last executing test programs:

18.669789176s ago: executing program 3 (id=543):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f00000005c0)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r2, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="6f9726afdac27f9b56", 0x9}], 0x1}}], 0x1, 0x20004000)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)={0x18, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x4, 0x18}]}, 0x18}], 0x1}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, 0x0, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800)
socket$key(0xf, 0x3, 0x2)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000))
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x81, 0x7, 0xa, 0x4, 0x100, 0x5, 0xfffffff8, 0x7})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180), 0x4})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
openat$tun(0xffffff9c, &(0x7f0000000240), 0x280041, 0x0)
close(0xffffffffffffffff)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r7, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x93}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xd}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc040}, 0x0)

18.500096853s ago: executing program 3 (id=544):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f00000005c0)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r2, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="6f9726afdac27f9b56", 0x9}], 0x1}}], 0x1, 0x20004000)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)={0x18, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x4, 0x18}]}, 0x18}], 0x1}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r5, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000))
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r6, 0xc03064b7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x81, 0x7, 0xa, 0x4, 0x100, 0x5, 0xfffffff8, 0x7})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180), 0x4})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
openat$tun(0xffffff9c, &(0x7f0000000240), 0x280041, 0x0)
close(0xffffffffffffffff)
r8 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x93}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xd}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc040}, 0x0)

18.381628679s ago: executing program 3 (id=545):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
wait4(0x0, 0x0, 0x40000000, 0x0)
ptrace(0x10, 0x0)
wait4(0x0, 0x0, 0xa0000009, 0x0)

18.299926824s ago: executing program 3 (id=546):
openat$sequencer(0xffffff9c, &(0x7f0000000380), 0x2, 0x0)
io_setup(0x81, &(0x7f0000000180)=<r0=>0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x31435641, 0x0, 0xa, [{}, {0x80010, 0x7fc}, {}, {0xfffffffd}], 0x0, 0x0, 0x0, 0x0, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x2000, 0x2}, 0x14)
listen(r2, 0x1ff)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f0000000500)="ab", 0x34000, 0x40, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, 0x0, 0x242080, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x4, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x28040, 0x2000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5, 0x15, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0)
io_uring_setup(0x1ce0, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x1000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cdrom(0xffffff9c, &(0x7f0000000180), 0xc2002, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e07000514"], 0xa)
io_submit(r0, 0x1, &(0x7f0000002340)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r4, 0x0}])
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x164)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)

17.4271648s ago: executing program 3 (id=548):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
mknod(&(0x7f0000000080)='./file1\x00', 0x0, 0x7)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064d1, &(0x7f0000000040)={0x2, 0x0, &(0x7f0000000080)=[0x0, 0x0]})
vmsplice(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)="b63bded039dadfb381646c5a6d3a83048d3cc206033cb92163ccb89e74e2ac63b66dc949710d3bba6806d404c44471f53a6e0d27487d9e", 0x37}, {&(0x7f0000000100)="6be3a08ecd6907c1d21000046d20440e3fbc3afcfa4f4fb7175f323e1642a78365ee0e4a5d51a3aadd58071908191925784c6b1ad0f23e5310947ec52ff617488dd06849ec7dabb675921e4a368faf991b74aa6c92a981868ceadd603cdb49441eb98838e03ee3af4b0c6294b81b62cd1b7f3ad11fe58e153d599342410f7aa22ccce2deba946bc0c55dc510fb1cda60aaccd5353ea0889ee5a09e40d1f8a7e8508e3dda4044bd0637e9a578a486dfe82fb804b19b522dccf6cd22be7e6a32adf6973aeb326614f03a0e6826033fddb196f7bb962acd10db9322b4311bc4a05ec183cc9f9dfd21", 0xe7}, {&(0x7f0000000200)="9c4d955ab3a939d08fe9312dc01d3080d0f9e4bec7967f3c46b5d59364c5dd9ae21f76f3a4db6971d640cb8b51994fc9ea21017a8d619c8ba699", 0x3a}], 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001700)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x0, 0xa, 0x148, 0x16c, 0x10, 0x224, 0x2a8, 0x2a8, 0x224, 0x2a8, 0x3, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x38}, @empty, 0xff, 0xffffffff, 'veth0_macvtap\x00', 'pim6reg1\x00', {}, {0xff}, 0x88, 0x3, 0x7b}, 0x0, 0x104, 0x16c, 0x0, {0x20000000}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x9, 0x0, 0x689, 0xfffffffd, 0x6}}}, @common=@unspec=@limit={{0x3c}, {0x55e5, 0x1, 0x6}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xc83fa171e3d30524, 0x9, 0xcebf, 0x6, 'syz0\x00', 'syz0\x00', {0x8}}}}, {{@ip={@multicast1, @multicast1, 0xff, 0xffffffff, 'veth0_to_team\x00', 'team0\x00', {}, {}, 0x107, 0x0, 0xc}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x9, 0x7, 0x5, '\x00', {0xff}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x314)
mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x24)

17.426731245s ago: executing program 3 (id=549):
timer_create(0x3, &(0x7f0000000480)={0x0, 0x7}, &(0x7f0000001400))
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0)
fdatasync(r0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[], 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="0100"})
close(0x3)
connect$can_j1939(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
ppoll(&(0x7f0000000080)=[{r2, 0x9a}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000ffdbdf25010000000000000007410000004c0018000002ea62726f6164636173742d6c696e6b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040c59875b39d46e317d5de"], 0x68}, 0x1, 0x0, 0x0, 0x51}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000002c00010026bd7000fcdbdf250400"], 0x28}, 0x1, 0x0, 0x0, 0x8}, 0x20000000)
close_range(r2, r0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x20000, 0x2)
socket$unix(0x1, 0x2, 0x0)
r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x1000000, 0x0, 0x0, 0x0)

9.457969459s ago: executing program 2 (id=589):
r0 = syz_open_dev$video4linux(&(0x7f0000000180), 0x5, 0x0)
ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000000)={0x7d, 0x8, "303f59860efa407adbbc54f18158a26c5e309e5bff8b7e4fcf0cd5380bd21193", 0x7, 0x2, 0x2, 0x8})
r1 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0xff)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000fd0000008500000086000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000100000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r3}, 0xc)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000060100800c0001"], 0x114}], 0x1}, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB='\x00-'], 0x170)

9.380089057s ago: executing program 2 (id=590):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)='\t', 0x1, 0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$sr(0xffffff9c, &(0x7f0000000040), 0x6000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r4=>0x0})
r5 = socket$inet_icmp(0x2, 0x2, 0x1)
close(r5)
sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r4, @ANYBLOB="0e73f04a527c"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4000)
sendmsg$NL80211_CMD_DISASSOCIATE(r1, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="e0010000", @ANYRES16=r3, @ANYBLOB="00a3bcbd7000fedbd0a63019b850745c0600c58018382af700009c002a00bd06ffffffffffffdd0bbb3997d71267967d79507a2a0101267e084001a1f796fc6759c248a63fdfcd8db7e8feb5355d5737a5af5c90fa540753678a3aed7774a0605db69e67fdee0245ee6b9a276292ad797ef1a46eab084958f31f4cf8f97196645514aaa4008ba688749f7e9bfd7d0d880e435286fb682e6e22e361b181e0d9e80bbd843fa4a3d33bbd01d9fd638b45c3ac7da821eb1704005f0013003400c612af4d49bdb2354f3c594b5ab22f000a00060050505050505000000a00340002020202020200000600360006000000eb002a00250300ac0926e0040a090e520117cecee5d05660cd7f178deef9d2b45cb45438766621a7c1c0765d5acbe5f31ca591d1d3553134deeeaae27e3371e3cc78d6135beee34c6180f4bf268921e71bf36940e85a69b37345287bad070a4dc79da647e6d3f259e2b8db7437eb08a5d0762a7c6299dea6fa79ca4ab35ae24afa1e1712f2c99d0dd2ce5b53b804fe5b71a6c810c1daadbf0f8d690576b889a91919e4738a9187771d21414f6aca213cb73cfa5f2b6fa442983d8bf7d86f17ec1fdd421bae66f05058bd88785386f2f46e60431b4d6c614de4c8492ee7d6533c06d266b586e5b41912ce8000"], 0x1e0}, 0x1, 0x0, 0x0, 0x4000}, 0x448c4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x2000000000000080, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x8, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)

