underflow at hook 2
[  937.818279][ T5894] usbhid 7-1:1.0: can't add hid device: -71
[  937.824701][ T5894] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[  937.881128][   T24] usb 3-1: Using ep0 maxpacket: 32
[  937.905630][ T5894] usb 7-1: USB disconnect, device number 29
[  937.939839][   T24] usb 3-1: too many configurations: 16, using maximum allowed: 8
[  937.997363][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  938.035786][   T24] usb 3-1: can't read configurations, error -61
[  938.191757][   T24] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  938.371266][   T24] usb 3-1: Using ep0 maxpacket: 32
[  938.378442][   T24] usb 3-1: too many configurations: 16, using maximum allowed: 8
[  938.419449][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  938.521916][   T24] usb 3-1: can't read configurations, error -61
[  938.537412][   T24] usb usb3-port1: attempt power cycle
[  939.131038][   T24] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  939.168666][   T24] usb 3-1: Using ep0 maxpacket: 32
[  939.175729][   T24] usb 3-1: too many configurations: 16, using maximum allowed: 8
[  939.253023][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  939.261134][   T24] usb 3-1: can't read configurations, error -61
[  939.405727][   T24] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  939.442312][   T24] usb 3-1: Using ep0 maxpacket: 32
[  939.457106][   T24] usb 3-1: too many configurations: 16, using maximum allowed: 8
[  939.476510][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  939.485355][   T24] usb 3-1: can't read configurations, error -61
[  939.494447][   T24] usb usb3-port1: unable to enumerate USB device
[  939.631047][T11796] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  939.861154][T11796] usb 7-1: Using ep0 maxpacket: 16
[  939.869002][T11796] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  939.880599][T11796] usb 7-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  939.894620][T11796] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.938275][T17518] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3257'.
[  940.033340][ T5895] usbhid 4-1:0.0: can't add hid device: -71
[  940.068115][T11796] usb 7-1: config 0 descriptor??
[  940.068618][ T5895] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  940.105886][ T5895] usb 4-1: USB disconnect, device number 3
[  941.289327][T11796] hid-led 0003:1294:1320.0029: unknown main item tag 0x0
[  941.342928][T11796] hid-led 0003:1294:1320.0029: unknown main item tag 0x0
[  941.507387][T11796] hid-led 0003:1294:1320.0029: unknown main item tag 0x0
[  941.513749][T17511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  941.531653][T17511] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  941.551831][T11796] hid-led 0003:1294:1320.0029: unknown main item tag 0x0
[  941.694242][T11796] hid-led 0003:1294:1320.0029: unknown main item tag 0x0
[  941.779621][T11796] hid-led 0003:1294:1320.0029: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.6-1/input0
[  941.795260][T17540] fuse: Unknown parameter 'rootmod'
[  941.979169][T11796] hid-led 0003:1294:1320.0029: Riso Kagaku Webmail Notifier initialized
[  942.040332][T11796] usb 7-1: USB disconnect, device number 30
[  942.059371][ T2999] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  942.072898][ T3489] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  942.100441][ T3489] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  942.476187][T17542] fido_id[17542]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  944.387574][T17535] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3260'.
[  945.033077][ T5895] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  945.181029][ T5895] usb 1-1: device descriptor read/64, error -71
[  945.344674][T17566] netlink: 'syz.1.3267': attribute type 29 has an invalid length.
[  945.362329][T17567] netlink: 'syz.1.3267': attribute type 29 has an invalid length.
[  945.413053][T17565] netlink: 500 bytes leftover after parsing attributes in process `syz.1.3267'.
[  945.461025][ T5895] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  945.601410][ T5895] usb 1-1: device descriptor read/64, error -71
[  945.724676][ T5895] usb usb1-port1: attempt power cycle
[  946.323636][ T5895] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  946.362010][ T5895] usb 1-1: device descriptor read/8, error -71
[  946.449970][T17581] netlink: 'syz.6.3274': attribute type 39 has an invalid length.
[  946.531266][ T5912] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  946.641679][ T5895] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  946.669030][T17587] FAULT_INJECTION: forcing a failure.
[  946.669030][T17587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.672498][ T5895] usb 1-1: device descriptor read/8, error -71
[  946.695766][T17587] CPU: 1 UID: 0 PID: 17587 Comm: syz.6.3277 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  946.695798][T17587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  946.695811][T17587] Call Trace:
[  946.695820][T17587]  <TASK>
[  946.695830][T17587]  dump_stack_lvl+0x189/0x250
[  946.695878][T17587]  ? __pfx____ratelimit+0x10/0x10
[  946.695906][T17587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  946.695935][T17587]  ? __pfx__printk+0x10/0x10
[  946.695958][T17587]  ? __might_fault+0xb0/0x130
[  946.695991][T17587]  should_fail_ex+0x414/0x560
[  946.696022][T17587]  _copy_from_user+0x2d/0xb0
[  946.696045][T17587]  ___sys_sendmsg+0x158/0x2a0
[  946.696071][T17587]  ? __pfx____sys_sendmsg+0x10/0x10
[  946.696132][T17587]  ? __fget_files+0x2a/0x420
[  946.696153][T17587]  ? __fget_files+0x3a0/0x420
[  946.696188][T17587]  __x64_sys_sendmsg+0x19b/0x260
[  946.696213][T17587]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  946.696245][T17587]  ? __pfx_ksys_write+0x10/0x10
[  946.696271][T17587]  ? do_syscall_64+0xbe/0x3b0
[  946.696302][T17587]  do_syscall_64+0xfa/0x3b0
[  946.696327][T17587]  ? lockdep_hardirqs_on+0x9c/0x150
[  946.696352][T17587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.696372][T17587]  ? clear_bhb_loop+0x60/0xb0
[  946.696397][T17587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.696416][T17587] RIP: 0033:0x7f00a278e929
[  946.696436][T17587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  946.696454][T17587] RSP: 002b:00007f00a3601038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  946.696477][T17587] RAX: ffffffffffffffda RBX: 00007f00a29b5fa0 RCX: 00007f00a278e929
[  946.696493][T17587] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  946.696507][T17587] RBP: 00007f00a3601090 R08: 0000000000000000 R09: 0000000000000000
[  946.696520][T17587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  946.696533][T17587] R13: 0000000000000000 R14: 00007f00a29b5fa0 R15: 00007f00a2adfa28
[  946.696565][T17587]  </TASK>
[  946.940748][ T5912] usb 4-1: Using ep0 maxpacket: 16
[  946.944743][ T5895] usb usb1-port1: unable to enumerate USB device
[  946.960453][T17590] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3275'.
[  947.169044][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  947.190835][ T5912] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  947.217743][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  947.269996][ T5912] usb 4-1: config 0 descriptor??
[  947.715053][ T5912] hid-led 0003:1294:1320.002A: unknown main item tag 0x0
[  947.750107][ T5912] hid-led 0003:1294:1320.002A: unknown main item tag 0x0
[  947.778960][ T5912] hid-led 0003:1294:1320.002A: unknown main item tag 0x0
[  947.790859][ T5912] hid-led 0003:1294:1320.002A: unknown main item tag 0x0
[  947.803087][ T5912] hid-led 0003:1294:1320.002A: unknown main item tag 0x0
[  947.861440][ T5912] hid-led 0003:1294:1320.002A: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0
[  947.912984][T17577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  947.917020][ T5912] hid-led 0003:1294:1320.002A: Riso Kagaku Webmail Notifier initialized
[  947.922846][T17577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  948.066813][ T5912] usb 4-1: USB disconnect, device number 4
[  948.114268][  T772] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  948.130860][T17601] fido_id[17601]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  948.146739][  T772] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  948.214273][   T12] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  948.227527][T17585] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  948.251058][T17585] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  948.259834][T17585] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  948.275109][T17585] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  948.355495][T17585] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  948.391559][T17585] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  948.437438][T17585] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  948.462809][T17585] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  948.485102][T17585] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  948.503764][T17585] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  948.922020][T17617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3284'.
[  948.937443][T17617] netlink: 'syz.1.3284': attribute type 9 has an invalid length.
[  949.413911][T17621] loop2: detected capacity change from 0 to 7
[  949.422405][T17621] Dev loop2: unable to read RDB block 7
[  949.431772][T17621]  loop2: unable to read partition table
[  949.444302][T17621] loop2: partition table beyond EOD, truncated
[  949.491206][T17621] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  950.125330][T17639] netlink: 'syz.3.3285': attribute type 1 has an invalid length.
[  950.211847][T17639] 8021q: adding VLAN 0 to HW filter on device bond1
[  950.221420][ T5895] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  950.254085][T17639] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3285'.
[  950.291051][ T5985] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  950.461072][ T5895] usb 7-1: device descriptor read/64, error -71
[  950.481103][ T5985] usb 3-1: Using ep0 maxpacket: 8
[  950.492262][ T5985] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  950.528308][ T5985] usb 3-1: config 179 has no interface number 0
[  950.555376][ T5985] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  950.597028][ T5985] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  950.623837][ T5985] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  950.661267][ T5985] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  950.701048][ T5895] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  950.711042][ T5985] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  950.749379][ T5985] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  950.777653][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.803254][T17637] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  950.851156][ T5895] usb 7-1: device descriptor read/64, error -71
[  950.961540][ T5895] usb usb7-port1: attempt power cycle
[  951.072795][T17650] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3294'.
[  951.311348][ T5895] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  951.354593][ T5895] usb 7-1: device descriptor read/8, error -71
[  951.387300][   T24] usb 3-1: USB disconnect, device number 117
[  951.387337][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  951.402044][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  951.410372][    C0] vkms_vblank_simulate: vblank timer overrun
[  951.666301][ T5895] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  951.701483][ T5895] usb 7-1: device descriptor read/8, error -71
[  951.801266][ T5985] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  951.811355][ T5895] usb usb7-port1: unable to enumerate USB device
[  951.960978][ T5985] usb 4-1: Using ep0 maxpacket: 16
[  951.976508][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.990277][ T5985] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  952.005111][ T5985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  952.042096][ T5985] usb 4-1: config 0 descriptor??
[  952.496977][ T5985] hid-led 0003:1294:1320.002B: unknown main item tag 0x0
[  952.510980][ T5985] hid-led 0003:1294:1320.002B: unknown main item tag 0x0
[  952.519020][ T5985] hid-led 0003:1294:1320.002B: unknown main item tag 0x0
[  952.551147][ T5985] hid-led 0003:1294:1320.002B: unknown main item tag 0x0
[  952.558318][ T5985] hid-led 0003:1294:1320.002B: unknown main item tag 0x0
[  952.627173][ T5985] hid-led 0003:1294:1320.002B: hidraw0: USB HID v0.03 Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0
[  952.732370][T17652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  952.752774][T17652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  952.823158][ T5985] hid-led 0003:1294:1320.002B: Riso Kagaku Webmail Notifier initialized
[  952.857594][ T5985] usb 4-1: USB disconnect, device number 5
[  952.887250][ T1165] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[  952.897628][ T1165] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[  952.933922][ T1165] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[  952.991545][ T5895] usb 3-1: new full-speed USB device number 118 using dummy_hcd
[  953.020475][T17665] fido_id[17665]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  953.143830][ T5895] usb 3-1: device descriptor read/64, error -71
[  953.259032][T17673] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3301'.
[  953.641034][ T5895] usb 3-1: new full-speed USB device number 119 using dummy_hcd
[  953.811095][ T5895] usb 3-1: device descriptor read/64, error -71
[  953.972325][   T30] audit: type=1400 audit(1749123698.602:576): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=17680 comm="syz.3.3305"
[  953.991403][    C0] vkms_vblank_simulate: vblank timer overrun
[  954.161835][ T5895] usb usb3-port1: attempt power cycle
[  954.599808][T17696] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3309'.
[  954.654822][ T5895] usb 3-1: new full-speed USB device number 120 using dummy_hcd
[  954.682200][ T5895] usb 3-1: device descriptor read/8, error -71
[  954.931327][ T5895] usb 3-1: new full-speed USB device number 121 using dummy_hcd
[  954.961793][ T5895] usb 3-1: device descriptor read/8, error -71
[  955.071793][ T5895] usb usb3-port1: unable to enumerate USB device
[  955.076622][ T5985] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  955.221005][ T5985] usb 1-1: device descriptor read/64, error -71
[  955.231158][ T5912] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  955.413968][ T5912] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  955.428051][ T5912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.454990][ T5912] usb 7-1: config 0 descriptor??
[  955.470988][ T5985] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  955.488170][ T5912] cp210x 7-1:0.0: cp210x converter detected
[  955.631258][ T5985] usb 1-1: device descriptor read/64, error -71
[  955.676762][T17707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  955.714955][T17707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.746954][T17707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  955.765444][ T5985] usb usb1-port1: attempt power cycle
[  955.789015][T17707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.799161][T17707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  955.858294][T17707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.879816][T17707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  955.890573][T17707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.902160][T17707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  955.915059][T17707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.931445][ T5912] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -32
[  955.944195][ T5912] cp210x 7-1:0.0: querying part number failed
[  955.999174][ T5912] usb 7-1: cp210x converter now attached to ttyUSB0
[  956.111055][ T5895] usb 3-1: new low-speed USB device number 122 using dummy_hcd
[  956.121207][ T5985] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  956.191844][ T5985] usb 1-1: device descriptor read/8, error -71
[  956.275483][ T5895] usb 3-1: Invalid ep0 maxpacket: 32
[  956.288603][T17704] netlink: 'syz.6.3313': attribute type 10 has an invalid length.
[  956.300684][T17704] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3313'.
[  956.312585][T17704] bridge0: port 3(dummy0) entered blocking state
[  956.320053][T17704] bridge0: port 3(dummy0) entered disabled state
[  956.331542][T17704] dummy0: entered allmulticast mode
[  956.432629][ T5895] usb 3-1: new low-speed USB device number 123 using dummy_hcd
[  956.451270][ T5985] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  956.484546][ T5912] usb 7-1: USB disconnect, device number 35
[  956.498801][ T5985] usb 1-1: device descriptor read/8, error -71
[  956.508732][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  956.568878][ T5912] cp210x 7-1:0.0: device disconnected
[  956.592272][ T5895] usb 3-1: Invalid ep0 maxpacket: 32
[  956.600475][ T5895] usb usb3-port1: attempt power cycle
[  956.640153][ T5985] usb usb1-port1: unable to enumerate USB device
[  956.951338][ T5895] usb 3-1: new low-speed USB device number 124 using dummy_hcd
[  956.986846][ T5895] usb 3-1: Invalid ep0 maxpacket: 32
[  957.047226][T17732] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3321'.
[  957.126450][T17732] erspan0: entered promiscuous mode
[  957.152304][ T5895] usb 3-1: new low-speed USB device number 125 using dummy_hcd
[  957.172204][T17732] macvtap1: entered promiscuous mode
[  957.180485][T17732] macvtap1: entered allmulticast mode
[  957.198886][ T5895] usb 3-1: Invalid ep0 maxpacket: 32
[  957.207350][ T5895] usb usb3-port1: unable to enumerate USB device
[  957.235606][T17732] erspan0: entered allmulticast mode
[  957.735360][T17742] FAULT_INJECTION: forcing a failure.
[  957.735360][T17742] name failslab, interval 1, probability 0, space 0, times 0
[  957.749826][T17742] CPU: 1 UID: 0 PID: 17742 Comm: syz.1.3325 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  957.749855][T17742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  957.749868][T17742] Call Trace:
[  957.749877][T17742]  <TASK>
[  957.749885][T17742]  dump_stack_lvl+0x189/0x250
[  957.749921][T17742]  ? __pfx____ratelimit+0x10/0x10
[  957.749947][T17742]  ? __pfx_dump_stack_lvl+0x10/0x10
[  957.749976][T17742]  ? __pfx__printk+0x10/0x10
[  957.750005][T17742]  ? __pfx___might_resched+0x10/0x10
[  957.750030][T17742]  should_fail_ex+0x414/0x560
[  957.750061][T17742]  should_failslab+0xa8/0x100
[  957.750085][T17742]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  957.750107][T17742]  ? __alloc_skb+0x112/0x2d0
[  957.750140][T17742]  __alloc_skb+0x112/0x2d0
[  957.750164][T17742]  netlink_sendmsg+0x5c6/0xb30
[  957.750195][T17742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  957.750219][T17742]  ? aa_sock_msg_perm+0x94/0x160
[  957.750248][T17742]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  957.750272][T17742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  957.750293][T17742]  __sock_sendmsg+0x21c/0x270
[  957.750324][T17742]  ____sys_sendmsg+0x505/0x830
[  957.750352][T17742]  ? __pfx_____sys_sendmsg+0x10/0x10
[  957.750384][T17742]  ? import_iovec+0x74/0xa0
[  957.750408][T17742]  ___sys_sendmsg+0x21f/0x2a0
[  957.750431][T17742]  ? __pfx____sys_sendmsg+0x10/0x10
[  957.750490][T17742]  ? __fget_files+0x2a/0x420
[  957.750511][T17742]  ? __fget_files+0x3a0/0x420
[  957.750543][T17742]  __x64_sys_sendmsg+0x19b/0x260
[  957.750568][T17742]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  957.750598][T17742]  ? __pfx_ksys_write+0x10/0x10
[  957.750614][T17742]  ? rcu_is_watching+0x15/0xb0
[  957.750637][T17742]  ? do_syscall_64+0xbe/0x3b0
[  957.750665][T17742]  do_syscall_64+0xfa/0x3b0
[  957.750689][T17742]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.750712][T17742]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.750731][T17742]  ? clear_bhb_loop+0x60/0xb0
[  957.750755][T17742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.750773][T17742] RIP: 0033:0x7fb991f8e929
[  957.750791][T17742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  957.750809][T17742] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  957.750831][T17742] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[  957.750846][T17742] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  957.750859][T17742] RBP: 00007fb992dca090 R08: 0000000000000000 R09: 0000000000000000
[  957.750876][T17742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  957.750886][T17742] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[  957.750916][T17742]  </TASK>
[  958.177690][T17734] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  958.185283][T17734] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  958.206475][T17745] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3324'.
[  958.708661][T17762] input: syz1 as /devices/virtual/input/input34
[  959.097095][T17769] loop6: detected capacity change from 0 to 524287999
[  959.678538][T17777] input: syz0 as /devices/virtual/input/input35
[  959.927653][T17788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3342'.
[  959.959867][T17788] netlink: 'syz.3.3342': attribute type 9 has an invalid length.
[  960.024567][T17788] mac80211_hwsim hwsim24 wlan0: entered promiscuous mode
[  960.051790][T17788] macvlan2: entered allmulticast mode
[  960.064427][T17788] mac80211_hwsim hwsim24 wlan0: entered allmulticast mode
[  960.078390][T17792] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3344'.
[  960.137123][T17792] netlink: 216 bytes leftover after parsing attributes in process `syz.2.3344'.
[  960.187395][T17792] netlink: 216 bytes leftover after parsing attributes in process `syz.2.3344'.
[  960.243851][T17792] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  960.357403][T17802] Cannot find set identified by id 65535 to match
[  960.416484][T17802] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3347'.
[  960.799480][   T30] audit: type=1400 audit(1749123705.442:577): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=17813 comm="syz.2.3351"
[  961.105356][T17823] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3350'.
[  961.281325][ T5891] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  961.427812][T17832] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  961.456156][ T5891] usb 2-1: config 0 has no interfaces?
[  961.467340][ T5891] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  961.486210][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.515082][ T5891] usb 2-1: Product: syz
[  961.523789][ T5891] usb 2-1: Manufacturer: syz
[  961.536560][ T5891] usb 2-1: SerialNumber: syz
[  961.575544][ T5891] usb 2-1: config 0 descriptor??
[  962.149258][T17837] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3359'.
[  962.441915][   T24] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  962.647527][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  962.715185][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  962.786622][   T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  962.847206][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.919416][   T24] usb 3-1: config 0 descriptor??
[  963.380668][   T24] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  963.403683][   T24] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  963.437615][   T24] pyra 0003:1E7D:2CF6.002C: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  964.096793][   T24] pyra 0003:1E7D:2CF6.002C: couldn't init struct pyra_device
[  964.118400][   T24] pyra 0003:1E7D:2CF6.002C: couldn't install mouse
[  964.157939][   T24] pyra 0003:1E7D:2CF6.002C: probe with driver pyra failed with error -71
[  964.332979][ T5912] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  964.350212][   T24] usb 3-1: USB disconnect, device number 126
[  964.492000][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  964.567422][ T5912] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  964.580072][ T5912] usb 1-1: config 179 has no interface number 0
[  964.596625][ T5912] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  964.596663][ T5912] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  964.608104][ T5912] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  964.608139][ T5912] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  964.608187][ T5912] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  964.608211][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.612346][T17860] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  964.857546][ T5912] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input36
[  964.939997][ T5894] usb 2-1: USB disconnect, device number 125
[  965.521567][ T5891] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  965.794007][ T5891] usb 2-1: Using ep0 maxpacket: 16
[  965.845772][ T5891] usb 2-1: config 0 interface 0 altsetting 48 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  965.881026][ T5891] usb 2-1: config 0 interface 0 has no altsetting 0
[  965.908201][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00
[  966.137904][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.186659][ T5891] usb 2-1: config 0 descriptor??
[  966.256798][ T5894] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[  966.411025][ T5894] usb 3-1: Using ep0 maxpacket: 16
[  966.417865][ T5894] usb 3-1: too many configurations: 123, using maximum allowed: 8
[  966.536657][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.568040][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.603063][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.634200][ T5891] logitech 0003:046D:C219.002D: unknown main item tag 0x2
[  966.658245][ T5891] logitech 0003:046D:C219.002D: hidraw0: USB HID v0.01 Device [HID 046d:c219] on usb-dummy_hcd.1-1/input0
[  966.691221][   T30] audit: type=1326 audit(1749123711.332:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  966.712503][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.749395][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.781156][ T5891] logitech 0003:046D:C219.002D: no inputs found
[  966.787200][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.809274][   T30] audit: type=1326 audit(1749123711.332:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  966.827939][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.865982][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  966.889757][ T5894] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  966.906935][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  967.021298][   T30] audit: type=1326 audit(1749123711.362:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.041076][ T5894] usb 3-1: SerialNumber: syz
[  967.044061][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.170838][   T30] audit: type=1326 audit(1749123711.362:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.177305][ T5894] usb 3-1: config 0 descriptor??
[  967.193562][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.322735][   T30] audit: type=1326 audit(1749123711.362:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.345022][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.419982][ T5894] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input37
[  967.528508][  T772] bridge_slave_1: left allmulticast mode
[  967.535733][  T772] bridge_slave_1: left promiscuous mode
[  967.556400][   T30] audit: type=1326 audit(1749123711.362:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.621336][  T772] bridge0: port 2(bridge_slave_1) entered disabled state
[  967.709061][   T30] audit: type=1326 audit(1749123711.362:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.737300][ T5190] bcm5974 3-1:0.0: could not read from device
[  967.773687][  T772] bridge_slave_0: left promiscuous mode
[  967.789720][  T772] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.832271][ T5190] bcm5974 3-1:0.0: could not read from device
[  967.881821][   T30] audit: type=1326 audit(1749123711.372:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  967.923555][ T5894] usb 3-1: USB disconnect, device number 127
[  967.967181][ T5891] usb 1-1: USB disconnect, device number 94
[  967.967250][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  967.981634][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  967.993999][ T5891] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  968.051220][   T30] audit: type=1326 audit(1749123711.372:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  968.339183][   T30] audit: type=1326 audit(1749123711.452:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17881 comm="syz.3.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058cd8e929 code=0x7ffc0000
[  968.413134][    T9] usb 2-1: USB disconnect, device number 126
[  971.372814][  T772] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  971.391425][  T772] bond2 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 0e:d9:28:cd:a7:8a - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  971.855518][ T5894] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  971.906192][  T772] batman_adv: batadv0: Interface deactivated: macsec2
[  971.933840][  T772] batman_adv: batadv0: Removing interface: macsec2
[  972.014286][ T5894] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  972.024717][ T5894] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  972.043551][ T5894] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  972.060374][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.069531][ T5894] usb 1-1: Product: syz
[  972.083537][ T5894] usb 1-1: Manufacturer: syz
[  972.088428][ T5894] usb 1-1: SerialNumber: syz
[  972.100656][ T5894] usb 1-1: config 0 descriptor??
[  972.286599][  T772] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  972.298007][  T772] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  972.308557][  T772] bond0 (unregistering): Released all slaves
[  972.486685][  T772] bond1 (unregistering): Released all slaves
[  972.504672][  T772] bond2 (unregistering): (slave veth3): Releasing backup interface
[  972.514493][  T772] bond2 (unregistering): Released all slaves
[  972.537869][  T772] bond3 (unregistering): (slave veth5): Releasing backup interface
[  972.549602][  T772] bond3 (unregistering): Released all slaves
[  972.737694][  T772] bond4 (unregistering): Released all slaves
[  972.756048][  T772] bond5 (unregistering): (slave veth7): Releasing backup interface
[  972.765820][  T772] bond5 (unregistering): Released all slaves
[  972.939910][  T772] bond6 (unregistering): Released all slaves
[  973.103538][  T772] bond7 (unregistering): left promiscuous mode
[  973.117737][  T772] team0: Port device bond7 removed
[  973.124916][  T772] bond7 (unregistering): Released all slaves
[  973.140693][T17901] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3373'.
[  973.163329][T17909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3372'.
[  973.389533][  T772] tipc: Left network mode
[  974.277396][  T772] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  974.331546][ T5894] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  974.428606][  T772] batman_adv: batadv0: Removing interface: batadv_slave_0
[  974.488302][    T9] usb 1-1: USB disconnect, device number 95
[  974.600989][ T5894] usb 7-1: Using ep0 maxpacket: 32
[  974.732558][  T772] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  974.740085][  T772] batman_adv: batadv0: Removing interface: batadv_slave_1
[  974.753378][ T5894] usb 7-1: config 0 has an invalid interface number: 235 but max is 0
[  974.801666][ T5894] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  974.885540][ T5894] usb 7-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  974.970301][  T772] veth0_macvtap: left promiscuous mode
[  975.014464][ T5894] usb 7-1: config 0 has no interface number 1
[  975.038865][  T772] veth1_vlan: left promiscuous mode
[  975.049947][ T5894] usb 7-1: config 0 interface 235 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  975.064610][  T772] veth0_vlan: left promiscuous mode
[  975.076250][ T5894] usb 7-1: config 0 interface 235 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  975.291881][ T5894] usb 7-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47
[  975.389401][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.438584][ T5894] usb 7-1: Product: syz
[  975.481195][ T5894] usb 7-1: Manufacturer: syz
[  975.485989][ T5894] usb 7-1: SerialNumber: syz
[  975.500112][ T5894] usb 7-1: config 0 descriptor??
[  975.505261][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  975.664931][   T43] usb 4-1: Using ep0 maxpacket: 16
[  975.677164][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  975.694226][   T43] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  975.707045][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.719302][   T43] usb 4-1: Product: syz
[  975.792186][   T43] usb 4-1: Manufacturer: syz
[  975.854222][   T43] usb 4-1: SerialNumber: syz
[  975.860345][ T5894] kaweth 7-1:0.235: Firmware present in device.
[  975.880633][   T43] usb 4-1: config 0 descriptor??
[  975.908789][   T43] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  975.958492][ T5894] kaweth 7-1:0.235: Statistics collection: 38c91e93
[  975.989761][   T43] usb 4-1: Detected FT232R
[  975.995754][T17983] No such timeout policy "syz0"
[  976.009432][T17983] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3398'.
[  976.030953][ T5894] kaweth 7-1:0.235: Multicast filter limit: 8b2
[  976.037287][ T5894] kaweth 7-1:0.235: MTU: 20057
[  976.076839][ T5894] kaweth 7-1:0.235: Read MAC address a7:41:18:cd:36:0e
[  976.111301][   T43] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  976.327574][   T43] ftdi_sio 4-1:0.0: GPIO initialisation failed: -5
[  976.348454][   T43] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  976.542368][   T43] usb 4-1: USB disconnect, device number 6
[  976.583435][   T43] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  976.610808][   T43] ftdi_sio 4-1:0.0: device disconnected
[  977.376794][ T5894] kaweth 7-1:0.235: probe with driver kaweth failed with error -5
[  977.451896][ T5894] kaweth 7-1:0.0: Firmware present in device.
[  977.466951][ T5894] kaweth 7-1:0.0: Error reading configuration (-71), no net device created
[  977.485489][ T5894] kaweth 7-1:0.0: probe with driver kaweth failed with error -5
[  977.598641][ T5894] usb 7-1: USB disconnect, device number 36
[  977.646594][  T772] team_slave_1 (unregistering): left promiscuous mode
[  977.698117][  T772] team0 (unregistering): Port device team_slave_1 removed
[  977.982588][T18006] input: syz1 as /devices/virtual/input/input38
[  978.059360][  T772] team_slave_0 (unregistering): left promiscuous mode
[  978.118667][  T772] team0 (unregistering): Port device team_slave_0 removed
[  979.350450][T17996] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3403'.
[  979.376786][T17999] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  979.424034][T17999] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3404'.
[  979.485923][T18012] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-all": -EINTR
[  979.506943][T18016] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  980.750466][T18056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3423'.
[  980.779134][T18056] netlink: 'syz.2.3423': attribute type 9 has an invalid length.