9.379226371s ago: executing program 2 (id=593):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000300)=0x4, 0x4)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r4)
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r5)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r5, 0x4004550d, 0x0)
syz_usb_connect(0x4, 0x381, &(0x7f0000000dc0)={{0x12, 0x1, 0x201, 0xf2, 0xb5, 0x1, 0x20, 0x1546, 0x1311, 0xd8a3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x36f, 0x2, 0x5, 0x9, 0x20, 0x80, [{{0x9, 0x4, 0x3, 0x5, 0x0, 0xd1, 0xd7, 0xe3, 0x4}}, {{0x9, 0x4, 0xc0, 0x4, 0x9, 0xf1, 0x65, 0x1e, 0x43, [], [{{0x9, 0x5, 0x9, 0x0, 0x10, 0x4, 0x40, 0x9, [@generic={0x81, 0xe, "6bb7ec95c99cc70ec70b4115af648b7f8310055120a918ad64eeec9bbfdde1e41bbbe957e820d5767c275a60acf897c1482fb9ffd6f772b925c77dc090381596c2b062536d143225eb9a5a55d075b28d119bc29c1cfac22d71cef9d3a8dea15740f56ec9c283b14768e6a040e550568dfec11df443a97fa0fd7b0897ec48b4"}]}}, {{0x9, 0x5, 0x4, 0x2, 0x40, 0x8, 0x9, 0x80, [@generic={0x7f, 0x3a, "a45af68b98f65180996b314a2d43efc7f6af4b35dd478ec25db5a999a00ab9fb7025f71ec0b23a37e27231702966d9af7c9a7ec9ad2ef3f136c84d6c8e39ecb4b90b7bf6289470d0e52bcfe5daac9265bc06b0d4b4ecb1bcb92d19156adcf4fa315864f88d9dc419368087a38a6d13921581cff32e693555e8fcc84e01"}, @generic={0x2c, 0x7, "8b5aaca3d3706aff1adc2195bc559b5c0614c5cd55d8426e2e6f93a1a1a01dcbc163ecd1196db0dab4ee"}]}}, {{0x9, 0x5, 0xa, 0x2, 0x20, 0x2, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x81, 0x3}]}}, {{0x9, 0x5, 0x2, 0x1, 0x20, 0x38, 0x5, 0x7}}, {{0x9, 0x5, 0x0, 0x0, 0x200, 0x2, 0x39, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3d, 0x3}, @generic={0x9d, 0x22, "a8ec2e0b6d1694e95d2ae05712a1f00bfd436cde330628a1dab809ae1a9f3f4d54cdf8a0550993a5e069ecfb10882cf6700ab7ad59ed0abf05b16c19b2c6f78ff40ede231345cfae8e58c1a198136b5c4939d18c6c8648f9cea3bdaf374da1c3b6be07e2591f6d62f98c4792b1a3a279b06a6da9c73c3318e7e442ea6955d23be3d30a1a6425ae8d285cdc091b82a11171aae90e69e2b0f6f1ae10"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x80, 0x9, 0x7f}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x2, 0x6, 0x6, [@generic={0x2c, 0x6, "c4252365502409cad4cdfab2387a66bca7e1a0c725c95db8b0ef12f61900ebd11504f437b77fcc265c2d"}]}}, {{0x9, 0x5, 0x0, 0x4, 0x20, 0x9, 0x26, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf3, 0x1}, @generic={0xf2, 0x31, "add6ed5ddba4308151f35e585c4bfbbeb3d7fff68c67bc72d70b7408658ea29eca1a094b61304e2b6039a46034d9378efa10c355c34bf5559593a220c0f4ef916a695397dfbcbb54adea8331f3d19f29a6776b3a735a7d351f774af234b2134b07d92b459dc70b1cc0935940ccedc07c6037825f52d4b6106a38a260cdac681930f48d4c8df3c2cb18c23dc7eafe21e6629c8f202519e76cc177f2597b01d171d775742e6b2c8d1cf7aa272c9d9a24d83ff9d35f96e68c22d534e08909fd980d5a7332004b8efca0aea20cf27f4cc4aa16fe95dd579a7fa5dbf10634c72c9081ee1cd388a6954b7bf859ddd187889822"}]}}, {{0x9, 0x5, 0xd, 0x4, 0x400, 0xe, 0x1, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x31, 0xa1}]}}]}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x300, 0x2, 0x8, 0x5, 0x10, 0x7f}, 0xc, &(0x7f0000000640)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x7, 0x0, 0x8}]}, 0x4, [{0x59, &(0x7f0000000680)=@string={0x59, 0x3, "58df1b49c10edb1b10371911e16c27a6347236ad356d9578aabe093c4a874a1c4882f5f088441803ca25eadfdbb9266a201a3d47c048c44f206f3f797828cf65d516563bf9e9840be41ace3b66dad8cc2f9672c1170fe1"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x42f}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x1407}}]})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r6, 0x0, 0x11)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x2, 0x1)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="d41ecd373074179b0ef739ca5055816b3c0ff2dfa854aa73a837e39fd2a873b6c6d08f906a2473df688cc3a9259c40f63011e84f118fc60f48d809344474158332333de9bfd19ff530a1a47735451b92690850c7c23852f5bac801eac05acaf9075658c8c8c936697df6884a31addea84c364a9bde0656", 0x77}, {&(0x7f0000000180)="953d3b0d8df0eddd4d51cb3f8d6ceff78f6e6709218b3b2c59286674914b7c304eb7245ca0cc1bac0f87ec049dab7a09f4d4bb75a334d530c67d417f5112e06400d6dca961057de31db2ac1503ca376c14fd9daf65f45ea515f53ce85106d2501b0b0ca628280aa19903839d0fd0200a534b25bcffa98c86f58b8623d322315282f0319de36688b6580ab441e741ce97bdade44ebfcd874aef51855cbac01794227baab93b2d3c5085393a03768ea47bffde7e8acca5b9864a52ce77777e94d335ea7444eb2110fc51", 0xc9}], 0x2}}, {{0x0, 0x0, &(0x7f0000000540)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000b00)="c4", 0x1}], 0x1}}], 0x4, 0x40040)
shutdown(r2, 0x1)
r7 = syz_open_dev$sg(0x0, 0x5, 0x2)
ioctl$SCSI_IOCTL_STOP_UNIT(r7, 0x6)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000200", @ANYRES16=r8, @ANYBLOB="010b000000000000000001000000"], 0x14}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00000000000a00000000000000000000000800010002"], 0x20}, 0x1, 0x0, 0x0, 0x200008c4}, 0x0)

7.030098176s ago: executing program 2 (id=602):
r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfffffffe, 0x0, 0x1, 0x2}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000180))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioprio_set$uid(0x3, 0x0, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x4, r3, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r0, 0x7a16, 0x6021, 0x0, 0x0, 0xffffffffffffffb5)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f00000031c0)=[{{&(0x7f00000001c0)=@isdn, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000100)=""/23, 0x17}, {&(0x7f0000000300)}, {&(0x7f0000000340)=""/80, 0x50}, {&(0x7f00000003c0)=""/27, 0x1b}], 0x5, &(0x7f0000000580)=""/178, 0xb2}, 0x7}, {{&(0x7f0000000440)=@qipcrtr, 0x80, &(0x7f0000000680)=[{&(0x7f0000000640)}], 0x1, &(0x7f00000006c0)=""/69, 0x45}, 0x1}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000740)=""/97, 0x61}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f0000000880)=""/56, 0x38}, {&(0x7f00000008c0)=""/248, 0xf8}, {&(0x7f00000009c0)=""/226, 0xe2}, {&(0x7f0000000ac0)=""/219, 0xdb}], 0x6, &(0x7f0000000c00)=""/4096, 0x1000}, 0x3}, {{&(0x7f0000001c00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000002180)=[{&(0x7f0000001c80)=""/197, 0xc5}, {&(0x7f0000001d80)=""/119, 0x77}, {&(0x7f0000001e00)=""/108, 0x6c}, {&(0x7f0000001e80)=""/46, 0x2e}, {&(0x7f0000001ec0)=""/216, 0xd8}, {&(0x7f0000001fc0)=""/198, 0xc6}, {&(0x7f00000020c0)=""/139, 0x8b}], 0x7, &(0x7f00000021c0)=""/4096, 0x1000}, 0x9}], 0x4, 0x1, &(0x7f0000003240))
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x0)

6.160285212s ago: executing program 2 (id=605):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
mknod(&(0x7f0000000080)='./file1\x00', 0xa000, 0x7)

6.159992058s ago: executing program 2 (id=606):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = openat$audio(0xffffff9c, &(0x7f0000000340), 0x88001, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(r5, 0x80045010, &(0x7f0000000380))
getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
sendmsg$inet(r6, &(0x7f00000013c0)={0x0, 0x0, 0x0}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x78, r3, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x4, 0x5f}}}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "70d197532886c476ee7508b59c9e82da"}, @NL80211_ATTR_PMK={0x14, 0xfe, "b298e186514f85f1890fab319aba6559"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK={0x14, 0xfe, "7f53a7607b781bd375270f30e5d441fd"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x78}}, 0x1)
sendmsg$nl_generic(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0xfffffffc, 0x0, {0xd}}, 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04132501"], 0x8)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r9=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffe}, {0xa, 0x4, 0x0, @mcast2}, r9}}, 0x48)

5.939815485s ago: executing program 0 (id=610):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000300)=0x4, 0x4)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r4)
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r5)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r5, 0x4004550d, 0x0)
syz_usb_connect(0x4, 0x381, &(0x7f0000000dc0)={{0x12, 0x1, 0x201, 0xf2, 0xb5, 0x1, 0x20, 0x1546, 0x1311, 0xd8a3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x36f, 0x2, 0x5, 0x9, 0x20, 0x80, [{{0x9, 0x4, 0x3, 0x5, 0x0, 0xd1, 0xd7, 0xe3, 0x4}}, {{0x9, 0x4, 0xc0, 0x4, 0x9, 0xf1, 0x65, 0x1e, 0x43, [], [{{0x9, 0x5, 0x9, 0x0, 0x10, 0x4, 0x40, 0x9, [@generic={0x81, 0xe, "6bb7ec95c99cc70ec70b4115af648b7f8310055120a918ad64eeec9bbfdde1e41bbbe957e820d5767c275a60acf897c1482fb9ffd6f772b925c77dc090381596c2b062536d143225eb9a5a55d075b28d119bc29c1cfac22d71cef9d3a8dea15740f56ec9c283b14768e6a040e550568dfec11df443a97fa0fd7b0897ec48b4"}]}}, {{0x9, 0x5, 0x4, 0x2, 0x40, 0x8, 0x9, 0x80, [@generic={0x7f, 0x3a, "a45af68b98f65180996b314a2d43efc7f6af4b35dd478ec25db5a999a00ab9fb7025f71ec0b23a37e27231702966d9af7c9a7ec9ad2ef3f136c84d6c8e39ecb4b90b7bf6289470d0e52bcfe5daac9265bc06b0d4b4ecb1bcb92d19156adcf4fa315864f88d9dc419368087a38a6d13921581cff32e693555e8fcc84e01"}, @generic={0x2c, 0x7, "8b5aaca3d3706aff1adc2195bc559b5c0614c5cd55d8426e2e6f93a1a1a01dcbc163ecd1196db0dab4ee"}]}}, {{0x9, 0x5, 0xa, 0x2, 0x20, 0x2, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x81, 0x3}]}}, {{0x9, 0x5, 0x2, 0x1, 0x20, 0x38, 0x5, 0x7}}, {{0x9, 0x5, 0x0, 0x0, 0x200, 0x2, 0x39, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3d, 0x3}, @generic={0x9d, 0x22, "a8ec2e0b6d1694e95d2ae05712a1f00bfd436cde330628a1dab809ae1a9f3f4d54cdf8a0550993a5e069ecfb10882cf6700ab7ad59ed0abf05b16c19b2c6f78ff40ede231345cfae8e58c1a198136b5c4939d18c6c8648f9cea3bdaf374da1c3b6be07e2591f6d62f98c4792b1a3a279b06a6da9c73c3318e7e442ea6955d23be3d30a1a6425ae8d285cdc091b82a11171aae90e69e2b0f6f1ae10"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x80, 0x9, 0x7f}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x2, 0x6, 0x6, [@generic={0x2c, 0x6, "c4252365502409cad4cdfab2387a66bca7e1a0c725c95db8b0ef12f61900ebd11504f437b77fcc265c2d"}]}}, {{0x9, 0x5, 0x0, 0x4, 0x20, 0x9, 0x26, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf3, 0x1}, @generic={0xf2, 0x31, "add6ed5ddba4308151f35e585c4bfbbeb3d7fff68c67bc72d70b7408658ea29eca1a094b61304e2b6039a46034d9378efa10c355c34bf5559593a220c0f4ef916a695397dfbcbb54adea8331f3d19f29a6776b3a735a7d351f774af234b2134b07d92b459dc70b1cc0935940ccedc07c6037825f52d4b6106a38a260cdac681930f48d4c8df3c2cb18c23dc7eafe21e6629c8f202519e76cc177f2597b01d171d775742e6b2c8d1cf7aa272c9d9a24d83ff9d35f96e68c22d534e08909fd980d5a7332004b8efca0aea20cf27f4cc4aa16fe95dd579a7fa5dbf10634c72c9081ee1cd388a6954b7bf859ddd187889822"}]}}, {{0x9, 0x5, 0xd, 0x4, 0x400, 0xe, 0x1, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x31, 0xa1}]}}]}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x300, 0x2, 0x8, 0x5, 0x10, 0x7f}, 0xc, &(0x7f0000000640)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x7, 0x0, 0x8}]}, 0x4, [{0x59, &(0x7f0000000680)=@string={0x59, 0x3, "58df1b49c10edb1b10371911e16c27a6347236ad356d9578aabe093c4a874a1c4882f5f088441803ca25eadfdbb9266a201a3d47c048c44f206f3f797828cf65d516563bf9e9840be41ace3b66dad8cc2f9672c1170fe1"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x42f}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x1407}}]})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r6, 0x0, 0x11)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x2, 0x1)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="d41ecd373074179b0ef739ca5055816b3c0ff2dfa854aa73a837e39fd2a873b6c6d08f906a2473df688cc3a9259c40f63011e84f118fc60f48d809344474158332333de9bfd19ff530a1a47735451b92690850c7c23852f5bac801eac05acaf9075658c8c8c936697df6884a31addea84c364a9bde0656", 0x77}, {&(0x7f0000000180)="953d3b0d8df0eddd4d51cb3f8d6ceff78f6e6709218b3b2c59286674914b7c304eb7245ca0cc1bac0f87ec049dab7a09f4d4bb75a334d530c67d417f5112e06400d6dca961057de31db2ac1503ca376c14fd9daf65f45ea515f53ce85106d2501b0b0ca628280aa19903839d0fd0200a534b25bcffa98c86f58b8623d322315282f0319de36688b6580ab441e741ce97bdade44ebfcd874aef51855cbac01794227baab93b2d3c5085393a03768ea47bffde7e8acca5b9864a52ce77777e94d335ea7444eb2110fc51", 0xc9}], 0x2}}, {{0x0, 0x0, &(0x7f0000000540)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000b00)="c4", 0x1}], 0x1}}], 0x4, 0x40040)
shutdown(r2, 0x1)
r7 = syz_open_dev$sg(&(0x7f0000000580), 0x5, 0x2)
ioctl$SCSI_IOCTL_STOP_UNIT(r7, 0x6)
r8 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000200", @ANYRES16=r8, @ANYBLOB="010b000000000000000001000000"], 0x14}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00000000000a00000000000000000000000800010002"], 0x20}, 0x1, 0x0, 0x0, 0x200008c4}, 0x0)