[  980.823468][T18056] mac80211_hwsim hwsim27 wlan0: entered promiscuous mode
[  980.831609][T18056] macvlan2: entered allmulticast mode
[  980.843015][T18056] mac80211_hwsim hwsim27 wlan0: entered allmulticast mode
[  980.903096][T18063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3425'.
[  981.015439][ T5891] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  981.148042][T18073] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  981.187871][ T5891] usb 7-1: config 0 has an invalid interface number: 106 but max is 0
[  981.209188][ T5891] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  981.241645][ T5985] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  981.255404][ T5891] usb 7-1: config 0 has no interface number 0
[  981.271128][ T5891] usb 7-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 15403, setting to 1024
[  981.292969][ T5891] usb 7-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  981.313660][ T5891] usb 7-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  981.359900][ T5891] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  981.398081][ T5985] usb 1-1: device descriptor read/64, error -71
[  981.411108][ T5891] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  981.441070][ T5891] usb 7-1: config 0 descriptor??
[  981.468024][T18047] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  981.485204][T18079] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3429'.
[  981.642154][ T5891] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  981.661548][ T5985] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  981.714074][   T36] usb 7-1: Failed to submit usb control message: -71
[  981.744159][   T36] usb 7-1: unable to send the bmi data to the device: -71
[  981.764135][ T5891] usb 7-1: USB disconnect, device number 37
[  981.780170][   T36] usb 7-1: unable to get target info from device
[  981.851139][ T5985] usb 1-1: device descriptor read/64, error -71
[  981.911183][   T36] usb 7-1: could not get target info (-71)
[  981.927608][   T36] usb 7-1: could not probe fw (-71)
[  982.001433][ T5985] usb usb1-port1: attempt power cycle
[  982.126805][T18092] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3432'.
[  982.296851][T18090] xt_CT: No such helper "netbios-ns"
[  982.471438][T18096] =======================================================
[  982.471438][T18096] WARNING: The mand mount option has been deprecated and
[  982.471438][T18096]          and is ignored by this kernel. Remove the mand
[  982.471438][T18096]          option from the mount to silence this warning.
[  982.471438][T18096] =======================================================
[  982.471642][T18096] fuse: Unknown parameter 'appraise_type'
[  982.491107][ T5985] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  982.653364][ T5985] usb 1-1: device descriptor read/8, error -71
[  982.901738][ T5985] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  982.962113][ T5985] usb 1-1: device descriptor read/8, error -71
[  983.081645][ T5985] usb usb1-port1: unable to enumerate USB device
[  983.627745][T18127] loop2: detected capacity change from 0 to 7
[  983.754149][T18127] Dev loop2: unable to read RDB block 7
[  983.759890][T18127]  loop2: unable to read partition table
[  983.766744][T18127] loop2: partition table beyond EOD, truncated
[  983.773331][T18127] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  984.635169][T18137] xt_hashlimit: max too large, truncated to 1048576
[  984.645782][T18137] xt_bpf: check failed: parse error
[  985.449254][T18150] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3447'.
[  985.699157][T18158] x_tables: duplicate underflow at hook 2
[  986.455928][T18165] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3455'.
[  986.811058][    T9] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  986.941026][    T9] usb 7-1: device descriptor read/64, error -71
[  987.180982][    T9] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  987.312407][    T9] usb 7-1: device descriptor read/64, error -71
[  987.421436][    T9] usb usb7-port1: attempt power cycle
[  987.801969][    T9] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  987.825907][T18186] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3461'.
[  987.831062][    T9] usb 7-1: device descriptor read/8, error -71
[  987.993577][T18186] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3461'.
[  988.092805][    T9] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  988.095936][T18170] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3457'.
[  988.133866][    T9] usb 7-1: device descriptor read/8, error -71
[  988.151242][ T5894] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  988.184389][T18186] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3461'.
[  988.268872][    T9] usb usb7-port1: unable to enumerate USB device
[  988.333656][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  988.362730][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  988.375763][ T5894] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  988.375859][T18200] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3463'.
[  988.385280][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.415573][ T5894] usb 2-1: config 0 descriptor??
[  988.429396][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  988.429416][   T30] audit: type=1326 audit(1749123733.072:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.458028][    C0] vkms_vblank_simulate: vblank timer overrun
[  988.505833][   T30] audit: type=1326 audit(1749123733.072:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.558757][T18204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3465'.
[  988.569030][   T30] audit: type=1326 audit(1749123733.112:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.591324][    C0] vkms_vblank_simulate: vblank timer overrun
[  988.601230][   T30] audit: type=1326 audit(1749123733.112:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.623595][    C0] vkms_vblank_simulate: vblank timer overrun
[  988.651043][   T30] audit: type=1326 audit(1749123733.112:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.673546][    C0] vkms_vblank_simulate: vblank timer overrun
[  988.697994][   T30] audit: type=1326 audit(1749123733.122:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.721127][   T43] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  988.724672][   T30] audit: type=1326 audit(1749123733.122:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.759403][   T30] audit: type=1326 audit(1749123733.122:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.782439][   T30] audit: type=1326 audit(1749123733.122:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.805429][   T30] audit: type=1326 audit(1749123733.122:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18201 comm="syz.0.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[  988.839858][ T5894] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  988.875285][ T5894] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  988.879142][T18208] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  988.882789][   T43] usb 1-1: Using ep0 maxpacket: 32
[  988.898162][ T5894] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  988.901678][T18208] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  988.906023][ T5894] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  988.925076][ T5894] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  988.935918][   T43] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  988.944969][   T43] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  988.956249][ T5894] cm6533_jd 0003:0D8C:0022.002E: No inputs registered, leaving
[  988.975101][   T43] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  989.003956][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  989.014759][ T5894] cm6533_jd 0003:0D8C:0022.002E: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  989.045906][   T43] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  989.075300][   T43] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  989.118621][   T43] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  989.130403][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.167509][   T43] usb 1-1: config 0 descriptor??
[  989.304466][T18180] team_slave_0: entered promiscuous mode
[  989.310688][T18180] team_slave_1: entered promiscuous mode
[  989.326896][T18180] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  989.336485][T18180] team0: Device macvtap1 is already an upper device of the team interface
[  989.352599][T18180] team_slave_0: left promiscuous mode
[  989.358174][T18180] team_slave_1: left promiscuous mode
[  989.434721][   T43] usblp 1-1:0.0: usblp1: USB Bidirectional printer dev 100 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  989.472352][   T43] usb 1-1: USB disconnect, device number 100
[  989.499802][   T43] usblp1: removed
[  989.767007][ T5985] usb 2-1: USB disconnect, device number 127
[  989.991399][    T9] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  990.240980][    T9] usb 1-1: Using ep0 maxpacket: 32
[  990.251243][    T9] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  990.268399][    T9] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  990.283876][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  990.337685][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  990.361021][ T5891] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  990.389387][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  990.503963][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  990.545804][    T9] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  990.637383][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.649739][    T9] usb 1-1: config 0 descriptor??
[  990.658980][ T5891] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  990.667277][ T5891] usb 4-1: config 0 has no interface number 0
[  990.681072][ T5891] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  990.696609][T18230] FAULT_INJECTION: forcing a failure.
[  990.696609][T18230] name failslab, interval 1, probability 0, space 0, times 0
[  990.740389][T18231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3472'.
[  990.809252][ T5891] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  990.832707][T18230] CPU: 0 UID: 0 PID: 18230 Comm: syz.1.3473 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  990.832742][T18230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  990.832754][T18230] Call Trace:
[  990.832763][T18230]  <TASK>
[  990.832772][T18230]  dump_stack_lvl+0x189/0x250
[  990.832808][T18230]  ? __pfx____ratelimit+0x10/0x10
[  990.832834][T18230]  ? __pfx_dump_stack_lvl+0x10/0x10
[  990.832860][T18230]  ? __pfx__printk+0x10/0x10
[  990.832887][T18230]  ? ref_tracker_alloc+0x318/0x460
[  990.832928][T18230]  should_fail_ex+0x414/0x560
[  990.832959][T18230]  should_failslab+0xa8/0x100
[  990.832984][T18230]  kmem_cache_alloc_noprof+0x73/0x3c0
[  990.833002][T18230]  ? skb_clone+0x212/0x3a0
[  990.833028][T18230]  skb_clone+0x212/0x3a0
[  990.833053][T18230]  __netlink_deliver_tap+0x404/0x850
[  990.833087][T18230]  ? netlink_deliver_tap+0x2e/0x1b0
[  990.833108][T18230]  netlink_deliver_tap+0x19c/0x1b0
[  990.833128][T18230]  netlink_unicast+0x72f/0x8d0
[  990.833166][T18230]  netlink_sendmsg+0x805/0xb30
[  990.833194][T18230]  ? __pfx_netlink_sendmsg+0x10/0x10
[  990.833216][T18230]  ? aa_sock_msg_perm+0x94/0x160
[  990.833238][T18230]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  990.833257][T18230]  ? __pfx_netlink_sendmsg+0x10/0x10
[  990.833272][T18230]  __sock_sendmsg+0x21c/0x270
[  990.833294][T18230]  ____sys_sendmsg+0x505/0x830
[  990.833317][T18230]  ? __pfx_____sys_sendmsg+0x10/0x10
[  990.833348][T18230]  ? import_iovec+0x74/0xa0
[  990.833374][T18230]  ___sys_sendmsg+0x21f/0x2a0
[  990.833398][T18230]  ? __pfx____sys_sendmsg+0x10/0x10
[  990.833459][T18230]  ? __fget_files+0x2a/0x420
[  990.833480][T18230]  ? __fget_files+0x3a0/0x420
[  990.833513][T18230]  __x64_sys_sendmsg+0x19b/0x260
[  990.833536][T18230]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  990.833568][T18230]  ? __pfx_ksys_write+0x10/0x10
[  990.833586][T18230]  ? rcu_is_watching+0x15/0xb0
[  990.833611][T18230]  ? do_syscall_64+0xbe/0x3b0
[  990.833642][T18230]  do_syscall_64+0xfa/0x3b0
[  990.833664][T18230]  ? lockdep_hardirqs_on+0x9c/0x150
[  990.833688][T18230]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.833706][T18230]  ? clear_bhb_loop+0x60/0xb0
[  990.833729][T18230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.833748][T18230] RIP: 0033:0x7fb991f8e929
[  990.833765][T18230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  990.833782][T18230] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  990.833802][T18230] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[  990.833814][T18230] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  990.833824][T18230] RBP: 00007fb992dca090 R08: 0000000000000000 R09: 0000000000000000
[  990.833834][T18230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  990.833843][T18230] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[  990.833868][T18230]  </TASK>
[  991.133071][    C0] vkms_vblank_simulate: vblank timer overrun
[  991.142102][ T5891] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has invalid maxpacket 43776, setting to 64
[  991.216536][    T9] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 101 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  991.233483][ T5891] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  991.242644][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  991.250626][ T5891] usb 4-1: Product: syz
[  991.254867][ T5891] usb 4-1: Manufacturer: syz
[  991.259484][ T5891] usb 4-1: SerialNumber: syz
[  991.272302][ T5891] usb 4-1: config 0 descriptor??
[  991.282760][T18219] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  991.295193][T18219] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  991.307780][ T5891] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  991.323432][ T5891] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  991.408010][   T43] usb 1-1: USB disconnect, device number 101
[  991.418024][   T43] usblp0: removed
[  992.158518][   T43] usb 4-1: USB disconnect, device number 7
[  992.256513][   T43] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  992.331251][ T5891] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  992.463816][   T43] cyberjack 4-1:0.69: device disconnected
[  992.490951][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  992.514882][ T5891] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  992.524747][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.680314][ T5891] usb 1-1: Product: syz
[  992.689730][ T5891] usb 1-1: Manufacturer: syz
[  992.694803][ T5891] usb 1-1: SerialNumber: syz
[  992.712189][T18254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3480'.
[  992.721837][T18250] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3478'.
[  992.806899][ T5891] usb 1-1: config 0 descriptor??
[  992.819636][ T5891] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244)
[  992.837414][T18250] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3478'.
[  993.035579][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  993.042252][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  993.201015][   T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  993.234943][T18259] netlink: 'syz.2.3481': attribute type 39 has an invalid length.
[  993.350991][   T43] usb 4-1: device descriptor read/64, error -71
[  993.436224][T18244] binder: 18243:18244 ioctl c0306201 200000000480 returned -14
[  993.586525][ T5891] radio-usb-si4713 1-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  993.607641][ T5891] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  993.633319][ T5891] usb 1-1: USB disconnect, device number 102
[  993.712245][   T43] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  993.877925][   T43] usb 4-1: device descriptor read/64, error -71
[  993.994983][   T43] usb usb4-port1: attempt power cycle
[  994.401155][   T43] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  994.434666][   T43] usb 4-1: device descriptor read/8, error -71
[  994.691020][   T43] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  994.722511][   T43] usb 4-1: device descriptor read/8, error -71
[  994.931449][   T43] usb usb4-port1: unable to enumerate USB device
[  996.522461][T18309] xt_NFQUEUE: number of queues (65527) out of range (got 81910)
[  996.615240][T18302] 8021q: adding VLAN 0 to HW filter on device bond3
[  997.102103][T18323] loop2: detected capacity change from 0 to 7
[  997.132989][T18323] Dev loop2: unable to read RDB block 7
[  997.138931][T18323]  loop2: AHDI p2
[  997.143976][T18323] loop2: partition table partially beyond EOD, truncated
[  997.290087][T18329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3504'.
[  997.651084][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  997.861131][    T9] usb 3-1: device descriptor read/64, error -71
[  998.391328][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  998.540985][ T5895] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[  998.620982][    T9] usb 3-1: device descriptor read/64, error -71
[  998.659298][T18351] netlink: 'syz.1.3511': attribute type 10 has an invalid length.
[  998.710569][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  998.731950][    T9] usb usb3-port1: attempt power cycle
[  998.756848][ T5895] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  998.780580][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  998.811899][ T5895] usb 1-1: config 0 descriptor??
[  999.028125][ T5895] usbhid 1-1:0.0: can't add hid device: -71
[  999.060200][ T5895] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  999.077630][ T5895] usb 1-1: USB disconnect, device number 103
[  999.080985][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  999.162900][    T9] usb 3-1: device descriptor read/8, error -71
[  999.329962][T18360] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3514'.
[  999.380163][T18360] vlan2: entered promiscuous mode
[  999.395615][T18360] team0: entered promiscuous mode
[  999.401491][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  999.420099][T18360] team_slave_0: entered promiscuous mode
[  999.429945][T18360] team_slave_1: entered promiscuous mode
[  999.445939][    T9] usb 3-1: device descriptor read/8, error -71
[  999.571976][    T9] usb usb3-port1: unable to enumerate USB device
[  999.575218][ T5895] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[  999.801228][ T5895] usb 1-1: Using ep0 maxpacket: 32
[  999.808997][T18370] nft_compat: unsupported protocol 5
[  999.816038][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  999.828965][ T5895] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  999.838940][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.852710][ T5895] usb 1-1: config 0 descriptor??
[  999.865051][ T5895] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  999.896032][ T5895] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1000.212044][ T5891] usb 1-1: USB disconnect, device number 104
[ 1000.218161][    C0] ldusb 1-1:0.0: usb_submit_urb failed (-19)
[ 1000.236216][ T5891] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[ 1000.303443][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1000.411784][T18349] ldusb: No device or device unplugged -19
[ 1000.424141][T18349] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3510'.
[ 1000.525008][    T9] usb 2-1: Using ep0 maxpacket: 32
[ 1000.539587][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1000.560720][    T9] usb 2-1: config 0 has no interface number 0
[ 1000.578491][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1000.620923][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1000.674692][    T9] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1000.716874][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1000.754633][    T9] usb 2-1: config 0 descriptor??
[ 1001.717806][T18383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3521'.
[ 1001.796342][ T5891] psmouse serio2: Failed to reset mouse on : -5
[ 1001.837665][    T9] uclogic 0003:28BD:0094.002F: pen parameters not found
[ 1001.861777][    T9] uclogic 0003:28BD:0094.002F: interface is invalid, ignoring
[ 1003.131298][T18387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3522'.
[ 1003.168125][T18389] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[ 1003.188068][T18389] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[ 1003.581604][   T30] kauditd_printk_skb: 70 callbacks suppressed
[ 1003.581626][   T30] audit: type=1326 audit(1749123748.222:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18400 comm="syz.3.3527" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f058cd8e929 code=0x0
[ 1003.767609][T18411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3529'.
[ 1003.795632][T18403] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3526'.
[ 1004.199573][ T5895] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[ 1004.331039][ T5895] usb 3-1: device descriptor read/64, error -71
[ 1004.473741][   T30] audit: type=1326 audit(1749123749.112:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.529067][   T30] audit: type=1326 audit(1749123749.112:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.576969][   T30] audit: type=1326 audit(1749123749.112:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.614192][ T5895] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1004.650052][   T30] audit: type=1326 audit(1749123749.112:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.741165][ T5985] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1004.759124][   T30] audit: type=1326 audit(1749123749.112:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.782297][ T5895] usb 3-1: device descriptor read/64, error -71
[ 1004.790252][   T30] audit: type=1326 audit(1749123749.112:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.855984][   T30] audit: type=1326 audit(1749123749.112:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.897848][ T5895] usb usb3-port1: attempt power cycle
[ 1004.906993][   T30] audit: type=1326 audit(1749123749.112:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1004.940359][ T5985] usb 1-1: Using ep0 maxpacket: 32
[ 1004.942096][   T30] audit: type=1326 audit(1749123749.112:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18423 comm="syz.0.3532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539ef8e929 code=0x7ffc0000
[ 1005.056226][ T5985] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1005.086839][ T5985] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1005.120946][ T5985] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1005.123638][T18435] No such timeout policy "syz0"
[ 1005.158928][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1005.217448][ T5985] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1005.248307][ T5985] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1005.251314][ T5895] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 1005.279821][ T5985] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1005.290286][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1005.291822][ T5895] usb 3-1: device descriptor read/8, error -71
[ 1005.361793][ T5985] usb 1-1: config 0 descriptor??
[ 1005.550722][T18439] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3538'.
[ 1005.561517][ T5895] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1005.595683][ T5895] usb 3-1: device descriptor read/8, error -71
[ 1005.608540][ T5985] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 105 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1005.631043][ T5891] misc userio: Buffer overflowed, userio client isn't keeping up
[ 1005.666770][ T5985] usb 1-1: USB disconnect, device number 105
[ 1005.695929][ T5985] usblp0: removed
[ 1005.713942][ T5895] usb usb3-port1: unable to enumerate USB device
[ 1006.163579][ T5985] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1006.220623][T18453] kvm: pic: non byte write
[ 1006.350953][ T5985] usb 1-1: Using ep0 maxpacket: 32
[ 1006.410645][ T5985] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1006.423999][ T5985] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1006.437717][ T5985] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1006.451009][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1006.469690][ T5985] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1006.488046][ T5985] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1006.514790][ T5985] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1006.528224][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.548872][ T5985] usb 1-1: config 0 descriptor??
[ 1006.686086][ T5891] input: PS/2 Generic Mouse as /devices/serio2/input/input39
[ 1006.783956][ T5985] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 106 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1006.947909][ T5891] psmouse serio2: Failed to enable mouse on 
[ 1007.019142][ T5891] usb 1-1: USB disconnect, device number 106
[ 1007.059149][ T5985] usb 2-1: USB disconnect, device number 2
[ 1007.072276][ T5891] usblp0: removed
[ 1007.088186][T18457] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1007.451156][T18466] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1007.502548][T18466] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.510511][T18466] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.579367][T18466] 
[ 1007.582291][T18466] =============================
[ 1007.587198][T18466] WARNING: suspicious RCU usage
[ 1007.592186][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1007.598997][T18466] -----------------------------
[ 1007.603939][T18466] net/ipv6/ip6_fib.c:2077 suspicious rcu_dereference_protected() usage!
[ 1007.612363][T18466] 
[ 1007.612363][T18466] other info that might help us debug this:
[ 1007.612363][T18466] 
[ 1007.622892][T18466] 
[ 1007.622892][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1007.631142][T18466] 4 locks held by syz.1.3546/18466:
[ 1007.636380][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1007.646152][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1007.655412][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1007.665131][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1007.674887][T18466] 
[ 1007.674887][T18466] stack backtrace:
[ 1007.680823][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1007.680859][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1007.680870][T18466] Call Trace:
[ 1007.680880][T18466]  <TASK>
[ 1007.680889][T18466]  dump_stack_lvl+0x189/0x250
[ 1007.680941][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1007.680970][T18466]  ? __pfx__printk+0x10/0x10
[ 1007.680994][T18466]  ? print_lock_name+0xde/0x100
[ 1007.681021][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1007.681054][T18466]  fib6_del+0x1516/0x1550
[ 1007.681080][T18466]  ? fib6_del+0x5a1/0x1550
[ 1007.681120][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1007.681165][T18466]  fib6_clean_node+0x29f/0x590
[ 1007.681191][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1007.681212][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1007.681247][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1007.681290][T18466]  fib6_walk_continue+0x67b/0x910
[ 1007.681329][T18466]  fib6_walk+0x149/0x290
[ 1007.681354][T18466]  __fib6_clean_all+0x234/0x380
[ 1007.681374][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1007.681397][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1007.681419][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1007.681446][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1007.681466][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1007.681513][T18466]  rt6_disable_ip+0x120/0x720
[ 1007.681543][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1007.681562][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1007.681596][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1007.681625][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1007.681650][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1007.681676][T18466]  ? tls_dev_event+0x717/0xec0
[ 1007.681703][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1007.681746][T18466]  addrconf_notify+0x1bc/0x1010
[ 1007.681775][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1007.681803][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1007.681827][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1007.681843][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1007.681871][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1007.681892][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1007.681925][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1007.681958][T18466]  netif_change_flags+0xe8/0x1a0
[ 1007.681986][T18466]  do_setlink+0xc55/0x41c0
[ 1007.682013][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1007.682041][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1007.682066][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1007.682086][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1007.682103][T18466]  ? enqueue_timer+0x216/0x560
[ 1007.682136][T18466]  ? _printk+0xcf/0x120
[ 1007.682162][T18466]  ? __pfx__printk+0x10/0x10
[ 1007.682179][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1007.682217][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1007.682252][T18466]  ? br_opt_toggle+0x108/0x120
[ 1007.682271][T18466]  ? br_changelink+0x1023/0x1650
[ 1007.682301][T18466]  ? br_changelink+0x124f/0x1650
[ 1007.682330][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1007.682357][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1007.682390][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1007.682419][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1007.682439][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1007.682479][T18466]  ? ns_capable+0x8a/0xf0
[ 1007.682522][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1007.682547][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1007.682575][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1007.682611][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1007.682664][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1007.682694][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.682726][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1007.682741][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1007.682771][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1007.682799][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.682825][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1007.682853][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1007.682886][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1007.682925][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1007.682982][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1007.683012][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1007.683046][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1007.683075][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1007.683102][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1007.683128][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1007.683154][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1007.683182][T18466]  ? __skb_clone+0x63/0x7a0
[ 1007.683212][T18466]  netlink_rcv_skb+0x208/0x470
[ 1007.683232][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1007.683260][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1007.683293][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1007.683312][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1007.683339][T18466]  netlink_unicast+0x75b/0x8d0
[ 1007.683381][T18466]  netlink_sendmsg+0x805/0xb30
[ 1007.683413][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1007.683437][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1007.683466][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1007.683513][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1007.683535][T18466]  __sock_sendmsg+0x21c/0x270
[ 1007.683567][T18466]  ____sys_sendmsg+0x505/0x830
[ 1007.683597][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1007.683632][T18466]  ? import_iovec+0x74/0xa0
[ 1007.683658][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1007.683684][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1007.683746][T18466]  ? __fget_files+0x2a/0x420
[ 1007.683830][T18466]  ? __fget_files+0x3a0/0x420
[ 1007.683868][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1007.683897][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1007.683933][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1007.683960][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1007.683993][T18466]  do_syscall_64+0xfa/0x3b0
[ 1007.684019][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1007.684053][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.684073][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1007.684100][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.684119][T18466] RIP: 0033:0x7fb991f8e929
[ 1007.684140][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1007.684158][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1007.684180][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1007.684195][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1007.684208][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1007.684219][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1007.684231][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1007.684265][T18466]  </TASK>
[ 1008.321352][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1008.327483][T18466] 
[ 1008.329844][T18466] =============================
[ 1008.334764][T18466] WARNING: suspicious RCU usage
[ 1008.339679][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1008.346538][T18466] -----------------------------
[ 1008.351462][T18466] net/ipv6/ip6_fib.c:2089 suspicious rcu_dereference_protected() usage!
[ 1008.359870][T18466] 
[ 1008.359870][T18466] other info that might help us debug this:
[ 1008.359870][T18466] 
[ 1008.370191][T18466] 
[ 1008.370191][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1008.378367][T18466] 4 locks held by syz.1.3546/18466:
[ 1008.383628][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1008.393291][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1008.402489][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1008.412123][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1008.421842][T18466] 
[ 1008.421842][T18466] stack backtrace:
[ 1008.427784][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1008.427822][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1008.427835][T18466] Call Trace:
[ 1008.427844][T18466]  <TASK>
[ 1008.427854][T18466]  dump_stack_lvl+0x189/0x250
[ 1008.427895][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1008.427925][T18466]  ? __pfx__printk+0x10/0x10
[ 1008.427952][T18466]  ? print_lock_name+0xde/0x100
[ 1008.427981][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1008.428019][T18466]  fib6_del+0x595/0x1550
[ 1008.428044][T18466]  ? fib6_del+0x5a1/0x1550
[ 1008.428083][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1008.428126][T18466]  fib6_clean_node+0x29f/0x590
[ 1008.428154][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1008.428175][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1008.428210][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1008.428245][T18466]  fib6_walk_continue+0x67b/0x910
[ 1008.428284][T18466]  fib6_walk+0x149/0x290
[ 1008.428306][T18466]  __fib6_clean_all+0x234/0x380
[ 1008.428325][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1008.428347][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1008.428368][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1008.428394][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1008.428415][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1008.428451][T18466]  rt6_disable_ip+0x120/0x720
[ 1008.428483][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1008.428502][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1008.428537][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1008.428568][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1008.428598][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1008.428625][T18466]  ? tls_dev_event+0x717/0xec0
[ 1008.428653][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1008.428698][T18466]  addrconf_notify+0x1bc/0x1010
[ 1008.428727][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1008.428756][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1008.428782][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1008.428800][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1008.428840][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1008.428863][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1008.428893][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1008.428923][T18466]  netif_change_flags+0xe8/0x1a0
[ 1008.428951][T18466]  do_setlink+0xc55/0x41c0
[ 1008.428975][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1008.429001][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1008.429024][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1008.429043][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1008.429062][T18466]  ? enqueue_timer+0x216/0x560
[ 1008.429097][T18466]  ? _printk+0xcf/0x120
[ 1008.429121][T18466]  ? __pfx__printk+0x10/0x10
[ 1008.429139][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1008.429173][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1008.429202][T18466]  ? br_opt_toggle+0x108/0x120
[ 1008.429221][T18466]  ? br_changelink+0x1023/0x1650
[ 1008.429250][T18466]  ? br_changelink+0x124f/0x1650
[ 1008.429279][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1008.429306][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1008.429339][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1008.429367][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1008.429387][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1008.429422][T18466]  ? ns_capable+0x8a/0xf0
[ 1008.429450][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1008.429473][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1008.429496][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1008.429530][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1008.429579][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1008.429609][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1008.429638][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1008.429654][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1008.429684][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1008.429713][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1008.429739][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1008.429768][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1008.429803][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1008.429852][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1008.429910][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1008.429941][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1008.429973][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1008.430000][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1008.430026][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1008.430051][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1008.430076][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1008.430103][T18466]  ? __skb_clone+0x63/0x7a0
[ 1008.430134][T18466]  netlink_rcv_skb+0x208/0x470
[ 1008.430154][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1008.430182][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1008.430218][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1008.430237][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1008.430263][T18466]  netlink_unicast+0x75b/0x8d0
[ 1008.430304][T18466]  netlink_sendmsg+0x805/0xb30
[ 1008.430337][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1008.430361][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1008.430389][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1008.430416][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1008.430437][T18466]  __sock_sendmsg+0x21c/0x270
[ 1008.430469][T18466]  ____sys_sendmsg+0x505/0x830
[ 1008.430497][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1008.430528][T18466]  ? import_iovec+0x74/0xa0
[ 1008.430554][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1008.430575][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1008.430626][T18466]  ? __fget_files+0x2a/0x420
[ 1008.430646][T18466]  ? __fget_files+0x3a0/0x420
[ 1008.430674][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1008.430696][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1008.430725][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1008.430750][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1008.430780][T18466]  do_syscall_64+0xfa/0x3b0
[ 1008.430801][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1008.430832][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.430854][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1008.430877][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.430896][T18466] RIP: 0033:0x7fb991f8e929
[ 1008.430915][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1008.430932][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1008.430955][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1008.430972][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1008.430985][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1008.430998][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1008.431010][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1008.431044][T18466]  </TASK>
[ 1009.065865][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1009.071909][T18466] 
[ 1009.074272][T18466] =============================
[ 1009.079154][T18466] WARNING: suspicious RCU usage
[ 1009.084079][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1009.091021][T18466] -----------------------------
[ 1009.095898][T18466] net/ipv6/ip6_fib.c:1975 suspicious rcu_dereference_protected() usage!