3.719468385s ago: executing program 0 (id=617):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x10000000, 0x1, 0xa, 0xb}, {0x1, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x800000000000296, 0x40000141, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r2 = userfaultfd(0x801)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
close(r3)
r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000040)={0xa})
connect$pppl2tp(r4, &(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x1, 0x2, {0xa, 0x4e22, 0x8, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}}}, 0x3a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
geteuid()
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c00000002060108000034e40000000100010000000000000600000005000400000000000900020073797a310000f2ff040005000200000011000300687a4a75c426df96491a681d886173683a69702c706f727400000000"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="54000000090701080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000000ff0000000c000180080020dccd08a76254bf61c1a9b902b2a75e014000000010570bf9b26019be8f5a659d9572d22752e2ab630a526eceafcc82100dab87c81311424fc5946a0226344233e321833ebf17804a2eca6d9940ab2c85afcdd33143b1ccdb5f7d64a18eb832e131362b712659e83f02691aa007ea4208e192e38a7cfc6eadb9473852cf3cf49674cd15f14e7460a4645f"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x80200, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957608d766cfff5c3a665bd121a2d89", 0x0, 0x0, {0x4, 0x40000a}, {0x5, 0xc00000}, 0x5, [0x3, 0x3, 0x9, 0x6, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x5, 0x80000000, 0x81, 0x10, 0x80000000, 0xfffffffffffffffb, 0x400000000000001]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)

3.380060791s ago: executing program 1 (id=619):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18, 0x0, 0x0, {0x7f}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000680)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) (fail_nth: 11)

3.199564565s ago: executing program 1 (id=620):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
pipe2(0x0, 0x800)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000003c0), 0xa780, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
openat$random(0xffffff9c, &(0x7f0000000100), 0x400, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r5=>0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r5, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendto$inet6(r8, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
sendfile(r7, 0xffffffffffffffff, 0x0, 0x80009)

2.669318541s ago: executing program 0 (id=621):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f00000005c0)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r2, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="6f9726afdac27f9b56", 0x9}], 0x1}}], 0x1, 0x20004000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r4, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800)
socket$key(0xf, 0x3, 0x2)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000))
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x81, 0x7, 0xa, 0x4, 0x100, 0x5, 0xfffffff8, 0x7})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180), 0x4})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
openat$tun(0xffffff9c, &(0x7f0000000240), 0x280041, 0x0)
close(0xffffffffffffffff)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r7, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x93}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xd}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc040}, 0x0)

2.425405298s ago: executing program 0 (id=622):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB='trans=fd,rf', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$P9_RXATTRCREATE(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000005000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
creat(&(0x7f0000000100)='./control/file0\x00', 0xe2)
rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./control\x00')
syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0)

2.411607176s ago: executing program 32 (id=549):
timer_create(0x3, &(0x7f0000000480)={0x0, 0x7}, &(0x7f0000001400))
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0)
fdatasync(r0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[], 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="0100"})
close(0x3)
connect$can_j1939(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
ppoll(&(0x7f0000000080)=[{r2, 0x9a}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000ffdbdf25010000000000000007410000004c0018000002ea62726f6164636173742d6c696e6b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040c59875b39d46e317d5de"], 0x68}, 0x1, 0x0, 0x0, 0x51}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000002c00010026bd7000fcdbdf250400"], 0x28}, 0x1, 0x0, 0x0, 0x8}, 0x20000000)
close_range(r2, r0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x20000, 0x2)
socket$unix(0x1, 0x2, 0x0)
r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x1000000, 0x0, 0x0, 0x0)

2.153104597s ago: executing program 1 (id=624):
syz_open_dev$loop(&(0x7f0000000300), 0x4, 0x0) (async)
r0 = syz_open_dev$loop(&(0x7f0000000300), 0x4, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
sendmmsg$inet(r1, &(0x7f0000000a40)=[{{&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_retopts={{0xc}}, @ip_tos_int={{0x10, 0x0, 0x1, 0xeb93}}], 0x1c}}], 0x1, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000400)={0x1, 0x0, 0x98, &(0x7f0000000340)={0x100000000000, 0x8000000000000001, 0x5}})
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
shmget(0x2, 0x3000, 0x200, &(0x7f0000ffb000/0x3000)=nil) (async)
shmget(0x2, 0x3000, 0x200, &(0x7f0000ffb000/0x3000)=nil)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f00000043c0)={0xce, 0x0, 0x8})
r5 = openat$sndseq(0xffffff9c, &(0x7f00000000c0), 0x800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000240)={{0x0, 0xd}, 0x0, 0x8, 0xffffd2a0, {0x6, 0x1}, 0xc0, 0x4})
socket$alg(0x26, 0x5, 0x0) (async)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async)
bind$alg(r6, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r6, 0x117, 0x5, 0x0, 0x6)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$NBD_DISCONNECT(r2, 0xab08) (async)
ioctl$NBD_DISCONNECT(r2, 0xab08)

1.959928631s ago: executing program 1 (id=625):
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x20000000)
syz_emit_ethernet(0x26, 0x0, 0x0)
r0 = socket$isdn_base(0x22, 0x3, 0x0)
socket(0x1e, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = fcntl$getown(r0, 0x9)
sched_setscheduler(r1, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x28200)
r3 = syz_io_uring_setup(0x6cd5, &(0x7f0000000500)={0x0, 0x3, 0x0, 0x8000, 0x8b}, &(0x7f0000000340), 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000000180)={0x15, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0]}, 0x20)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000180)={'sit0\x00', <r5=>0x0, 0x8, 0x700, 0x400003, 0x6, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x62, 0x0, 0x5, 0x29, 0x0, @remote, @rand_addr=0x64010100}}}})
socket$packet(0x11, 0x3, 0x300)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000004c0)=[@in6={0xa, 0x4e23, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}]}, &(0x7f0000000440)=0xc)
r6 = getpid()
r7 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r7, 0xc0045543, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000, 0x2000, &(0x7f0000000380)=@generic={0x11, "d71d9c1bf36be386b8195be2f96732daece168ab8c4756fcaaaaa57ab4d9fa9c5e136c872457faea878081b25c7ac9863e328325d3608f7b92b91789fb2322981d60e78ecebc51a8a848ac66a135cbf9adb555f5fff1d2552ce4b120288f1c606bebc17e3b75c547a1c41ac89d1be3f0e179d586d665ef8397dfdbdaa865"}, 0x80)

1.615688044s ago: executing program 0 (id=626):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x40000)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000001000040000000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000000200001400198000000100f06eec9962c7b38323fe18da5c3ef9ebdf00000500060005000000"], 0xfffffffffffffcf5}}, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000))
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
request_key(&(0x7f0000000280)='.dead\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000003c0)='@/#\x00', 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, &(0x7f00000006c0))
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)

1.037413849s ago: executing program 1 (id=627):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000019c0))
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, 0x0, 0x0)
r5 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @dev={0xfe, 0x80, '\x00', 0x30}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f0000001240)=[{0x10, 0x110, 0x1, "dc"}], 0x10}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffff8}}, 0x0, 0x0, 0x9, 0x0, 0x1c4, 0x0, 0xfe}, 0x9c)
bind$inet6(r4, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r6 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='name', &(0x7f00000000c0)='ceph\x00', 0x0)

677.146866ms ago: executing program 0 (id=628):
openat$sequencer(0xffffff9c, &(0x7f0000000380), 0x2, 0x0)
io_setup(0x81, &(0x7f0000000180)=<r0=>0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x31435641, 0x0, 0xa, [{}, {0x80010, 0x7fc}, {}, {0xfffffffd}], 0x0, 0x0, 0x0, 0x0, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x2000, 0x2}, 0x14)
listen(r2, 0x1ff)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f0000000500)="ab", 0x34000, 0x40, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x242080, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d", 0x13)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x4, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x28040, 0x2000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5, 0x15, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0)
io_uring_setup(0x1ce0, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x1000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cdrom(0xffffff9c, &(0x7f0000000180), 0xc2002, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e07000514"], 0xa)
io_submit(r0, 0x1, &(0x7f0000002340)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r4, 0x0}])
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x164)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)