[ 1009.104292][T18466] 
[ 1009.104292][T18466] other info that might help us debug this:
[ 1009.104292][T18466] 
[ 1009.114658][T18466] 
[ 1009.114658][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1009.122837][T18466] 4 locks held by syz.1.3546/18466:
[ 1009.128079][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1009.137729][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1009.146933][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1009.156554][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1009.166333][T18466] 
[ 1009.166333][T18466] stack backtrace:
[ 1009.172308][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1009.172335][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1009.172347][T18466] Call Trace:
[ 1009.172356][T18466]  <TASK>
[ 1009.172364][T18466]  dump_stack_lvl+0x189/0x250
[ 1009.172400][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.172430][T18466]  ? __pfx__printk+0x10/0x10
[ 1009.172457][T18466]  ? print_lock_name+0xde/0x100
[ 1009.172484][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1009.172516][T18466]  fib6_del+0x651/0x1550
[ 1009.172542][T18466]  ? fib6_del+0x5a1/0x1550
[ 1009.172580][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1009.172623][T18466]  fib6_clean_node+0x29f/0x590
[ 1009.172649][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1009.172668][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1009.172703][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.172737][T18466]  fib6_walk_continue+0x67b/0x910
[ 1009.172786][T18466]  fib6_walk+0x149/0x290
[ 1009.172812][T18466]  __fib6_clean_all+0x234/0x380
[ 1009.172832][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1009.172854][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1009.172878][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1009.172906][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1009.172925][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1009.172963][T18466]  rt6_disable_ip+0x120/0x720
[ 1009.172995][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.173013][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1009.173046][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1009.173077][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1009.173106][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1009.173134][T18466]  ? tls_dev_event+0x717/0xec0
[ 1009.173162][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1009.173209][T18466]  addrconf_notify+0x1bc/0x1010
[ 1009.173240][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1009.173268][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1009.173294][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1009.173313][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1009.173339][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1009.173361][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1009.173393][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1009.173426][T18466]  netif_change_flags+0xe8/0x1a0
[ 1009.173453][T18466]  do_setlink+0xc55/0x41c0
[ 1009.173480][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1009.173507][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1009.173531][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1009.173551][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.173571][T18466]  ? enqueue_timer+0x216/0x560
[ 1009.173607][T18466]  ? _printk+0xcf/0x120
[ 1009.173633][T18466]  ? __pfx__printk+0x10/0x10
[ 1009.173651][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.173688][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1009.173719][T18466]  ? br_opt_toggle+0x108/0x120
[ 1009.173738][T18466]  ? br_changelink+0x1023/0x1650
[ 1009.173774][T18466]  ? br_changelink+0x124f/0x1650
[ 1009.173803][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1009.173829][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1009.173860][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1009.173889][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.173909][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1009.173946][T18466]  ? ns_capable+0x8a/0xf0
[ 1009.173977][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1009.174001][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1009.174028][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1009.174062][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1009.174119][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1009.174147][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.174179][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1009.174194][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1009.174221][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.174250][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.174276][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.174304][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1009.174336][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1009.174374][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1009.174431][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1009.174460][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1009.174494][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1009.174520][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1009.174547][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1009.174573][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1009.174598][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1009.174624][T18466]  ? __skb_clone+0x63/0x7a0
[ 1009.174655][T18466]  netlink_rcv_skb+0x208/0x470
[ 1009.174677][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1009.174706][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1009.174742][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1009.174792][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1009.174818][T18466]  netlink_unicast+0x75b/0x8d0
[ 1009.174860][T18466]  netlink_sendmsg+0x805/0xb30
[ 1009.174888][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1009.174913][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1009.174940][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1009.174965][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1009.174986][T18466]  __sock_sendmsg+0x21c/0x270
[ 1009.175016][T18466]  ____sys_sendmsg+0x505/0x830
[ 1009.175044][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1009.175073][T18466]  ? import_iovec+0x74/0xa0
[ 1009.175096][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1009.175120][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1009.175186][T18466]  ? __fget_files+0x2a/0x420
[ 1009.175209][T18466]  ? __fget_files+0x3a0/0x420
[ 1009.175246][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1009.175272][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1009.175304][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.175327][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1009.175378][T18466]  do_syscall_64+0xfa/0x3b0
[ 1009.175399][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.175423][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.175442][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1009.175464][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.175482][T18466] RIP: 0033:0x7fb991f8e929
[ 1009.175502][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.175518][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1009.175538][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1009.175550][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1009.175561][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1009.175571][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1009.175581][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1009.175610][T18466]  </TASK>
[ 1009.175619][T18466] 
[ 1009.818325][T18466] =============================
[ 1009.823865][T18466] WARNING: suspicious RCU usage
[ 1009.828758][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1009.835589][T18466] -----------------------------
[ 1009.840499][T18466] net/ipv6/ip6_fib.c:1984 suspicious rcu_dereference_protected() usage!
[ 1009.848887][T18466] 
[ 1009.848887][T18466] other info that might help us debug this:
[ 1009.848887][T18466] 
[ 1009.859236][T18466] 
[ 1009.859236][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1009.867398][T18466] 4 locks held by syz.1.3546/18466:
[ 1009.872678][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1009.882322][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1009.891523][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1009.901147][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1009.910820][T18466] 
[ 1009.910820][T18466] stack backtrace:
[ 1009.916812][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1009.916839][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1009.916852][T18466] Call Trace:
[ 1009.916861][T18466]  <TASK>
[ 1009.916870][T18466]  dump_stack_lvl+0x189/0x250
[ 1009.916911][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.916938][T18466]  ? __pfx__printk+0x10/0x10
[ 1009.916961][T18466]  ? print_lock_name+0xde/0x100
[ 1009.916988][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1009.917022][T18466]  fib6_del+0x67a/0x1550
[ 1009.917047][T18466]  ? fib6_del+0x5a1/0x1550
[ 1009.917085][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1009.917129][T18466]  fib6_clean_node+0x29f/0x590
[ 1009.917155][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1009.917175][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1009.917209][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.917242][T18466]  fib6_walk_continue+0x67b/0x910
[ 1009.917282][T18466]  fib6_walk+0x149/0x290
[ 1009.917308][T18466]  __fib6_clean_all+0x234/0x380
[ 1009.917330][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1009.917353][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1009.917377][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1009.917405][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1009.917426][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1009.917464][T18466]  rt6_disable_ip+0x120/0x720
[ 1009.917495][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.917513][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1009.917549][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1009.917580][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1009.917611][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1009.917639][T18466]  ? tls_dev_event+0x717/0xec0
[ 1009.917667][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1009.917709][T18466]  addrconf_notify+0x1bc/0x1010
[ 1009.917740][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1009.917774][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1009.917801][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1009.917818][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1009.917846][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1009.917868][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1009.917900][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1009.917929][T18466]  netif_change_flags+0xe8/0x1a0
[ 1009.917956][T18466]  do_setlink+0xc55/0x41c0
[ 1009.917982][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1009.918009][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1009.918034][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1009.918054][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.918074][T18466]  ? enqueue_timer+0x216/0x560
[ 1009.918109][T18466]  ? _printk+0xcf/0x120
[ 1009.918136][T18466]  ? __pfx__printk+0x10/0x10
[ 1009.918156][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.918192][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1009.918226][T18466]  ? br_opt_toggle+0x108/0x120
[ 1009.918246][T18466]  ? br_changelink+0x1023/0x1650
[ 1009.918274][T18466]  ? br_changelink+0x124f/0x1650
[ 1009.918302][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1009.918328][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1009.918360][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1009.918388][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.918409][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1009.918446][T18466]  ? ns_capable+0x8a/0xf0
[ 1009.918476][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1009.918500][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1009.918526][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1009.918559][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1009.918615][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1009.918644][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.918676][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1009.918692][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1009.918722][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.918759][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.918786][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1009.918814][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1009.918849][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1009.918889][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1009.918943][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1009.918971][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1009.919002][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1009.919028][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1009.919054][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1009.919080][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1009.919106][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1009.919132][T18466]  ? __skb_clone+0x63/0x7a0
[ 1009.919163][T18466]  netlink_rcv_skb+0x208/0x470
[ 1009.919185][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1009.919216][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1009.919252][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1009.919272][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1009.919298][T18466]  netlink_unicast+0x75b/0x8d0
[ 1009.919340][T18466]  netlink_sendmsg+0x805/0xb30
[ 1009.919371][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1009.919395][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1009.919423][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1009.919449][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1009.919471][T18466]  __sock_sendmsg+0x21c/0x270
[ 1009.919500][T18466]  ____sys_sendmsg+0x505/0x830
[ 1009.919529][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1009.919563][T18466]  ? import_iovec+0x74/0xa0
[ 1009.919590][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1009.919617][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1009.919684][T18466]  ? __fget_files+0x2a/0x420
[ 1009.919706][T18466]  ? __fget_files+0x3a0/0x420
[ 1009.919750][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1009.919777][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1009.919812][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1009.919836][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1009.919867][T18466]  do_syscall_64+0xfa/0x3b0
[ 1009.919893][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.919917][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.919937][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1009.919960][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.919980][T18466] RIP: 0033:0x7fb991f8e929
[ 1009.919997][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.920015][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1009.920037][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1009.920051][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1009.920065][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1009.920076][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1009.920088][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1009.920119][T18466]  </TASK>
[ 1009.920132][T18466] 
[ 1010.564451][T18466] =============================
[ 1010.569300][T18466] WARNING: suspicious RCU usage
[ 1010.574216][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1010.581043][T18466] -----------------------------
[ 1010.581197][ T5895] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1010.585904][T18466] net/ipv6/ip6_fib.c:2029 suspicious rcu_dereference_protected() usage!
[ 1010.601999][T18466] 
[ 1010.601999][T18466] other info that might help us debug this:
[ 1010.601999][T18466] 
[ 1010.612321][T18466] 
[ 1010.612321][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1010.620414][T18466] 5 locks held by syz.1.3546/18466:
[ 1010.625727][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1010.635328][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1010.644553][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1010.654251][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1010.663942][T18466]  #4: ffff88805d814eb8 (&net->ipv6.fib6_walker_lock){++..}-{3:3}, at: fib6_del+0xb3f/0x1550
[ 1010.674234][T18466] 
[ 1010.674234][T18466] stack backtrace:
[ 1010.680151][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1010.680170][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1010.680177][T18466] Call Trace:
[ 1010.680186][T18466]  <TASK>
[ 1010.680192][T18466]  dump_stack_lvl+0x189/0x250
[ 1010.680216][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1010.680234][T18466]  ? __pfx__printk+0x10/0x10
[ 1010.680245][T18466]  ? fib6_del+0xb3f/0x1550
[ 1010.680259][T18466]  ? print_lock_name+0xde/0x100
[ 1010.680274][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1010.680294][T18466]  fib6_del+0xd5c/0x1550
[ 1010.680308][T18466]  ? fib6_del+0x5a1/0x1550
[ 1010.680328][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1010.680354][T18466]  fib6_clean_node+0x29f/0x590
[ 1010.680368][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1010.680379][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1010.680398][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1010.680419][T18466]  fib6_walk_continue+0x67b/0x910
[ 1010.680439][T18466]  fib6_walk+0x149/0x290
[ 1010.680453][T18466]  __fib6_clean_all+0x234/0x380
[ 1010.680465][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1010.680477][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1010.680490][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1010.680513][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1010.680551][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1010.680572][T18466]  rt6_disable_ip+0x120/0x720
[ 1010.680589][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1010.680600][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1010.680619][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1010.680637][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1010.680655][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1010.680670][T18466]  ? tls_dev_event+0x717/0xec0
[ 1010.680686][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1010.680711][T18466]  addrconf_notify+0x1bc/0x1010
[ 1010.680727][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1010.680744][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1010.680759][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1010.680770][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1010.680788][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1010.680801][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1010.680818][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1010.680836][T18466]  netif_change_flags+0xe8/0x1a0
[ 1010.680863][T18466]  do_setlink+0xc55/0x41c0
[ 1010.680888][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1010.680916][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1010.680938][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1010.680957][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1010.680975][T18466]  ? enqueue_timer+0x216/0x560
[ 1010.681010][T18466]  ? _printk+0xcf/0x120
[ 1010.681036][T18466]  ? __pfx__printk+0x10/0x10
[ 1010.681054][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1010.681092][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1010.681126][T18466]  ? br_opt_toggle+0x108/0x120
[ 1010.681145][T18466]  ? br_changelink+0x1023/0x1650
[ 1010.681173][T18466]  ? br_changelink+0x124f/0x1650
[ 1010.681197][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1010.681221][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1010.681254][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1010.681280][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1010.681300][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1010.681338][T18466]  ? ns_capable+0x8a/0xf0
[ 1010.681369][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1010.681394][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1010.681422][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1010.681457][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1010.681514][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1010.681555][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.681589][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1010.681605][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1010.681635][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1010.681665][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.681692][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1010.681721][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1010.681755][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1010.681792][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1010.681851][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1010.681881][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1010.681916][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1010.681945][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1010.681972][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1010.681998][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1010.682024][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1010.682052][T18466]  ? __skb_clone+0x63/0x7a0
[ 1010.682084][T18466]  netlink_rcv_skb+0x208/0x470
[ 1010.682106][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1010.682137][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1010.682173][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1010.682193][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1010.682220][T18466]  netlink_unicast+0x75b/0x8d0
[ 1010.682262][T18466]  netlink_sendmsg+0x805/0xb30
[ 1010.682295][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1010.682320][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1010.682347][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1010.682372][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1010.682393][T18466]  __sock_sendmsg+0x21c/0x270
[ 1010.682423][T18466]  ____sys_sendmsg+0x505/0x830
[ 1010.682453][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1010.682486][T18466]  ? import_iovec+0x74/0xa0
[ 1010.682513][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1010.682546][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1010.682611][T18466]  ? __fget_files+0x2a/0x420
[ 1010.682633][T18466]  ? __fget_files+0x3a0/0x420
[ 1010.682669][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1010.682695][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1010.682731][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1010.682756][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1010.682786][T18466]  do_syscall_64+0xfa/0x3b0
[ 1010.682812][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.682837][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.682858][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1010.682883][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.682903][T18466] RIP: 0033:0x7fb991f8e929
[ 1010.682923][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1010.682940][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1010.682963][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1010.682978][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1010.682989][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1010.683000][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1010.683007][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1010.683026][T18466]  </TASK>
[ 1010.741117][ T5895] usb 7-1: Using ep0 maxpacket: 32
[ 1010.744529][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1010.756074][ T5895] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1010.758453][T18466] 
[ 1010.784046][ T5895] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1010.788234][T18466] =============================
[ 1010.788249][T18466] WARNING: suspicious RCU usage
[ 1010.788260][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1010.815211][ T5895] usb 7-1: config 0 descriptor??
[ 1010.818581][T18466] -----------------------------
[ 1010.818595][T18466] net/ipv6/ip6_fib.c:1859 suspicious rcu_dereference_protected() usage!