0s ago: executing program 1 (id=629):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
pipe2(0x0, 0x800)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000003c0), 0xa780, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
openat$random(0xffffff9c, &(0x7f0000000100), 0x400, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r5=>0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r5, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendto$inet6(r8, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
sendfile(r7, 0xffffffffffffffff, 0x0, 0x80009)

kernel console output (not intermixed with test programs):

e579
[   75.284781][ T6603] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   75.284791][ T6603] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[   75.284801][ T6603] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[   75.284808][ T6603] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000000
[   75.284817][ T6603] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   75.284825][ T6603] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   75.284834][ T6603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   75.284861][ T6603]  </TASK>
[   75.371723][ T6598] IPVS: using max 35 ests per chain, 84000 per kthread
[   75.448588][ T6610] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   75.639448][ T6616] netlink: 88 bytes leftover after parsing attributes in process `syz.2.168'.
[   75.654673][    T8] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   75.737573][ T6183] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   75.806205][    T8] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   75.809457][    T8] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   75.813183][    T8] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   75.816645][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   75.820905][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   76.070084][ T6183] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   76.072676][ T6183] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   76.075721][ T6183] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   76.078342][ T6183] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   76.081453][ T6183] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   76.087560][ T6183] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   76.090260][ T6183] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   76.092890][ T6183] usb 5-1: Product: syz
[   76.094171][ T6183] usb 5-1: Manufacturer: syz
[   76.110874][ T6183] cdc_wdm 5-1:1.0: skipping garbage
[   76.112542][ T6183] cdc_wdm 5-1:1.0: skipping garbage
[   76.115268][    T8] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   76.117835][    T8] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   76.120224][    T8] usb 8-1: Product: syz
[   76.121416][    T8] usb 8-1: Manufacturer: syz
[   76.126235][    T8] cdc_wdm 8-1:1.0: skipping garbage
[   76.127781][    T8] cdc_wdm 8-1:1.0: skipping garbage
[   76.131199][    T8] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   76.132893][    T8] cdc_wdm 8-1:1.0: Unknown control protocol
[   76.140794][ T6183] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device
[   76.142620][ T6183] cdc_wdm 5-1:1.0: Unknown control protocol
[   76.371336][    T8] usb 5-1: USB disconnect, device number 4
[   76.433302][    C3] wdm_int_callback: 84 callbacks suppressed
[   76.433319][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.436887][    C3] wdm_int_callback: 84 callbacks suppressed
[   76.436895][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.441637][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.443551][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.445446][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.447304][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.449302][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.451210][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.453429][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.455946][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.458193][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.460157][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.462123][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.464089][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.465989][   T67] usb 8-1: USB disconnect, device number 6
[   76.467761][    C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[   76.467772][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[   76.467779][    C3] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   76.488340][ T6608] netlink: 20 bytes leftover after parsing attributes in process `syz.0.166'.
[   76.541713][ T6621] netlink: 20 bytes leftover after parsing attributes in process `syz.3.165'.
[   76.700502][ T6629] ubi: mtd0 is already attached to ubi31
[   76.746450][ T6631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.171'.
[   77.384408][   T67] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   77.546787][   T67] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   77.549884][   T67] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   77.552894][   T67] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[   77.555767][   T67] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   77.561210][   T67] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   77.564878][   T67] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   77.568083][   T67] usb 6-1: Product: syz
[   77.569781][   T67] usb 6-1: Manufacturer: syz
[   77.581918][   T67] cdc_wdm 6-1:1.0: skipping garbage
[   77.583648][   T67] cdc_wdm 6-1:1.0: skipping garbage
[   77.584452][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   77.585359][   T67] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[   77.737417][    T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   77.739954][    T9] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   77.743215][    T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[   77.746620][    T9] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   77.752514][    T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   77.756209][    T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   77.759326][    T9] usb 7-1: Product: syz
[   77.760966][    T9] usb 7-1: Manufacturer: syz
[   77.766218][    T9] cdc_wdm 7-1:1.0: skipping garbage
[   77.767766][    T9] cdc_wdm 7-1:1.0: skipping garbage
[   77.769302][    T9] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[   77.788582][ T6183] usb 6-1: USB disconnect, device number 4
[   77.975323][   T67] usb 7-1: USB disconnect, device number 4
[   78.424461][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   78.587464][    T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   78.589984][    T9] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   78.593170][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[   78.596184][    T9] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   78.605718][    T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   78.613571][    T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   78.620275][    T9] usb 6-1: Product: syz
[   78.621839][    T9] usb 6-1: Manufacturer: syz
[   78.632536][    T9] cdc_wdm 6-1:1.0: skipping garbage
[   78.634129][    T9] cdc_wdm 6-1:1.0: skipping garbage
[   78.636502][    T9] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[   78.848951][  T835] usb 6-1: USB disconnect, device number 5
[   80.610849][ T6678] netlink: 88 bytes leftover after parsing attributes in process `syz.2.184'.
[   81.328968][   T35] cfg80211: failed to load regulatory.db
[   81.522488][ T6693] ubi: mtd0 is already attached to ubi31
[   81.651276][ T6694] ubi: mtd0 is already attached to ubi31
[   81.664468][   T63] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[   81.837012][   T63] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   81.839518][   T63] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   81.842642][   T63] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   81.847580][   T63] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   81.854137][   T63] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   81.858068][   T63] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   81.860989][   T63] usb 8-1: Product: syz
[   81.862656][   T63] usb 8-1: Manufacturer: syz
[   81.872866][   T63] cdc_wdm 8-1:1.0: skipping garbage
[   81.876663][   T63] cdc_wdm 8-1:1.0: skipping garbage
[   81.879554][   T63] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[   82.090121][   T35] usb 8-1: USB disconnect, device number 7
[   82.213472][ T6703] ceph: No mds server is up or the cluster is laggy
[   82.227849][ T6707] fuse: Unknown parameter '0x0000000000000008'
[   82.371494][ T6710] netlink: 20 bytes leftover after parsing attributes in process `syz.0.192'.
[   82.375169][ T6710] openvswitch: netlink: Flow actions attr not present in new flow.
[   82.724453][   T35] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[   82.727383][ T6713] bond0: option ad_select: unable to set because the bond device is up
[   82.730204][ T6713] netlink: 'syz.2.193': attribute type 10 has an invalid length.
[   82.732289][ T6713] netlink: 40 bytes leftover after parsing attributes in process `syz.2.193'.
[   82.735006][ T6713] batadv0: entered promiscuous mode
[   82.736597][ T6713] batadv0: entered allmulticast mode
[   82.738561][ T6713] bridge0: port 3(batadv0) entered blocking state
[   82.740443][ T6713] bridge0: port 3(batadv0) entered disabled state
[   82.743220][ T6713] bridge0: port 3(batadv0) entered blocking state
[   82.745323][ T6713] bridge0: port 3(batadv0) entered forwarding state
[   82.885787][   T35] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   82.888907][   T35] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   82.891877][   T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   82.894553][   T35] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   82.900479][   T35] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   82.903023][   T35] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   82.906087][   T35] usb 8-1: Product: syz
[   82.907490][   T35] usb 8-1: Manufacturer: syz
[   82.912211][   T35] cdc_wdm 8-1:1.0: skipping garbage
[   82.913766][   T35] cdc_wdm 8-1:1.0: skipping garbage
[   82.915369][   T35] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[   83.146272][  T834] usb 8-1: USB disconnect, device number 8
[   83.197639][   T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   83.201590][   T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   83.302112][ T6720] netlink: 88 bytes leftover after parsing attributes in process `syz.1.195'.
[   83.354152][ T6722] netlink: 20 bytes leftover after parsing attributes in process `syz.2.196'.
[   83.357918][ T6722] openvswitch: netlink: Flow actions attr not present in new flow.
[   83.885918][ T5954] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   83.888641][ T5954] Bluetooth: hci2: Injecting HCI hardware error event
[   83.892279][ T5959] Bluetooth: hci2: hardware error 0x00
[   84.251720][ T6737] netlink: 'syz.1.199': attribute type 1 has an invalid length.
[   84.253974][ T6737] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   84.764395][ T5954] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   84.767140][ T5954] Bluetooth: hci3: Injecting HCI hardware error event
[   84.770185][ T5954] Bluetooth: hci3: hardware error 0x00
[   84.869020][ T6773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.208'.
[   84.871617][ T6773] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.873832][ T6773] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.879926][ T6773] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.882560][ T6773] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.894076][ T6775] netlink: 88 bytes leftover after parsing attributes in process `syz.2.207'.
[   85.014556][   T63] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   85.166766][   T63] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   85.169722][   T63] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   85.172627][   T63] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   85.175843][   T63] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   85.182739][   T63] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   85.185861][   T63] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   85.188186][   T63] usb 5-1: Product: syz
[   85.189448][   T63] usb 5-1: Manufacturer: syz
[   85.194037][   T63] cdc_wdm 5-1:1.0: skipping garbage
[   85.196081][   T63] cdc_wdm 5-1:1.0: skipping garbage
[   85.197600][   T63] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[   85.394779][   T63] usb 5-1: USB disconnect, device number 5
[   85.680533][ T6789] netlink: 20 bytes leftover after parsing attributes in process `syz.3.211'.
[   85.683038][ T6789] openvswitch: netlink: Flow actions attr not present in new flow.
[   85.965648][ T5959] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   86.034448][   T63] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   86.186618][   T63] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   86.189354][   T63] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   86.192239][   T63] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   86.195322][   T63] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   86.200673][   T63] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   86.203375][   T63] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   86.206267][   T63] usb 5-1: Product: syz
[   86.207654][   T63] usb 5-1: Manufacturer: syz
[   86.213972][   T63] cdc_wdm 5-1:1.0: skipping garbage
[   86.216378][   T63] cdc_wdm 5-1:1.0: skipping garbage
[   86.218337][   T63] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[   86.420351][   T63] usb 5-1: USB disconnect, device number 6
[   86.625943][ T6812] netlink: 'syz.2.218': attribute type 1 has an invalid length.
[   86.628364][ T6812] netlink: 244 bytes leftover after parsing attributes in process `syz.2.218'.
[   86.828115][ T6820] netlink: 88 bytes leftover after parsing attributes in process `syz.2.220'.
[   86.844411][ T5954] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   87.382288][ T6814] wireguard0: entered promiscuous mode
[   87.383897][ T6814] wireguard0: entered allmulticast mode
[   87.749435][ T6830] netlink: 20 bytes leftover after parsing attributes in process `syz.1.223'.
[   87.960898][ T6834] netlink: 88 bytes leftover after parsing attributes in process `syz.2.224'.
[   87.990092][ T6834] netlink: 48 bytes leftover after parsing attributes in process `syz.2.224'.
[   88.130991][ T6852] vivid-001: =================  START STATUS  =================
[   88.134622][ T6852] vivid-001: Radio HW Seek Mode: Bounded
[   88.136834][ T6852] vivid-001: Radio Programmable HW Seek: false
[   88.138841][ T6852] vivid-001: RDS Rx I/O Mode: Block I/O
[   88.140514][ T6852] vivid-001: Generate RBDS Instead of RDS: false
[   88.142523][ T6852] vivid-001: RDS Reception: true
[   88.144097][ T6852] vivid-001: RDS Program Type: 0 inactive
[   88.146741][ T6852] vivid-001: RDS PS Name:  inactive
[   88.148412][ T6852] vivid-001: RDS Radio Text:  inactive
[   88.149975][ T6852] vivid-001: RDS Traffic Announcement: false inactive
[   88.151867][ T6852] vivid-001: RDS Traffic Program: false inactive
[   88.153696][ T6852] vivid-001: RDS Music: false inactive
[   88.155361][ T6852] vivid-001: ==================  END STATUS  ==================
[   88.358363][ T6861] FAULT_INJECTION: forcing a failure.
[   88.358363][ T6861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   88.362134][ T6861] CPU: 2 UID: 0 PID: 6861 Comm: syz.0.232 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[   88.362148][ T6861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.362155][ T6861] Call Trace:
[   88.362159][ T6861]  <TASK>
[   88.362164][ T6861]  dump_stack_lvl+0x16c/0x1f0
[   88.362181][ T6861]  should_fail_ex+0x50a/0x650
[   88.362201][ T6861]  _copy_from_user+0x2e/0xd0
[   88.362213][ T6861]  get_user_ifreq+0x190/0x250
[   88.362235][ T6861]  sock_ioctl+0x58c/0x6c0
[   88.362251][ T6861]  ? __pfx_sock_ioctl+0x10/0x10
[   88.362265][ T6861]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   88.362291][ T6861]  compat_sock_ioctl+0x619/0x7e0
[   88.362309][ T6861]  ? __pfx_compat_sock_ioctl+0x10/0x10
[   88.362330][ T6861]  ? __fget_files+0x206/0x3a0
[   88.362354][ T6861]  ? __pfx_compat_sock_ioctl+0x10/0x10
[   88.362370][ T6861]  __do_compat_sys_ioctl+0x1cb/0x2c0
[   88.362397][ T6861]  __do_fast_syscall_32+0x73/0x120
[   88.362417][ T6861]  do_fast_syscall_32+0x32/0x80
[   88.362434][ T6861]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   88.362459][ T6861] RIP: 0023:0xf746e579
[   88.362472][ T6861] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   88.362485][ T6861] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   88.362500][ T6861] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1
[   88.362510][ T6861] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[   88.362518][ T6861] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   88.362526][ T6861] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   88.362534][ T6861] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   88.362553][ T6861]  </TASK>
[   88.418696][    C2] vkms_vblank_simulate: vblank timer overrun
[   88.454102][ T6853] xt_hashlimit: invalid rate
[   88.480445][ T6868] netlink: 88 bytes leftover after parsing attributes in process `syz.3.231'.
[   89.460514][ T6884] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   89.462627][ T6884] IPv6: NLM_F_CREATE should be set when creating new route
[   89.701245][ T6906] netlink: 20 bytes leftover after parsing attributes in process `syz.3.243'.
[   89.705008][ T6906] openvswitch: netlink: Flow actions attr not present in new flow.
[   89.871050][ T6920] netlink: 88 bytes leftover after parsing attributes in process `syz.0.244'.
[   90.594326][   T39] kauditd_printk_skb: 8 callbacks suppressed
[   90.594344][   T39] audit: type=1804 audit(1739645984.712:42): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.248" name="/newroot/63/file0" dev="tmpfs" ino=350 res=1 errno=0
[   90.611681][   T39] audit: type=1804 audit(1739645984.732:43): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.248" name="/newroot/63/file0" dev="tmpfs" ino=350 res=1 errno=0
[   90.692515][ T6945] =======================================================
[   90.692515][ T6945] WARNING: The mand mount option has been deprecated and
[   90.692515][ T6945]          and is ignored by this kernel. Remove the mand
[   90.692515][ T6945]          option from the mount to silence this warning.
[   90.692515][ T6945] =======================================================
[   90.704576][ T6945] overlay: Unknown parameter 'subj_type'
[   91.770112][ T6965] can0: slcan on ttyS3.
[   91.877239][ T6965] netlink: 20 bytes leftover after parsing attributes in process `syz.1.256'.
[   92.394674][    T8] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[   92.424359][   T25] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   92.505478][ T6963] can0 (unregistered): slcan off ttyS3.
[   92.544618][ T6992] netlink: 88 bytes leftover after parsing attributes in process `syz.2.260'.
[   92.565985][    T8] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   92.569117][    T8] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   92.572022][    T8] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   92.575817][    T8] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   92.579620][   T25] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   92.580763][    T8] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   92.582080][   T25] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   92.585299][    T8] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   92.588263][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   92.589960][    T8] usb 8-1: Product: syz
[   92.589971][    T8] usb 8-1: Manufacturer: syz
[   92.592468][   T25] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   92.596400][    T8] cdc_wdm 8-1:1.0: skipping garbage
[   92.599939][   T25] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   92.600151][    T8] cdc_wdm 8-1:1.0: skipping garbage
[   92.602674][   T25] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   92.604102][    T8] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[   92.606427][   T25] usb 5-1: Product: syz
[   92.609920][   T25] usb 5-1: Manufacturer: syz
[   92.616110][   T25] cdc_wdm 5-1:1.0: skipping garbage
[   92.617633][   T25] cdc_wdm 5-1:1.0: skipping garbage
[   92.619048][   T25] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[   92.806535][   T25] usb 8-1: USB disconnect, device number 9
[   92.820333][  T834] usb 5-1: USB disconnect, device number 7
[   93.445575][  T835] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[   93.494458][    T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   93.596973][  T835] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   93.599677][  T835] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   93.602812][  T835] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   93.605815][  T835] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   93.612332][  T835] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   93.617902][  T835] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   93.620423][  T835] usb 8-1: Product: syz
[   93.621710][  T835] usb 8-1: Manufacturer: syz
[   93.628681][  T835] cdc_wdm 8-1:1.0: skipping garbage
[   93.632067][  T835] cdc_wdm 8-1:1.0: skipping garbage
[   93.636053][  T835] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[   93.840594][   T25] usb 8-1: USB disconnect, device number 10
[   94.059921][    T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   94.062643][    T8] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[   94.065644][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   94.068378][    T8] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   94.076239][    T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   94.079271][    T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   94.081670][    T8] usb 5-1: Product: syz
[   94.082945][    T8] usb 5-1: Manufacturer: syz
[   94.092147][    T8] cdc_wdm 5-1:1.0: skipping garbage
[   94.093872][    T8] cdc_wdm 5-1:1.0: skipping garbage
[   94.096813][    T8] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[   94.143860][   T39] audit: type=1804 audit(1739645988.262:44): pid=7014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.266" name="/newroot/69/file0" dev="tmpfs" ino=377 res=1 errno=0
[   94.149104][ T7014] netlink: 24 bytes leftover after parsing attributes in process `syz.2.266'.
[   94.199733][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'.
[   94.254100][   T39] audit: type=1804 audit(1739645988.372:45): pid=7015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.266" name="/newroot/69/file0" dev="tmpfs" ino=377 res=1 errno=0
[   94.313243][ T5994] usb 5-1: USB disconnect, device number 8
[   94.338490][ T7017] netlink: 20 bytes leftover after parsing attributes in process `syz.2.267'.
[   94.341066][ T7017] openvswitch: netlink: Flow actions attr not present in new flow.
[   94.386615][ T7019] netlink: 20 bytes leftover after parsing attributes in process `syz.3.268'.
[   94.389169][ T7019] openvswitch: netlink: Flow actions attr not present in new flow.
[   94.604525][ T5954] Bluetooth: hci0: command tx timeout
[   95.318185][ T7045] netlink: 20 bytes leftover after parsing attributes in process `syz.3.273'.
[   95.320663][ T7045] openvswitch: netlink: Flow actions attr not present in new flow.
[   95.435027][ T7053] netlink: 88 bytes leftover after parsing attributes in process `syz.0.272'.
[   96.174764][ T7038] netlink: 'syz.2.270': attribute type 5 has an invalid length.
[   96.179672][ T7070] xt_hashlimit: invalid interval
[   96.186762][ T7070] overlayfs: conflicting lowerdir path
[   96.308910][ T7078] netlink: 20 bytes leftover after parsing attributes in process `syz.1.278'.
[   96.311458][ T7078] openvswitch: netlink: Flow actions attr not present in new flow.
[   96.484429][ T7081] netlink: 'syz.3.276': attribute type 5 has an invalid length.
[   97.192135][   T39] audit: type=1804 audit(1739645991.312:46): pid=7089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.280" name="/newroot/67/file0" dev="tmpfs" ino=375 res=1 errno=0
[   97.198277][   T39] audit: type=1804 audit(1739645991.322:47): pid=7089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.280" name="/newroot/67/file0" dev="tmpfs" ino=375 res=1 errno=0
[   97.207274][ T7089] FAULT_INJECTION: forcing a failure.
[   97.207274][ T7089] name failslab, interval 1, probability 0, space 0, times 0