[ 1010.844693][ T5895] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1010.849050][T18466] 
[ 1010.849050][T18466] other info that might help us debug this:
[ 1010.849050][T18466] 
[ 1010.849064][T18466] 
[ 1010.849064][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1010.849079][T18466] 4 locks held by syz.1.3546/18466:
[ 1010.849093][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1011.431886][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1011.441092][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1011.450672][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1011.460388][T18466] 
[ 1011.460388][T18466] stack backtrace:
[ 1011.466326][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1011.466344][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1011.466351][T18466] Call Trace:
[ 1011.466357][T18466]  <TASK>
[ 1011.466362][T18466]  dump_stack_lvl+0x189/0x250
[ 1011.466387][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.466404][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.466420][T18466]  ? print_lock_name+0xde/0x100
[ 1011.466435][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1011.466455][T18466]  fib6_repair_tree+0xdad/0x11c0
[ 1011.466487][T18466]  fib6_del+0xed2/0x1550
[ 1011.466501][T18466]  ? fib6_del+0x5a1/0x1550
[ 1011.466521][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1011.466543][T18466]  fib6_clean_node+0x29f/0x590
[ 1011.466558][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.466569][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.466588][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.466608][T18466]  fib6_walk_continue+0x67b/0x910
[ 1011.466628][T18466]  fib6_walk+0x149/0x290
[ 1011.466642][T18466]  __fib6_clean_all+0x234/0x380
[ 1011.466654][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1011.466666][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.466679][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1011.466693][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.466705][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.466726][T18466]  rt6_disable_ip+0x120/0x720
[ 1011.466743][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.466754][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1011.466773][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1011.466791][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1011.466809][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.466825][T18466]  ? tls_dev_event+0x717/0xec0
[ 1011.466840][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1011.466865][T18466]  addrconf_notify+0x1bc/0x1010
[ 1011.466882][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1011.466898][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1011.466913][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1011.466924][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1011.466939][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1011.466952][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1011.466970][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1011.466987][T18466]  netif_change_flags+0xe8/0x1a0
[ 1011.467002][T18466]  do_setlink+0xc55/0x41c0
[ 1011.467017][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1011.467032][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1011.467047][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1011.467058][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.467069][T18466]  ? enqueue_timer+0x216/0x560
[ 1011.467089][T18466]  ? _printk+0xcf/0x120
[ 1011.467103][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.467114][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.467133][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1011.467152][T18466]  ? br_opt_toggle+0x108/0x120
[ 1011.467163][T18466]  ? br_changelink+0x1023/0x1650
[ 1011.467179][T18466]  ? br_changelink+0x124f/0x1650
[ 1011.467194][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1011.467209][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1011.467227][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1011.467243][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.467254][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.467275][T18466]  ? ns_capable+0x8a/0xf0
[ 1011.467292][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1011.467306][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1011.467321][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1011.467341][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.467369][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1011.467386][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.467404][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1011.467414][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1011.467430][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.467446][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.467461][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.467482][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1011.467500][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1011.467521][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.467550][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.467566][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1011.467584][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1011.467599][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.467614][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1011.467630][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1011.467644][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1011.467660][T18466]  ? __skb_clone+0x63/0x7a0
[ 1011.467677][T18466]  netlink_rcv_skb+0x208/0x470
[ 1011.467689][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.467707][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1011.467725][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.467736][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.467751][T18466]  netlink_unicast+0x75b/0x8d0
[ 1011.467774][T18466]  netlink_sendmsg+0x805/0xb30
[ 1011.467792][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.467806][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1011.467821][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1011.467836][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.467848][T18466]  __sock_sendmsg+0x21c/0x270
[ 1011.467866][T18466]  ____sys_sendmsg+0x505/0x830
[ 1011.467881][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1011.467899][T18466]  ? import_iovec+0x74/0xa0
[ 1011.467914][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1011.467928][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.467960][T18466]  ? __fget_files+0x2a/0x420
[ 1011.467973][T18466]  ? __fget_files+0x3a0/0x420
[ 1011.467991][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1011.468005][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1011.468024][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.468037][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1011.468054][T18466]  do_syscall_64+0xfa/0x3b0
[ 1011.468068][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.468082][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.468093][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1011.468108][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.468119][T18466] RIP: 0033:0x7fb991f8e929
[ 1011.468131][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1011.468141][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1011.468155][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1011.468164][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1011.468172][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1011.468179][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1011.468186][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1011.468203][T18466]  </TASK>
[ 1011.468209][T18466] 
[ 1011.664808][T18486] netlink: zone id is out of range
[ 1011.666386][T18466] =============================
[ 1011.666400][T18466] WARNING: suspicious RCU usage
[ 1011.666411][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1011.679833][T18486] netlink: zone id is out of range
[ 1011.683604][T18466] -----------------------------
[ 1011.683618][T18466] net/ipv6/ip6_fib.c:1861 suspicious rcu_dereference_protected() usage!
[ 1011.683634][T18466] 
[ 1011.683634][T18466] other info that might help us debug this:
[ 1011.683634][T18466] 
[ 1011.683643][T18466] 
[ 1011.683643][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1011.683658][T18466] 4 locks held by syz.1.3546/18466:
[ 1011.683671][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1011.683743][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1011.683808][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1011.683869][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1011.683924][T18466] 
[ 1011.683924][T18466] stack backtrace:
[ 1011.683939][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1011.683963][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1011.683975][T18466] Call Trace:
[ 1011.683983][T18466]  <TASK>
[ 1011.683993][T18466]  dump_stack_lvl+0x189/0x250
[ 1011.684027][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.684060][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.684087][T18466]  ? print_lock_name+0xde/0x100
[ 1011.684116][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1011.684152][T18466]  fib6_repair_tree+0xdd6/0x11c0
[ 1011.684199][T18466]  fib6_del+0xed2/0x1550
[ 1011.684223][T18466]  ? fib6_del+0x5a1/0x1550
[ 1011.684262][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1011.684306][T18466]  fib6_clean_node+0x29f/0x590
[ 1011.684333][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.684353][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.684388][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.684422][T18466]  fib6_walk_continue+0x67b/0x910
[ 1011.684456][T18466]  fib6_walk+0x149/0x290
[ 1011.684477][T18466]  __fib6_clean_all+0x234/0x380
[ 1011.684496][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1011.684515][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.684545][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1011.684567][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.684586][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.684620][T18466]  rt6_disable_ip+0x120/0x720
[ 1011.684647][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.684664][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1011.684695][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1011.684723][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1011.684751][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.684774][T18466]  ? tls_dev_event+0x717/0xec0
[ 1011.684798][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1011.684838][T18466]  addrconf_notify+0x1bc/0x1010
[ 1011.684865][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1011.684892][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1011.684914][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1011.684930][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1011.684955][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1011.684974][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1011.685002][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1011.685029][T18466]  netif_change_flags+0xe8/0x1a0
[ 1011.685054][T18466]  do_setlink+0xc55/0x41c0
[ 1011.685075][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1011.685101][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1011.685122][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1011.685140][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.685157][T18466]  ? enqueue_timer+0x216/0x560
[ 1011.685189][T18466]  ? _printk+0xcf/0x120
[ 1011.685213][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.685229][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.685261][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1011.685291][T18466]  ? br_opt_toggle+0x108/0x120
[ 1011.685307][T18466]  ? br_changelink+0x1023/0x1650
[ 1011.685333][T18466]  ? br_changelink+0x124f/0x1650
[ 1011.685363][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1011.685386][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1011.685414][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1011.685438][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.685455][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.685488][T18466]  ? ns_capable+0x8a/0xf0
[ 1011.685516][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1011.685545][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1011.685569][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1011.685599][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.685649][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1011.685674][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.685703][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1011.685717][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1011.685745][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.685770][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.685794][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.685819][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1011.685848][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1011.685882][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.685931][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.685955][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1011.685984][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1011.686009][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.686031][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1011.686053][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1011.686076][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1011.686098][T18466]  ? __skb_clone+0x63/0x7a0
[ 1011.686126][T18466]  netlink_rcv_skb+0x208/0x470
[ 1011.686145][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.686172][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1011.686204][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.686221][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.686245][T18466]  netlink_unicast+0x75b/0x8d0
[ 1011.686282][T18466]  netlink_sendmsg+0x805/0xb30
[ 1011.686309][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.686332][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1011.686356][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1011.686378][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.686398][T18466]  __sock_sendmsg+0x21c/0x270
[ 1011.686425][T18466]  ____sys_sendmsg+0x505/0x830
[ 1011.686450][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1011.686480][T18466]  ? import_iovec+0x74/0xa0
[ 1011.686503][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1011.686525][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.686590][T18466]  ? __fget_files+0x2a/0x420
[ 1011.686609][T18466]  ? __fget_files+0x3a0/0x420
[ 1011.686640][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1011.686662][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1011.686693][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.686714][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1011.686741][T18466]  do_syscall_64+0xfa/0x3b0
[ 1011.686763][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.686785][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.686803][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1011.686825][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.686843][T18466] RIP: 0033:0x7fb991f8e929
[ 1011.686860][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1011.686876][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1011.686895][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1011.686908][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1011.686920][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1011.686931][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1011.686942][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1011.686971][T18466]  </TASK>
[ 1011.686980][T18466] 
[ 1011.699683][T18486] netlink: zone id is out of range
[ 1011.704514][T18466] =============================
[ 1011.704536][T18466] WARNING: suspicious RCU usage
[ 1011.704548][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1011.704561][T18466] -----------------------------
[ 1011.704570][T18466] net/ipv6/ip6_fib.c:1863 suspicious rcu_dereference_protected() usage!
[ 1011.704585][T18466] 
[ 1011.704585][T18466] other info that might help us debug this:
[ 1011.704585][T18466] 
[ 1011.763250][T18486] netlink: zone id is out of range
[ 1011.767861][T18466] 
[ 1011.767861][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1011.767880][T18466] 4 locks held by syz.1.3546/18466:
[ 1011.767896][T18466]  #0: 
[ 1011.794843][T18487] kvm: user requested TSC rate below hardware speed
[ 1011.797605][T18466] ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1011.805030][T18486] netlink: zone id is out of range
[ 1011.808024][T18466]  #1: 
[ 1011.822684][T18486] netlink: zone id is out of range
[ 1011.828060][T18466] ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1011.828131][T18466]  #2: 
[ 1011.844624][T18486] netlink: zone id is out of range
[ 1011.849642][T18466] ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1011.857911][T18486] netlink: zone id is out of range
[ 1011.859640][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1011.859717][T18466] 
[ 1011.859717][T18466] stack backtrace:
[ 1011.859732][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1011.859753][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1011.859774][T18466] Call Trace:
[ 1011.859784][T18466]  <TASK>
[ 1011.859793][T18466]  dump_stack_lvl+0x189/0x250
[ 1011.859826][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.859852][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.859877][T18466]  ? print_lock_name+0xde/0x100
[ 1011.859902][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1011.859934][T18466]  fib6_repair_tree+0xdff/0x11c0
[ 1011.859975][T18466]  fib6_del+0xed2/0x1550
[ 1011.859996][T18466]  ? fib6_del+0x5a1/0x1550
[ 1011.860031][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1011.860070][T18466]  fib6_clean_node+0x29f/0x590
[ 1011.860093][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.860111][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.860141][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.860172][T18466]  fib6_walk_continue+0x67b/0x910
[ 1011.860207][T18466]  fib6_walk+0x149/0x290
[ 1011.860229][T18466]  __fib6_clean_all+0x234/0x380
[ 1011.860246][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1011.860266][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.860286][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1011.860310][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1011.860329][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1011.860363][T18466]  rt6_disable_ip+0x120/0x720
[ 1011.860391][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.860408][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1011.860439][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1011.860466][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1011.860494][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.860518][T18466]  ? tls_dev_event+0x717/0xec0
[ 1011.860551][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1011.860591][T18466]  addrconf_notify+0x1bc/0x1010
[ 1011.860617][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1011.860645][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1011.860668][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1011.860684][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1011.860709][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1011.860729][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1011.860758][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1011.860785][T18466]  netif_change_flags+0xe8/0x1a0
[ 1011.860808][T18466]  do_setlink+0xc55/0x41c0
[ 1011.860831][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1011.860862][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1011.860883][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1011.860900][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.860918][T18466]  ? enqueue_timer+0x216/0x560
[ 1011.860949][T18466]  ? _printk+0xcf/0x120
[ 1011.860973][T18466]  ? __pfx__printk+0x10/0x10
[ 1011.860990][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.861023][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1011.861053][T18466]  ? br_opt_toggle+0x108/0x120
[ 1011.861069][T18466]  ? br_changelink+0x1023/0x1650
[ 1011.861094][T18466]  ? br_changelink+0x124f/0x1650
[ 1011.861119][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1011.861142][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1011.861170][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1011.861194][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.861212][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1011.861245][T18466]  ? ns_capable+0x8a/0xf0
[ 1011.861272][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1011.861294][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1011.861317][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1011.861348][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.861397][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1011.861423][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.861451][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1011.861466][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1011.861492][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.861518][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.861547][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1011.861572][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1011.861602][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1011.861636][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1011.861686][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1011.861710][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1011.861739][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1011.861764][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.861787][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1011.861809][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1011.861832][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1011.861856][T18466]  ? __skb_clone+0x63/0x7a0
[ 1011.861884][T18466]  netlink_rcv_skb+0x208/0x470
[ 1011.861904][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1011.861931][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1011.861963][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.861980][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1011.862004][T18466]  netlink_unicast+0x75b/0x8d0
[ 1011.862041][T18466]  netlink_sendmsg+0x805/0xb30
[ 1011.862070][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.862093][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1011.862118][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1011.862141][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.862160][T18466]  __sock_sendmsg+0x21c/0x270
[ 1011.862187][T18466]  ____sys_sendmsg+0x505/0x830
[ 1011.862214][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1011.862243][T18466]  ? import_iovec+0x74/0xa0
[ 1011.862266][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1011.862288][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.862345][T18466]  ? __fget_files+0x2a/0x420
[ 1011.862364][T18466]  ? __fget_files+0x3a0/0x420
[ 1011.862395][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1011.862418][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1011.862448][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1011.862471][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1011.862504][T18466]  do_syscall_64+0xfa/0x3b0
[ 1011.862519][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.862592][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.862611][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1011.862633][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.862652][T18466] RIP: 0033:0x7fb991f8e929
[ 1011.862670][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1011.862686][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1011.862705][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1011.862718][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1011.862730][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1011.862741][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1011.862752][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1011.862781][T18466]  </TASK>
[ 1011.862916][T18466] 
[ 1011.876212][T18486] netlink: zone id is out of range
[ 1011.880539][T18466] =============================
[ 1011.880552][T18466] WARNING: suspicious RCU usage
[ 1011.880570][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1011.880585][T18466] -----------------------------
[ 1011.880593][T18466] net/ipv6/ip6_fib.c:1865 suspicious rcu_dereference_protected() usage!