[   97.210915][ T7089] CPU: 2 UID: 0 PID: 7089 Comm: syz.3.280 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[   97.210931][ T7089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.210938][ T7089] Call Trace:
[   97.210942][ T7089]  <TASK>
[   97.210947][ T7089]  dump_stack_lvl+0x16c/0x1f0
[   97.210966][ T7089]  should_fail_ex+0x50a/0x650
[   97.210984][ T7089]  ? fs_reclaim_acquire+0xae/0x150
[   97.211000][ T7089]  should_failslab+0xc2/0x120
[   97.211019][ T7089]  kmem_cache_alloc_noprof+0x6e/0x3d0
[   97.211035][ T7089]  ? hlock_conflict+0x58/0x200
[   97.211048][ T7089]  ? ptlock_alloc+0x1f/0x70
[   97.211066][ T7089]  ptlock_alloc+0x1f/0x70
[   97.211082][ T7089]  pte_alloc_one+0x74/0x390
[   97.211131][ T7089]  do_pte_missing+0x1aff/0x3e10
[   97.211148][ T7089]  ? __pfx_lock_release+0x10/0x10
[   97.211166][ T7089]  __handle_mm_fault+0x1166/0x2c60
[   97.211187][ T7089]  ? __pfx___handle_mm_fault+0x10/0x10
[   97.211215][ T7089]  handle_mm_fault+0x3fa/0xaa0
[   97.211234][ T7089]  __get_user_pages+0x773/0x36f0
[   97.211256][ T7089]  ? __pfx___get_user_pages+0x10/0x10
[   97.211277][ T7089]  get_user_pages_remote+0x25e/0xb30
[   97.211296][ T7089]  ? __pfx_get_user_pages_remote+0x10/0x10
[   97.211318][ T7089]  ? prepare_uprobe+0x376/0x4d0
[   97.211332][ T7089]  ? __pfx_lock_release+0x10/0x10
[   97.211349][ T7089]  uprobe_write_opcode+0x111/0xec0
[   97.211367][ T7089]  ? __pfx_uprobe_write_opcode+0x10/0x10
[   97.211383][ T7089]  ? prepare_uprobe+0x7b/0x4d0
[   97.211401][ T7089]  install_breakpoint.part.0+0xf8/0x140
[   97.211417][ T7089]  register_for_each_vma+0xa82/0xe00
[   97.211439][ T7089]  uprobe_register+0x800/0xb40
[   97.211457][ T7089]  bpf_uprobe_multi_link_attach+0x8ec/0x1070
[   97.211480][ T7089]  ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10
[   97.211501][ T7089]  ? fput+0x67/0x440
[   97.211510][ T7089]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   97.211530][ T7089]  __sys_bpf+0x3c62/0x49c0
[   97.211547][ T7089]  ? __pfx_lock_release+0x10/0x10
[   97.211563][ T7089]  ? __pfx___sys_bpf+0x10/0x10
[   97.211578][ T7089]  ? vfs_write+0x306/0x1150
[   97.211596][ T7089]  ? __mutex_unlock_slowpath+0x164/0x6a0
[   97.211618][ T7089]  ? fput+0x67/0x440
[   97.211628][ T7089]  ? ksys_write+0x1ba/0x250
[   97.211642][ T7089]  ? __pfx_ksys_write+0x10/0x10
[   97.211659][ T7089]  __ia32_sys_bpf+0x76/0xe0
[   97.211677][ T7089]  __do_fast_syscall_32+0x73/0x120
[   97.211691][ T7089]  do_fast_syscall_32+0x32/0x80
[   97.211704][ T7089]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.211723][ T7089] RIP: 0023:0xf7f44579
[   97.211732][ T7089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   97.211742][ T7089] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[   97.211752][ T7089] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00000000800005c0
[   97.211758][ T7089] RDX: 000000000000003c RSI: 0000000000000000 RDI: 0000000000000000
[   97.211764][ T7089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.211770][ T7089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   97.211775][ T7089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.211788][ T7089]  </TASK>
[   97.403241][ T7092] loop9: detected capacity change from 0 to 8
[   97.419136][ T7092]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[   97.421036][ T7092] loop9: partition table partially beyond EOD, truncated
[   97.435253][ T7092] loop9: p1 size 81768186 extends beyond EOD, truncated
[   97.497999][ T7097] fuse: blksize only supported for fuseblk
[   97.503362][ T7097] netlink: 'syz.1.282': attribute type 10 has an invalid length.
[   97.515347][ T7097] batman_adv: batadv0: Adding interface: team0
[   97.517284][ T7097] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.524367][ T7097] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   97.529755][ T7097] netlink: 'syz.1.282': attribute type 10 has an invalid length.
[   97.531870][ T7097] netlink: 2 bytes leftover after parsing attributes in process `syz.1.282'.
[   97.535980][ T7097] team0: entered promiscuous mode
[   97.537440][ T7097] team_slave_0: entered promiscuous mode
[   97.539202][ T7097] team_slave_1: entered promiscuous mode
[   97.541690][ T7097] 8021q: adding VLAN 0 to HW filter on device team0
[   97.546666][ T7097] batman_adv: batadv0: Interface activated: team0
[   97.548557][ T7097] batman_adv: batadv0: Interface deactivated: team0
[   97.550417][ T7097] batman_adv: batadv0: Removing interface: team0
[   97.554666][ T7097] bridge0: port 3(team0) entered blocking state
[   97.556882][ T7097] bridge0: port 3(team0) entered disabled state
[   97.559940][ T7097] team0: entered allmulticast mode
[   97.561678][ T7097] team_slave_0: entered allmulticast mode
[   97.563405][ T7097] team_slave_1: entered allmulticast mode
[   97.573990][ T7097] bridge0: port 3(team0) entered blocking state
[   97.575955][ T7097] bridge0: port 3(team0) entered forwarding state
[   97.644230][ T7100] netfs: Couldn't get user pages (rc=-14)
[   97.656294][ T7100] FAULT_INJECTION: forcing a failure.
[   97.656294][ T7100] name failslab, interval 1, probability 0, space 0, times 0
[   97.659947][ T7100] CPU: 0 UID: 0 PID: 7100 Comm: syz.3.283 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[   97.659964][ T7100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.659971][ T7100] Call Trace:
[   97.659975][ T7100]  <TASK>
[   97.659980][ T7100]  dump_stack_lvl+0x16c/0x1f0
[   97.659998][ T7100]  should_fail_ex+0x50a/0x650
[   97.660015][ T7100]  ? fs_reclaim_acquire+0xae/0x150
[   97.660031][ T7100]  ? netfs_folioq_alloc+0x86/0x3c0
[   97.660045][ T7100]  should_failslab+0xc2/0x120
[   97.660064][ T7100]  __kmalloc_cache_noprof+0x68/0x410
[   97.660078][ T7100]  ? netfs_alloc_request+0x738/0xbc0
[   97.660093][ T7100]  netfs_folioq_alloc+0x86/0x3c0
[   97.660109][ T7100]  rolling_buffer_init+0x26/0xb0
[   97.660125][ T7100]  netfs_create_write_req+0x106/0x870
[   97.660141][ T7100]  ? __pfx_netfs_writepages+0x10/0x10
[   97.660158][ T7100]  netfs_writepages+0x1d4/0x8f0
[   97.660177][ T7100]  ? __pfx_netfs_writepages+0x10/0x10
[   97.660194][ T7100]  ? __pfx___lock_acquire+0x10/0x10
[   97.660212][ T7100]  ? __pfx_netfs_writepages+0x10/0x10
[   97.660229][ T7100]  do_writepages+0x1b3/0x820
[   97.660240][ T7100]  ? find_held_lock+0x2d/0x110
[   97.660253][ T7100]  ? __pfx_do_writepages+0x10/0x10
[   97.660263][ T7100]  ? wbc_attach_fdatawrite_inode+0x13a/0x190
[   97.660275][ T7100]  ? __pfx_lock_release+0x10/0x10
[   97.660290][ T7100]  ? do_raw_spin_lock+0x12d/0x2c0
[   97.660307][ T7100]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   97.660325][ T7100]  ? lock_acquire+0x2f/0xb0
[   97.660338][ T7100]  ? wbc_attach_fdatawrite_inode+0x24/0x190
[   97.660350][ T7100]  ? do_raw_spin_unlock+0x172/0x230
[   97.660360][ T7100]  ? _raw_spin_unlock+0x28/0x50
[   97.660372][ T7100]  filemap_fdatawrite_wbc+0x104/0x160
[   97.660384][ T7100]  __filemap_fdatawrite_range+0xb3/0xf0
[   97.660398][ T7100]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[   97.660428][ T7100]  ? inode_newsize_ok+0x13b/0x200
[   97.660461][ T7100]  ? setattr_prepare+0x140/0x9a0
[   97.660473][ T7100]  ? mark_held_locks+0x9f/0xe0
[   97.660489][ T7100]  v9fs_vfs_setattr_dotl+0x8a0/0xc00
[   97.660510][ T7100]  ? __pfx_v9fs_vfs_setattr_dotl+0x10/0x10
[   97.660529][ T7100]  ? evm_inode_setattr+0x65/0x680
[   97.660545][ T7100]  ? __pfx_make_vfsgid+0x10/0x10
[   97.660559][ T7100]  ? __pfx_v9fs_vfs_setattr_dotl+0x10/0x10
[   97.660576][ T7100]  notify_change+0x6a6/0x1230
[   97.660593][ T7100]  do_truncate+0x15c/0x220
[   97.660613][ T7100]  ? __pfx_do_truncate+0x10/0x10
[   97.660628][ T7100]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   97.660648][ T7100]  ? do_sys_ftruncate+0x61/0xb0
[   97.660667][ T7100]  do_ftruncate+0x5a8/0x960
[   97.660683][ T7100]  ? __pfx_do_ftruncate+0x10/0x10
[   97.660698][ T7100]  ? __fget_files+0x206/0x3a0
[   97.660717][ T7100]  do_sys_ftruncate+0x61/0xb0
[   97.660734][ T7100]  __do_fast_syscall_32+0x73/0x120
[   97.660748][ T7100]  do_fast_syscall_32+0x32/0x80
[   97.660761][ T7100]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.660780][ T7100] RIP: 0023:0xf7f44579
[   97.660789][ T7100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   97.660799][ T7100] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 000000000000005d
[   97.660810][ T7100] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000c17c
[   97.660816][ T7100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   97.660822][ T7100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.660828][ T7100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   97.660833][ T7100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.660846][ T7100]  </TASK>
[   97.835959][ T7108] netlink: 88 bytes leftover after parsing attributes in process `syz.0.285'.
[   97.890858][ T7112] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[   98.564737][ T7125] netlink: 20 bytes leftover after parsing attributes in process `syz.2.290'.
[   98.567226][ T7125] openvswitch: netlink: Flow actions attr not present in new flow.
[   99.589386][ T7144] netlink: 24 bytes leftover after parsing attributes in process `syz.2.295'.
[   99.610238][ T7144] evm: overlay not supported
[   99.664786][ T7152] overlayfs: failed to resolve './file1': -2
[  100.180982][ T7173] netlink: 20 bytes leftover after parsing attributes in process `syz.2.302'.
[  100.183541][ T7173] openvswitch: netlink: Flow actions attr not present in new flow.
[  100.840612][ T7184] ubi: mtd0 is already attached to ubi31
[  101.122878][ T7187] netfs: Couldn't get user pages (rc=-14)
[  101.236933][ T7195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.308'.
[  101.416719][ T7204] netlink: 88 bytes leftover after parsing attributes in process `syz.1.309'.
[  102.263005][ T7245] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  102.368811][ T7248] FAULT_INJECTION: forcing a failure.
[  102.368811][ T7248] name failslab, interval 1, probability 0, space 0, times 0
[  102.373556][ T7248] CPU: 3 UID: 0 PID: 7248 Comm: syz.1.317 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  102.373579][ T7248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.373589][ T7248] Call Trace:
[  102.373595][ T7248]  <TASK>
[  102.373602][ T7248]  dump_stack_lvl+0x16c/0x1f0
[  102.373629][ T7248]  should_fail_ex+0x50a/0x650
[  102.373655][ T7248]  ? fs_reclaim_acquire+0xae/0x150
[  102.373678][ T7248]  ? tomoyo_realpath_from_path+0xb9/0x720
[  102.373701][ T7248]  should_failslab+0xc2/0x120
[  102.373728][ T7248]  __kmalloc_noprof+0xcb/0x510
[  102.373753][ T7248]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  102.373778][ T7248]  ? rcu_is_watching+0x12/0xc0
[  102.373798][ T7248]  tomoyo_realpath_from_path+0xb9/0x720
[  102.373829][ T7248]  tomoyo_check_open_permission+0x2ad/0x3c0
[  102.373849][ T7248]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  102.373879][ T7248]  ? __pfx___lock_acquire+0x10/0x10
[  102.373916][ T7248]  ? __pfx_hook_file_open+0x10/0x10
[  102.373937][ T7248]  ? lock_acquire+0x2f/0xb0
[  102.373962][ T7248]  tomoyo_file_open+0x6b/0x90
[  102.373988][ T7248]  security_file_open+0x84/0x1e0
[  102.374010][ T7248]  do_dentry_open+0x57c/0x1c40
[  102.374036][ T7248]  ? inode_permission+0xdd/0x5f0
[  102.374057][ T7248]  vfs_open+0x82/0x3f0
[  102.374072][ T7248]  ? may_open+0x1f2/0x400
[  102.374093][ T7248]  path_openat+0x1e88/0x2d80
[  102.374128][ T7248]  ? __pfx_path_openat+0x10/0x10
[  102.374152][ T7248]  ? __pfx___lock_acquire+0x10/0x10
[  102.374173][ T7248]  ? lock_acquire.part.0+0x11b/0x380
[  102.374195][ T7248]  ? find_held_lock+0x2d/0x110
[  102.374215][ T7248]  do_filp_open+0x20c/0x470
[  102.374254][ T7248]  ? __pfx_do_filp_open+0x10/0x10
[  102.374278][ T7248]  ? find_held_lock+0x2d/0x110
[  102.374311][ T7248]  ? _raw_spin_unlock+0x28/0x50
[  102.374334][ T7248]  ? alloc_fd+0x41f/0x760
[  102.374365][ T7248]  do_sys_openat2+0x17a/0x1e0
[  102.374382][ T7248]  ? __pfx_do_sys_openat2+0x10/0x10
[  102.374402][ T7248]  ? __fget_files+0x206/0x3a0
[  102.374430][ T7248]  __ia32_compat_sys_open+0x147/0x1e0
[  102.374449][ T7248]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  102.374474][ T7248]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  102.374498][ T7248]  __do_fast_syscall_32+0x73/0x120
[  102.374519][ T7248]  do_fast_syscall_32+0x32/0x80
[  102.374539][ T7248]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  102.374565][ T7248] RIP: 0023:0xf7f81579
[  102.374578][ T7248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  102.374593][ T7248] RSP: 002b:00000000f508555c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  102.374610][ T7248] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000000000000