[ 1011.985668][ T5895] gspca_sunplus: reg_r err -110
[ 1011.986193][T18466] 
[ 1011.986193][T18466] other info that might help us debug this:
[ 1011.986193][T18466] 
[ 1011.997158][ T5895] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[ 1012.001382][T18466] 
[ 1012.001382][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1012.001402][T18466] 4 locks held by syz.1.3546/18466:
[ 1012.001418][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1012.001492][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1012.001570][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1012.001631][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1013.766350][T18466] 
[ 1013.766350][T18466] stack backtrace:
[ 1013.772392][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1013.772411][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1013.772418][T18466] Call Trace:
[ 1013.772423][T18466]  <TASK>
[ 1013.772429][T18466]  dump_stack_lvl+0x189/0x250
[ 1013.772453][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1013.772470][T18466]  ? __pfx__printk+0x10/0x10
[ 1013.772486][T18466]  ? print_lock_name+0xde/0x100
[ 1013.772501][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1013.772521][T18466]  fib6_repair_tree+0xe28/0x11c0
[ 1013.772546][T18466]  fib6_del+0xed2/0x1550
[ 1013.772559][T18466]  ? fib6_del+0x5a1/0x1550
[ 1013.772579][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1013.772601][T18466]  fib6_clean_node+0x29f/0x590
[ 1013.772615][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1013.772627][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1013.772645][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1013.772665][T18466]  fib6_walk_continue+0x67b/0x910
[ 1013.772685][T18466]  fib6_walk+0x149/0x290
[ 1013.772699][T18466]  __fib6_clean_all+0x234/0x380
[ 1013.772710][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1013.772722][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1013.772736][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1013.772750][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1013.772762][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1013.772782][T18466]  rt6_disable_ip+0x120/0x720
[ 1013.772805][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1013.772816][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1013.772835][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1013.772853][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1013.772870][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1013.772885][T18466]  ? tls_dev_event+0x717/0xec0
[ 1013.772901][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1013.772926][T18466]  addrconf_notify+0x1bc/0x1010
[ 1013.772942][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1013.772959][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1013.772974][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1013.772985][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1013.773000][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1013.773012][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1013.773029][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1013.773047][T18466]  netif_change_flags+0xe8/0x1a0
[ 1013.773062][T18466]  do_setlink+0xc55/0x41c0
[ 1013.773077][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1013.773092][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1013.773106][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1013.773117][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1013.773128][T18466]  ? enqueue_timer+0x216/0x560
[ 1013.773148][T18466]  ? _printk+0xcf/0x120
[ 1013.773162][T18466]  ? __pfx__printk+0x10/0x10
[ 1013.773172][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1013.773193][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1013.773211][T18466]  ? br_opt_toggle+0x108/0x120
[ 1013.773222][T18466]  ? br_changelink+0x1023/0x1650
[ 1013.773239][T18466]  ? br_changelink+0x124f/0x1650
[ 1013.773254][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1013.773269][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1013.773286][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1013.773302][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1013.773313][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1013.773334][T18466]  ? ns_capable+0x8a/0xf0
[ 1013.773351][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1013.773365][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1013.773380][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1013.773399][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1013.773427][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1013.773444][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1013.773462][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1013.773472][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1013.773488][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1013.773504][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1013.773519][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1013.773534][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1013.773553][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1013.773573][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1013.773601][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1013.773617][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1013.773635][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1013.773650][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1013.773664][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1013.773679][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1013.773692][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1013.773707][T18466]  ? __skb_clone+0x63/0x7a0
[ 1013.773724][T18466]  netlink_rcv_skb+0x208/0x470
[ 1013.773737][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1013.773753][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1013.773772][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1013.773783][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1013.773802][T18466]  netlink_unicast+0x75b/0x8d0
[ 1013.773824][T18466]  netlink_sendmsg+0x805/0xb30
[ 1013.773841][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1013.773855][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1013.773870][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1013.773884][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1013.773896][T18466]  __sock_sendmsg+0x21c/0x270
[ 1013.773913][T18466]  ____sys_sendmsg+0x505/0x830
[ 1013.773929][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1013.773947][T18466]  ? import_iovec+0x74/0xa0
[ 1013.773961][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1013.773975][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1013.774008][T18466]  ? __fget_files+0x2a/0x420
[ 1013.774020][T18466]  ? __fget_files+0x3a0/0x420
[ 1013.774039][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1013.774053][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1013.774071][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1013.774084][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1013.774101][T18466]  do_syscall_64+0xfa/0x3b0
[ 1013.774115][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1013.774129][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.774140][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1013.774154][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.774166][T18466] RIP: 0033:0x7fb991f8e929
[ 1013.774178][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1013.774188][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1013.774202][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1013.774210][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1013.774218][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1013.774225][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1013.774232][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1013.774249][T18466]  </TASK>
[ 1013.774255][T18466] 
[ 1014.420300][T18466] =============================
[ 1014.425230][T18466] WARNING: suspicious RCU usage
[ 1014.430113][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1014.436960][T18466] -----------------------------
[ 1014.441880][T18466] net/ipv6/ip6_fib.c:1867 suspicious rcu_dereference_protected() usage!
[ 1014.450233][T18466] 
[ 1014.450233][T18466] other info that might help us debug this:
[ 1014.450233][T18466] 
[ 1014.460581][T18466] 
[ 1014.460581][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1014.468772][T18466] 4 locks held by syz.1.3546/18466:
[ 1014.474041][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1014.483655][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1014.492885][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1014.502601][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1014.512309][T18466] 
[ 1014.512309][T18466] stack backtrace:
[ 1014.518226][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1014.518244][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1014.518251][T18466] Call Trace:
[ 1014.518257][T18466]  <TASK>
[ 1014.518263][T18466]  dump_stack_lvl+0x189/0x250
[ 1014.518286][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1014.518303][T18466]  ? __pfx__printk+0x10/0x10
[ 1014.518319][T18466]  ? print_lock_name+0xde/0x100
[ 1014.518334][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1014.518355][T18466]  fib6_repair_tree+0xe51/0x11c0
[ 1014.518379][T18466]  fib6_del+0xed2/0x1550
[ 1014.518393][T18466]  ? fib6_del+0x5a1/0x1550
[ 1014.518412][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1014.518435][T18466]  fib6_clean_node+0x29f/0x590
[ 1014.518449][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1014.518461][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1014.518479][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1014.518499][T18466]  fib6_walk_continue+0x67b/0x910
[ 1014.518519][T18466]  fib6_walk+0x149/0x290
[ 1014.518533][T18466]  __fib6_clean_all+0x234/0x380
[ 1014.518544][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1014.518561][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1014.518574][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1014.518588][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1014.518601][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1014.518621][T18466]  rt6_disable_ip+0x120/0x720
[ 1014.518638][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1014.518649][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1014.518667][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1014.518684][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1014.518702][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1014.518717][T18466]  ? tls_dev_event+0x717/0xec0
[ 1014.518733][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1014.518757][T18466]  addrconf_notify+0x1bc/0x1010
[ 1014.518773][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1014.518790][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1014.518804][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1014.518815][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1014.518830][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1014.518842][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1014.518860][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1014.518877][T18466]  netif_change_flags+0xe8/0x1a0
[ 1014.518892][T18466]  do_setlink+0xc55/0x41c0
[ 1014.518906][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1014.518923][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1014.518937][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1014.518948][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1014.518959][T18466]  ? enqueue_timer+0x216/0x560
[ 1014.518978][T18466]  ? _printk+0xcf/0x120
[ 1014.518993][T18466]  ? __pfx__printk+0x10/0x10
[ 1014.519003][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1014.519023][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1014.519042][T18466]  ? br_opt_toggle+0x108/0x120
[ 1014.519052][T18466]  ? br_changelink+0x1023/0x1650
[ 1014.519069][T18466]  ? br_changelink+0x124f/0x1650
[ 1014.519084][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1014.519098][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1014.519116][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1014.519131][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1014.519142][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1014.519162][T18466]  ? ns_capable+0x8a/0xf0
[ 1014.519179][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1014.519192][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1014.519208][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1014.519226][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1014.519254][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1014.519271][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1014.519288][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1014.519298][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1014.519314][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1014.519329][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1014.519343][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1014.519359][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1014.519377][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1014.519397][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1014.519426][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1014.519441][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1014.519459][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1014.519475][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1014.519489][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1014.519504][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1014.519518][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1014.519533][T18466]  ? __skb_clone+0x63/0x7a0
[ 1014.519554][T18466]  netlink_rcv_skb+0x208/0x470
[ 1014.519566][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1014.519584][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1014.519602][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1014.519613][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1014.519627][T18466]  netlink_unicast+0x75b/0x8d0
[ 1014.519649][T18466]  netlink_sendmsg+0x805/0xb30
[ 1014.519666][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1014.519679][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1014.519694][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1014.519709][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1014.519721][T18466]  __sock_sendmsg+0x21c/0x270
[ 1014.519738][T18466]  ____sys_sendmsg+0x505/0x830
[ 1014.519754][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1014.519771][T18466]  ? import_iovec+0x74/0xa0
[ 1014.519785][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1014.519799][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1014.519831][T18466]  ? __fget_files+0x2a/0x420
[ 1014.519844][T18466]  ? __fget_files+0x3a0/0x420
[ 1014.519862][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1014.519876][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1014.519894][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1014.519907][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1014.519924][T18466]  do_syscall_64+0xfa/0x3b0
[ 1014.519938][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1014.519951][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.519963][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1014.519977][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.519988][T18466] RIP: 0033:0x7fb991f8e929
[ 1014.520001][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1014.520011][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1014.520025][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1014.520033][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1014.520041][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1014.520048][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1014.520055][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1014.520072][T18466]  </TASK>
[ 1014.520078][T18466] 
[ 1015.165377][T18466] =============================
[ 1015.170347][T18466] WARNING: suspicious RCU usage
[ 1015.175302][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1015.182156][T18466] -----------------------------
[ 1015.187026][T18466] net/ipv6/ip6_fib.c:1869 suspicious rcu_dereference_protected() usage!
[ 1015.195498][T18466] 
[ 1015.195498][T18466] other info that might help us debug this:
[ 1015.195498][T18466] 
[ 1015.206352][T18466] 
[ 1015.206352][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1015.214498][T18466] 4 locks held by syz.1.3546/18466:
[ 1015.219730][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1015.229355][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1015.238492][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1015.248063][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1015.257705][T18466] 
[ 1015.257705][T18466] stack backtrace:
[ 1015.263664][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1015.263690][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1015.263702][T18466] Call Trace:
[ 1015.263711][T18466]  <TASK>
[ 1015.263720][T18466]  dump_stack_lvl+0x189/0x250
[ 1015.263758][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1015.263789][T18466]  ? __pfx__printk+0x10/0x10
[ 1015.263817][T18466]  ? print_lock_name+0xde/0x100
[ 1015.263846][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1015.263882][T18466]  fib6_repair_tree+0xe7a/0x11c0
[ 1015.263929][T18466]  fib6_del+0xed2/0x1550
[ 1015.263952][T18466]  ? fib6_del+0x5a1/0x1550
[ 1015.263991][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1015.264034][T18466]  fib6_clean_node+0x29f/0x590
[ 1015.264060][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1015.264080][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1015.264123][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1015.264159][T18466]  fib6_walk_continue+0x67b/0x910
[ 1015.264196][T18466]  fib6_walk+0x149/0x290
[ 1015.264222][T18466]  __fib6_clean_all+0x234/0x380
[ 1015.264250][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1015.264272][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1015.264297][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1015.264323][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1015.264346][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1015.264395][T18466]  rt6_disable_ip+0x120/0x720
[ 1015.264427][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1015.264447][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1015.264490][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1015.264520][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1015.264547][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1015.264563][T18466]  ? tls_dev_event+0x717/0xec0
[ 1015.264578][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1015.264603][T18466]  addrconf_notify+0x1bc/0x1010
[ 1015.264619][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1015.264635][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1015.264659][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1015.264669][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1015.264684][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1015.264701][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1015.264719][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1015.264739][T18466]  netif_change_flags+0xe8/0x1a0
[ 1015.264754][T18466]  do_setlink+0xc55/0x41c0
[ 1015.264769][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1015.264785][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1015.264799][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1015.264810][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1015.264821][T18466]  ? enqueue_timer+0x216/0x560
[ 1015.264840][T18466]  ? _printk+0xcf/0x120
[ 1015.264855][T18466]  ? __pfx__printk+0x10/0x10
[ 1015.264865][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1015.264885][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1015.264904][T18466]  ? br_opt_toggle+0x108/0x120
[ 1015.264916][T18466]  ? br_changelink+0x1023/0x1650
[ 1015.264932][T18466]  ? br_changelink+0x124f/0x1650
[ 1015.264947][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1015.264961][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1015.264979][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1015.264994][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1015.265006][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1015.265026][T18466]  ? ns_capable+0x8a/0xf0
[ 1015.265043][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1015.265057][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1015.265072][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1015.265090][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1015.265119][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1015.265136][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1015.265153][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1015.265163][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1015.265179][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1015.265195][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1015.265209][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1015.265225][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1015.265243][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1015.265264][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1015.265293][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1015.265308][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1015.265327][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1015.265342][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1015.265362][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1015.265376][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1015.265391][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1015.265405][T18466]  ? __skb_clone+0x63/0x7a0
[ 1015.265422][T18466]  netlink_rcv_skb+0x208/0x470
[ 1015.265434][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1015.265451][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1015.265469][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1015.265486][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1015.265500][T18466]  netlink_unicast+0x75b/0x8d0
[ 1015.265523][T18466]  netlink_sendmsg+0x805/0xb30
[ 1015.265540][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1015.265553][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1015.265569][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1015.265583][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1015.265595][T18466]  __sock_sendmsg+0x21c/0x270
[ 1015.265613][T18466]  ____sys_sendmsg+0x505/0x830
[ 1015.265628][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1015.265646][T18466]  ? import_iovec+0x74/0xa0
[ 1015.265661][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1015.265675][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1015.265734][T18466]  ? __fget_files+0x2a/0x420
[ 1015.265756][T18466]  ? __fget_files+0x3a0/0x420
[ 1015.265790][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1015.265815][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1015.265850][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1015.265873][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1015.265905][T18466]  do_syscall_64+0xfa/0x3b0
[ 1015.265930][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1015.265956][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.265976][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1015.266001][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.266021][T18466] RIP: 0033:0x7fb991f8e929
[ 1015.266041][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1015.266058][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1015.266079][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1015.266095][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1015.266108][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1015.266121][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1015.266132][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1015.266166][T18466]  </TASK>
[ 1015.266175][T18466] 
[ 1015.911210][T18466] =============================
[ 1015.916073][T18466] WARNING: suspicious RCU usage
[ 1015.920984][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1015.927818][T18466] -----------------------------
[ 1015.932765][T18466] net/ipv6/ip6_fib.c:1871 suspicious rcu_dereference_protected() usage!