[  102.374620][ T7248] RDX: 00000000000000a9 RSI: 0000000000000000 RDI: 0000000000000000
[  102.374630][ T7248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  102.374639][ T7248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  102.374649][ T7248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  102.374672][ T7248]  </TASK>
[  102.463170][    C3] vkms_vblank_simulate: vblank timer overrun
[  102.465402][ T7248] ERROR: Out of memory at tomoyo_realpath_from_path.
[  102.874566][    T8] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  102.944166][ T7267] netlink: 88 bytes leftover after parsing attributes in process `syz.0.324'.
[  103.046537][    T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  103.049528][    T8] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  103.054611][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  103.061537][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  103.069941][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  103.076797][    T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  103.080005][    T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  103.081871][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  103.082318][    T8] usb 6-1: Product: syz
[  103.086911][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  103.088340][    T8] usb 6-1: Manufacturer: syz
[  103.101204][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  103.103857][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  103.108552][    T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  103.110499][    T8] cdc_wdm 6-1:1.0: Unknown control protocol
[  103.121123][ T7269] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.325' resets device
[  103.358474][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  103.360180][  T836] usb 6-1: USB disconnect, device number 6
[  103.360852][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  103.365104][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  103.478074][ T7276] netlink: 20 bytes leftover after parsing attributes in process `syz.1.323'.
[  103.581897][ T7279] nfs4: Unknown parameter 'ÿÿ'
[  103.588788][ T7279] fuse: Unknown parameter '0x0000000000000006'
[  104.066867][   T30] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  104.218513][   T30] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  104.221065][   T30] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  104.223895][   T30] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  104.226548][   T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  104.229616][   T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  104.233875][   T30] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  104.237679][   T30] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  104.239888][   T30] usb 5-1: Product: syz
[  104.241058][   T30] usb 5-1: Manufacturer: syz
[  104.244962][   T30] cdc_wdm 5-1:1.0: skipping garbage
[  104.246499][   T30] cdc_wdm 5-1:1.0: skipping garbage
[  104.248794][   T30] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  104.250507][   T30] cdc_wdm 5-1:1.0: Unknown control protocol
[  104.501327][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.503167][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.506871][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.508734][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.510611][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.512416][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.514594][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.516441][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.518368][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.520185][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.521975][ T1018] usb 5-1: USB disconnect, device number 9
[  104.523660][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  104.523675][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  104.523682][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  106.218836][ T7351] fuse: Bad value for 'fd'
[  106.302938][ T7356] netlink: 88 bytes leftover after parsing attributes in process `syz.3.338'.
[  106.467565][ T7359] bridge0: port 4(hsr_slave_1) entered blocking state
[  106.469772][ T7359] bridge0: port 4(hsr_slave_1) entered disabled state
[  106.472510][ T7359] hsr_slave_1: entered allmulticast mode
[  106.478520][ T7359] hsr_slave_1: left allmulticast mode
[  106.846906][ T7363] netlink: 20 bytes leftover after parsing attributes in process `syz.0.341'.
[  106.850189][ T7363] openvswitch: netlink: Flow actions attr not present in new flow.
[  108.845297][  T836] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  109.006177][  T836] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  109.009539][  T836] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  109.014071][  T836] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  109.017037][  T836] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  109.020189][  T836] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  109.025162][  T836] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  109.027824][  T836] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  109.029915][  T836] usb 7-1: Product: syz
[  109.031062][  T836] usb 7-1: Manufacturer: syz
[  109.042728][  T836] cdc_wdm 7-1:1.0: skipping garbage
[  109.044217][  T836] cdc_wdm 7-1:1.0: skipping garbage
[  109.046738][  T836] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  109.048369][  T836] cdc_wdm 7-1:1.0: Unknown control protocol
[  109.068382][ T7398] netlink: 88 bytes leftover after parsing attributes in process `syz.1.350'.
[  109.300613][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  109.300978][   T30] usb 7-1: USB disconnect, device number 5
[  109.302465][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  109.306332][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  109.309862][    C3] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?
[  110.587298][ T7424] netlink: 44 bytes leftover after parsing attributes in process `syz.3.358'.
[  110.916975][ T7433] usb usb4: usbfs: process 7433 (syz.0.361) did not claim interface 0 before use
[  111.712455][ T7441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.365'.
[  111.895666][ T7450] FAULT_INJECTION: forcing a failure.
[  111.895666][ T7450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.904905][ T7450] CPU: 2 UID: 0 PID: 7450 Comm: syz.2.364 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  111.904934][ T7450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.904943][ T7450] Call Trace:
[  111.904949][ T7450]  <TASK>
[  111.904956][ T7450]  dump_stack_lvl+0x16c/0x1f0
[  111.904982][ T7450]  should_fail_ex+0x50a/0x650
[  111.905012][ T7450]  _copy_from_user+0x2e/0xd0
[  111.905031][ T7450]  get_compat_msghdr+0xa8/0x170
[  111.905050][ T7450]  ? __pfx_get_compat_msghdr+0x10/0x10
[  111.905076][ T7450]  ___sys_sendmsg+0x1b0/0x1e0
[  111.905101][ T7450]  ? __pfx____sys_sendmsg+0x10/0x10
[  111.905133][ T7450]  ? __pfx_lock_release+0x10/0x10
[  111.905156][ T7450]  ? trace_lock_acquire+0x14e/0x1f0
[  111.905201][ T7450]  ? __fget_files+0x206/0x3a0
[  111.905230][ T7450]  __sys_sendmsg+0x16e/0x220
[  111.905252][ T7450]  ? __pfx___sys_sendmsg+0x10/0x10
[  111.905299][ T7450]  __do_fast_syscall_32+0x73/0x120
[  111.905321][ T7450]  do_fast_syscall_32+0x32/0x80
[  111.905340][ T7450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  111.905367][ T7450] RIP: 0023:0xf73ae579
[  111.905380][ T7450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  111.905395][ T7450] RSP: 002b:00000000f4fdb55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  111.905412][ T7450] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000200
[  111.905421][ T7450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  111.905431][ T7450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  111.905440][ T7450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  111.905449][ T7450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  111.905468][ T7450]  </TASK>
[  114.004970][ T7492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.373'.
[  114.008579][ T7492] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  114.021417][ T7492] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  114.023898][ T7492] overlayfs: missing 'lowerdir'
[  114.091253][ T7507] netlink: 20 bytes leftover after parsing attributes in process `syz.3.376'.
[  114.093868][ T7507] openvswitch: netlink: Flow actions attr not present in new flow.
[  114.099958][ T7510] netlink: 20 bytes leftover after parsing attributes in process `syz.0.377'.
[  114.102806][ T7510] openvswitch: netlink: Flow actions attr not present in new flow.
[  115.080514][ T7532] fuse: Bad value for 'rootmode'
[  115.174405][   T67] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  115.227320][ T7534] ubi: mtd0 is already attached to ubi31
[  115.301075][ T7547] capability: warning: `syz.1.384' uses 32-bit capabilities (legacy support in use)
[  115.324488][   T67] usb 7-1: Using ep0 maxpacket: 8
[  115.332992][   T67] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  115.337187][   T67] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.340217][   T67] usb 7-1: Product: syz
[  115.341922][   T67] usb 7-1: Manufacturer: syz
[  115.343729][   T67] usb 7-1: SerialNumber: syz
[  115.568329][ T5954] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  115.570932][ T5954] Bluetooth: hci0: Injecting HCI hardware error event
[  115.575549][ T5959] Bluetooth: hci0: hardware error 0x00
[  115.911522][   T39] audit: type=1804 audit(1739646010.032:48): pid=7563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.385" name="/newroot/96/bus/file0" dev="overlay" ino=541 res=1 errno=0
[  116.433902][   T67] cdc_ncm 7-1:1.0: bind() failure
[  116.437696][   T67] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  116.439712][   T67] cdc_ncm 7-1:1.1: bind() failure
[  116.444099][   T67] usb 7-1: USB disconnect, device number 6
[  117.214409][  T836] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  117.367541][  T836] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  117.370920][  T836] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  117.375241][  T836] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  117.379079][  T836] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  117.385499][  T836] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  117.388948][  T836] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  117.392309][  T836] usb 7-1: Product: syz
[  117.393982][  T836] usb 7-1: Manufacturer: syz
[  117.399770][  T836] cdc_wdm 7-1:1.0: skipping garbage
[  117.402053][  T836] cdc_wdm 7-1:1.0: skipping garbage
[  117.404717][  T836] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  117.442300][ T7573] netlink: 20 bytes leftover after parsing attributes in process `syz.1.388'.
[  117.445180][ T7573] openvswitch: netlink: Flow actions attr not present in new flow.
[  117.621033][   T67] usb 7-1: USB disconnect, device number 7
[  117.654486][ T5959] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  118.338399][ T7578] 9pnet_fd: Insufficient options for proto=fd
[  118.634419][   T67] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  118.755383][ T7588] ubi: mtd0 is already attached to ubi31
[  118.797810][   T67] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  118.801504][   T67] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  118.818777][   T67] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  118.828923][   T67] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  118.850849][   T67] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  118.856729][   T67] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  118.862097][   T67] usb 5-1: Product: syz
[  118.863938][   T67] usb 5-1: Manufacturer: syz
[  118.871306][   T67] cdc_wdm 5-1:1.0: skipping garbage
[  118.874068][   T67] cdc_wdm 5-1:1.0: skipping garbage
[  118.878787][   T67] cdc_wdm 5-1:1.0: skipping garbage
[  118.881459][   T67] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  118.951950][ T7595] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  118.954889][ T7595] IPv6: NLM_F_CREATE should be set when creating new route
[  119.074965][   T67] usb 5-1: USB disconnect, device number 10