[ 1015.941182][T18466] 
[ 1015.941182][T18466] other info that might help us debug this:
[ 1015.941182][T18466] 
[ 1015.951512][T18466] 
[ 1015.951512][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1015.959615][T18466] 4 locks held by syz.1.3546/18466:
[ 1015.964865][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1015.974516][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1015.983904][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1015.993527][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1016.003383][T18466] 
[ 1016.003383][T18466] stack backtrace:
[ 1016.009314][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1016.009331][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1016.009338][T18466] Call Trace:
[ 1016.009344][T18466]  <TASK>
[ 1016.009349][T18466]  dump_stack_lvl+0x189/0x250
[ 1016.009372][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1016.009390][T18466]  ? __pfx__printk+0x10/0x10
[ 1016.009411][T18466]  ? print_lock_name+0xde/0x100
[ 1016.009426][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1016.009451][T18466]  fib6_repair_tree+0xea3/0x11c0
[ 1016.009476][T18466]  fib6_del+0xed2/0x1550
[ 1016.009490][T18466]  ? fib6_del+0x5a1/0x1550
[ 1016.009509][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1016.009531][T18466]  fib6_clean_node+0x29f/0x590
[ 1016.009546][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1016.009557][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1016.009576][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.009596][T18466]  fib6_walk_continue+0x67b/0x910
[ 1016.009616][T18466]  fib6_walk+0x149/0x290
[ 1016.009630][T18466]  __fib6_clean_all+0x234/0x380
[ 1016.009641][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1016.009653][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1016.009666][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1016.009680][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1016.009693][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1016.009712][T18466]  rt6_disable_ip+0x120/0x720
[ 1016.009730][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.009742][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1016.009760][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1016.009778][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1016.009796][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1016.009811][T18466]  ? tls_dev_event+0x717/0xec0
[ 1016.009827][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1016.009851][T18466]  addrconf_notify+0x1bc/0x1010
[ 1016.009868][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1016.009884][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1016.009905][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1016.009916][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1016.009930][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1016.009943][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1016.009961][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1016.009978][T18466]  netif_change_flags+0xe8/0x1a0
[ 1016.009993][T18466]  do_setlink+0xc55/0x41c0
[ 1016.010008][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1016.010023][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1016.010037][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1016.010048][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.010059][T18466]  ? enqueue_timer+0x216/0x560
[ 1016.010079][T18466]  ? _printk+0xcf/0x120
[ 1016.010094][T18466]  ? __pfx__printk+0x10/0x10
[ 1016.010104][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.010124][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1016.010142][T18466]  ? br_opt_toggle+0x108/0x120
[ 1016.010153][T18466]  ? br_changelink+0x1023/0x1650
[ 1016.010169][T18466]  ? br_changelink+0x124f/0x1650
[ 1016.010185][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1016.010199][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1016.010216][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1016.010232][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.010243][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1016.010263][T18466]  ? ns_capable+0x8a/0xf0
[ 1016.010280][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1016.010294][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1016.010309][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1016.010327][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1016.010356][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1016.010373][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.010390][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1016.010400][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1016.010417][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.010438][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.010457][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.010473][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1016.010491][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1016.010512][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1016.010540][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1016.010555][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1016.010574][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1016.010589][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1016.010604][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1016.010618][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1016.010632][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1016.010646][T18466]  ? __skb_clone+0x63/0x7a0
[ 1016.010663][T18466]  netlink_rcv_skb+0x208/0x470
[ 1016.010675][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1016.010692][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1016.010711][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1016.010722][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1016.010736][T18466]  netlink_unicast+0x75b/0x8d0
[ 1016.010758][T18466]  netlink_sendmsg+0x805/0xb30
[ 1016.010775][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1016.010789][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1016.010804][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1016.010819][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1016.010831][T18466]  __sock_sendmsg+0x21c/0x270
[ 1016.010858][T18466]  ____sys_sendmsg+0x505/0x830
[ 1016.010884][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1016.010916][T18466]  ? import_iovec+0x74/0xa0
[ 1016.010942][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1016.010966][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1016.011031][T18466]  ? __fget_files+0x2a/0x420
[ 1016.011054][T18466]  ? __fget_files+0x3a0/0x420
[ 1016.011087][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1016.011112][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1016.011145][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.011170][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1016.011201][T18466]  do_syscall_64+0xfa/0x3b0
[ 1016.011226][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.011251][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.011271][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1016.011296][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.011315][T18466] RIP: 0033:0x7fb991f8e929
[ 1016.011344][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1016.011362][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1016.011384][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1016.011399][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1016.011412][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1016.011425][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1016.011437][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1016.011478][T18466]  </TASK>
[ 1016.650529][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1016.656661][T18466] 
[ 1016.659023][T18466] =============================
[ 1016.663964][T18466] WARNING: suspicious RCU usage
[ 1016.668844][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1016.675686][T18466] -----------------------------
[ 1016.680560][T18466] net/ipv6/ip6_fib.c:1820 suspicious rcu_dereference_protected() usage!
[ 1016.689038][T18466] 
[ 1016.689038][T18466] other info that might help us debug this:
[ 1016.689038][T18466] 
[ 1016.699419][T18466] 
[ 1016.699419][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1016.707607][T18466] 4 locks held by syz.1.3546/18466:
[ 1016.712871][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1016.722499][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1016.731625][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1016.741223][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1016.750905][T18466] 
[ 1016.750905][T18466] stack backtrace:
[ 1016.756842][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1016.756859][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1016.756866][T18466] Call Trace:
[ 1016.756872][T18466]  <TASK>
[ 1016.756877][T18466]  dump_stack_lvl+0x189/0x250
[ 1016.756901][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1016.756918][T18466]  ? __pfx__printk+0x10/0x10
[ 1016.756933][T18466]  ? print_lock_name+0xde/0x100
[ 1016.756948][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1016.756968][T18466]  fib6_find_prefix+0x1e8/0x3f0
[ 1016.756983][T18466]  fib6_repair_tree+0x10bd/0x11c0
[ 1016.757006][T18466]  fib6_del+0xed2/0x1550
[ 1016.757019][T18466]  ? fib6_del+0x5a1/0x1550
[ 1016.757039][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1016.757062][T18466]  fib6_clean_node+0x29f/0x590
[ 1016.757076][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1016.757087][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1016.757106][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.757125][T18466]  fib6_walk_continue+0x67b/0x910
[ 1016.757145][T18466]  fib6_walk+0x149/0x290
[ 1016.757158][T18466]  __fib6_clean_all+0x234/0x380
[ 1016.757170][T18466]  ? __fib6_clean_all+0x9b/0x380
[ 1016.757181][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1016.757195][T18466]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1016.757209][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1016.757221][T18466]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1016.757241][T18466]  rt6_disable_ip+0x120/0x720
[ 1016.757258][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.757269][T18466]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1016.757288][T18466]  addrconf_ifdown+0x15d/0x1880
[ 1016.757306][T18466]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1016.757324][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1016.757340][T18466]  ? tls_dev_event+0x717/0xec0
[ 1016.757355][T18466]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1016.757379][T18466]  addrconf_notify+0x1bc/0x1010
[ 1016.757395][T18466]  notifier_call_chain+0x1b3/0x3e0
[ 1016.757412][T18466]  __dev_notify_flags+0x18d/0x2e0
[ 1016.757427][T18466]  ? __pfx___dev_notify_flags+0x10/0x10
[ 1016.757437][T18466]  ? __dev_change_flags+0x4cc/0x6d0
[ 1016.757452][T18466]  ? __pfx___dev_change_flags+0x10/0x10
[ 1016.757465][T18466]  ? __irq_work_queue_local+0x1de/0x550
[ 1016.757491][T18466]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1016.757509][T18466]  netif_change_flags+0xe8/0x1a0
[ 1016.757524][T18466]  do_setlink+0xc55/0x41c0
[ 1016.757538][T18466]  ? vprintk_emit+0x63e/0x7a0
[ 1016.757554][T18466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1016.757568][T18466]  ? __pfx_do_setlink+0x10/0x10
[ 1016.757579][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.757590][T18466]  ? enqueue_timer+0x216/0x560
[ 1016.757610][T18466]  ? _printk+0xcf/0x120
[ 1016.757624][T18466]  ? __pfx__printk+0x10/0x10
[ 1016.757635][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.757655][T18466]  ? nla_memcpy+0x5b/0xc0
[ 1016.757674][T18466]  ? br_opt_toggle+0x108/0x120
[ 1016.757685][T18466]  ? br_changelink+0x1023/0x1650
[ 1016.757701][T18466]  ? br_changelink+0x124f/0x1650
[ 1016.757717][T18466]  ? __pfx_br_changelink+0x10/0x10
[ 1016.757731][T18466]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1016.757749][T18466]  ? rtnl_newlink+0x8db/0x1c70
[ 1016.757765][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.757776][T18466]  ? __pfx___mutex_lock+0x10/0x10
[ 1016.757797][T18466]  ? ns_capable+0x8a/0xf0
[ 1016.757814][T18466]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1016.757828][T18466]  rtnl_newlink+0x160b/0x1c70
[ 1016.757843][T18466]  ? netlink_sendmsg+0x805/0xb30
[ 1016.757862][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1016.757890][T18466]  ? kasan_quarantine_put+0xdd/0x220
[ 1016.757908][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.757925][T18466]  ? nlmon_xmit+0xb0/0x100
[ 1016.757935][T18466]  ? kmem_cache_free+0x18f/0x400
[ 1016.757952][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.757968][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.757983][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1016.757998][T18466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1016.758016][T18466]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1016.758037][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1016.758065][T18466]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1016.758082][T18466]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1016.758100][T18466]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1016.758116][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1016.758131][T18466]  ? ref_tracker_free+0x63a/0x7d0
[ 1016.758145][T18466]  ? __copy_skb_header+0xa7/0x550
[ 1016.758159][T18466]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1016.758174][T18466]  ? __skb_clone+0x63/0x7a0
[ 1016.758191][T18466]  netlink_rcv_skb+0x208/0x470
[ 1016.758204][T18466]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1016.758220][T18466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1016.758239][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1016.758250][T18466]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1016.758264][T18466]  netlink_unicast+0x75b/0x8d0
[ 1016.758286][T18466]  netlink_sendmsg+0x805/0xb30
[ 1016.758303][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1016.758317][T18466]  ? aa_sock_msg_perm+0x94/0x160
[ 1016.758332][T18466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1016.758347][T18466]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1016.758359][T18466]  __sock_sendmsg+0x21c/0x270
[ 1016.758376][T18466]  ____sys_sendmsg+0x505/0x830
[ 1016.758393][T18466]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1016.758410][T18466]  ? import_iovec+0x74/0xa0
[ 1016.758425][T18466]  ___sys_sendmsg+0x21f/0x2a0
[ 1016.758438][T18466]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1016.758478][T18466]  ? __fget_files+0x2a/0x420
[ 1016.758491][T18466]  ? __fget_files+0x3a0/0x420
[ 1016.758509][T18466]  __x64_sys_sendmsg+0x19b/0x260
[ 1016.758523][T18466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1016.758542][T18466]  ? rcu_is_watching+0x15/0xb0
[ 1016.758555][T18466]  ? do_syscall_64+0xbe/0x3b0
[ 1016.758572][T18466]  do_syscall_64+0xfa/0x3b0
[ 1016.758586][T18466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1016.758599][T18466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.758611][T18466]  ? clear_bhb_loop+0x60/0xb0
[ 1016.758624][T18466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.758636][T18466] RIP: 0033:0x7fb991f8e929
[ 1016.758648][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1016.758658][T18466] RSP: 002b:00007fb992dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1016.758672][T18466] RAX: ffffffffffffffda RBX: 00007fb9921b5fa0 RCX: 00007fb991f8e929
[ 1016.758680][T18466] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1016.758688][T18466] RBP: 00007fb992010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1016.758695][T18466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1016.758702][T18466] R13: 0000000000000000 R14: 00007fb9921b5fa0 R15: 00007fb9922dfa28
[ 1016.758719][T18466]  </TASK>
[ 1016.758725][T18466] 
[ 1017.354792][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1017.414902][T18466] =============================
[ 1017.419763][T18466] WARNING: suspicious RCU usage
[ 1017.424684][T18466] 6.15.0-syzkaller-12058-g64980441d269 #0 Not tainted
[ 1017.431527][T18466] -----------------------------
[ 1017.436414][T18466] net/ipv6/ip6_fib.c:1822 suspicious rcu_dereference_protected() usage!
[ 1017.444846][T18466] 
[ 1017.444846][T18466] other info that might help us debug this:
[ 1017.444846][T18466] 
[ 1017.455155][T18466] 
[ 1017.455155][T18466] rcu_scheduler_active = 2, debug_locks = 1
[ 1017.463286][T18466] 4 locks held by syz.1.3546/18466:
[ 1017.468940][T18466]  #0: ffffffff8fa2e758 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[ 1017.478612][T18466]  #1: ffffffff8f50f5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 1017.487763][T18466]  #2: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9b/0x380
[ 1017.497307][T18466]  #3: ffff88805cd45830 (&tb->tb6_lock){+...}-{3:3}, at: __fib6_clean_all+0x1ce/0x380
[ 1017.506968][T18466] 
[ 1017.506968][T18466] stack backtrace:
[ 1017.512930][T18466] CPU: 0 UID: 0 PID: 18466 Comm: syz.1.3546 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[ 1017.512954][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1017.512965][T18466] Call Trace:
[ 1017.512974][T18466]  <TASK>
[ 1017.512982][T18466]  dump_stack_lvl+0x189/0x250
[ 1017.513020][T18466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1017.513048][T18466]  ? __pfx__printk+0x10/0x10
[ 1017.513075][T18466]  ? print_lock_name+0xde/0x100
[ 1017.513100][T18466]  lockdep_rcu_suspicious+0x140/0x1d0
[ 1017.513138][T18466]  fib6_find_prefix+0x211/0x3f0
[ 1017.513163][T18466]  fib6_repair_tree+0x10bd/0x11c0
[ 1017.513210][T18466]  fib6_del+0xed2/0x1550
[ 1017.513235][T18466]  ? fib6_del+0x5a1/0x1550
[ 1017.513274][T18466]  ? __pfx_fib6_del+0x10/0x10
[ 1017.513318][T18466]  fib6_clean_node+0x29f/0x590
[ 1017.513344][T18466]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1017.513364][T18466]  ? __lock_acquire+0xab9/0xd20
[ 1017.513400][T18466]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1017.513436][T18466]  fib6_walk_continue+0x67b/0x910
[ 1017.513474][T18466]  fib6_walk+0x149/0x290