[  119.216024][ T7602] netlink: 20 bytes leftover after parsing attributes in process `syz.0.392'.
[  119.752182][ T7605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.397'.
[  120.461942][ T7630] ubi: mtd0 is already attached to ubi31
[  121.873837][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.404'.
[  122.188625][ T7652] FAULT_INJECTION: forcing a failure.
[  122.188625][ T7652] name failslab, interval 1, probability 0, space 0, times 0
[  122.195377][ T7652] CPU: 2 UID: 0 PID: 7652 Comm: syz.3.408 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  122.195402][ T7652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  122.195410][ T7652] Call Trace:
[  122.195414][ T7652]  <TASK>
[  122.195420][ T7652]  dump_stack_lvl+0x16c/0x1f0
[  122.195439][ T7652]  should_fail_ex+0x50a/0x650
[  122.195457][ T7652]  ? fs_reclaim_acquire+0xae/0x150
[  122.195472][ T7652]  ? resv_map_alloc+0x46/0x400
[  122.195483][ T7652]  should_failslab+0xc2/0x120
[  122.195501][ T7652]  __kmalloc_cache_noprof+0x68/0x410
[  122.195517][ T7652]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  122.195532][ T7652]  resv_map_alloc+0x46/0x400
[  122.195544][ T7652]  hugetlbfs_get_inode+0x343/0x740
[  122.195558][ T7652]  hugetlb_file_setup+0x15b/0x620
[  122.195570][ T7652]  ksys_mmap_pgoff+0x189/0x5c0
[  122.195586][ T7652]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  122.195601][ T7652]  __do_fast_syscall_32+0x73/0x120
[  122.195615][ T7652]  do_fast_syscall_32+0x32/0x80
[  122.195628][ T7652]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  122.195647][ T7652] RIP: 0023:0xf7f44579
[  122.195656][ T7652] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  122.195667][ T7652] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  122.195678][ T7652] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000
[  122.195685][ T7652] RDX: 0000000000000004 RSI: 000000000005c831 RDI: 00000000ffffffff
[  122.195691][ T7652] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  122.195697][ T7652] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  122.195703][ T7652] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  122.195715][ T7652]  </TASK>
[  122.196526][ T7652] ax25_connect(): syz.3.408 uses autobind, please contact jreuter@yaina.de
[  123.266060][ T7670] netlink: 20 bytes leftover after parsing attributes in process `syz.1.413'.
[  123.268782][ T7670] openvswitch: netlink: Flow actions attr not present in new flow.
[  123.291847][ T7667] ubi: mtd0 is already attached to ubi31
[  123.514506][  T835] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  123.667041][  T835] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  123.670608][  T835] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  123.674581][  T835] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  123.677261][  T835] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  123.680448][  T835] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64
[  123.686138][  T835] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  123.688707][  T835] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  123.690937][  T835] usb 8-1: Product: syz
[  123.692126][  T835] usb 8-1: Manufacturer: syz
[  123.695626][  T835] cdc_wdm 8-1:1.0: skipping garbage
[  123.697194][  T835] cdc_wdm 8-1:1.0: skipping garbage
[  123.698746][  T835] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  123.918253][  T835] usb 8-1: USB disconnect, device number 11
[  124.021705][ T7681] netlink: 20 bytes leftover after parsing attributes in process `syz.3.414'.
[  124.911522][   T39] audit: type=1804 audit(1739646018.932:49): pid=7692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.418" name="/newroot/109/bus/file0" dev="overlay" ino=618 res=1 errno=0
[  125.418491][ T7703] fuse: Unknown parameter ''
[  125.433481][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.420'.
[  125.437905][ T7703] 9pnet_fd: Insufficient options for proto=fd
[  125.989327][ T7709] netlink: 44 bytes leftover after parsing attributes in process `syz.1.422'.
[  125.992677][ T7709] netlink: 43 bytes leftover after parsing attributes in process `syz.1.422'.
[  125.995860][ T7709] netlink: 'syz.1.422': attribute type 6 has an invalid length.
[  125.998810][ T7709] netlink: 43 bytes leftover after parsing attributes in process `syz.1.422'.
[  126.100734][ T7713] netlink: 'syz.0.425': attribute type 1 has an invalid length.
[  126.103559][ T7713] netlink: 244 bytes leftover after parsing attributes in process `syz.0.425'.
[  126.111622][ T7715] netlink: 20 bytes leftover after parsing attributes in process `syz.1.424'.
[  126.115150][ T7715] openvswitch: netlink: Flow actions attr not present in new flow.
[  126.254351][  T835] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  126.328496][ T7722] libceph: resolve '.
[  126.328496][ T7722] #)|.زf͹Ç�²a×ïÅ2sˆoÖw¿úÕ?£'Ê%Ð�KAq‰f»�CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM�¤¨ìó¤h‡E$
[  126.328496][ T7722] ' (ret=-3): failed
[  126.406308][  T835] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  126.408834][  T835] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  126.411699][  T835] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  126.414385][  T835] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  126.417440][  T835] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  126.434770][  T835] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  126.437360][  T835] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  126.439612][  T835] usb 7-1: Product: syz
[  126.440779][  T835] usb 7-1: Manufacturer: syz
[  126.558091][ T7731] netlink: 'syz.0.427': attribute type 5 has an invalid length.
[  126.757670][  T835] cdc_wdm 7-1:1.0: skipping garbage
[  126.759681][  T835] cdc_wdm 7-1:1.0: skipping garbage
[  126.770978][  T835] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  126.773287][  T835] cdc_wdm 7-1:1.0: Unknown control protocol
[  127.027570][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.029863][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.032082][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.034327][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.036583][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.038587][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.040461][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.042316][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.044412][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.046338][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.048120][   T63] usb 7-1: USB disconnect, device number 8
[  127.049973][    C2] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  127.049987][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  127.049995][    C2] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  127.147509][ T7737] netlink: 20 bytes leftover after parsing attributes in process `syz.2.423'.
[  127.149662][ T7736] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  127.200326][ T7740] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  127.280541][ T7744] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  127.282682][ T7744] IPv6: NLM_F_CREATE should be set when creating new route
[  127.474370][ T1018] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  127.594526][   T63] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  127.627542][ T1018] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  127.630104][ T1018] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  127.633165][ T1018] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  127.635741][ T1018] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  127.640601][ T1018] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  127.643277][ T1018] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  127.645700][ T1018] usb 6-1: Product: syz
[  127.646895][ T1018] usb 6-1: Manufacturer: syz
[  127.650678][ T1018] cdc_wdm 6-1:1.0: skipping garbage
[  127.652162][ T1018] cdc_wdm 6-1:1.0: skipping garbage
[  127.653995][ T1018] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  127.755556][   T63] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  127.758048][   T63] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  127.760912][   T63] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  127.763376][   T63] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  127.766814][   T63] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64
[  127.771182][   T63] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  127.773649][   T63] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  127.776108][   T63] usb 5-1: Product: syz
[  127.777437][   T63] usb 5-1: Manufacturer: syz
[  127.784470][   T63] cdc_wdm 5-1:1.0: skipping garbage
[  127.785933][   T63] cdc_wdm 5-1:1.0: skipping garbage
[  127.787449][   T63] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  127.855391][ T1018] usb 6-1: USB disconnect, device number 7
[  127.989413][   T63] usb 5-1: USB disconnect, device number 11
[  128.096445][ T7754] netlink: 20 bytes leftover after parsing attributes in process `syz.0.436'.
[  128.383713][ T7762] netlink: 'syz.3.439': attribute type 1 has an invalid length.
[  128.386026][ T7762] netlink: 244 bytes leftover after parsing attributes in process `syz.3.439'.
[  128.494497][   T63] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  128.646111][   T63] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.646134][   T63] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  128.646144][   T63] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  128.646163][   T63] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  128.647563][   T63] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.647581][   T63] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.647591][   T63] usb 6-1: Product: syz
[  128.647599][   T63] usb 6-1: Manufacturer: syz
[  128.654219][   T63] cdc_wdm 6-1:1.0: skipping garbage
[  128.654392][   T63] cdc_wdm 6-1:1.0: skipping garbage
[  128.654417][   T63] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  128.857941][  T836] usb 6-1: USB disconnect, device number 8
[  129.509816][ T7791] netlink: 'syz.2.449': attribute type 1 has an invalid length.
[  129.513263][ T7791] netlink: 244 bytes leftover after parsing attributes in process `syz.2.449'.
[  129.573939][ T7780] syz.3.446 (7780): drop_caches: 2
[  129.794331][  T835] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  129.965897][  T835] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  129.968336][  T835] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  129.971040][  T835] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  129.973656][  T835] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  129.977104][  T835] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  129.981296][  T835] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  129.983795][  T835] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  129.985976][  T835] usb 7-1: Product: syz
[  129.987078][  T835] usb 7-1: Manufacturer: syz
[  129.990577][  T835] cdc_wdm 7-1:1.0: skipping garbage
[  129.992001][  T835] cdc_wdm 7-1:1.0: skipping garbage
[  129.994066][  T835] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  129.996333][  T835] cdc_wdm 7-1:1.0: Unknown control protocol
[  130.247468][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  130.249835][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  130.252184][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  130.254493][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  130.256921][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  130.259061][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  130.261518][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  130.264030][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  130.266983][  T835] usb 7-1: USB disconnect, device number 9
[  130.269312][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  130.692286][ T1018] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  130.822471][   T35] libceph: connect (1)[c::]:6789 error -13
[  130.826130][   T35] libceph: mon0 (1)[c::]:6789 connect error
[  130.856028][ T1018] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  130.859826][ T1018] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  130.862740][ T1018] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  130.865473][ T1018] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  130.873343][ T1018] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  130.876210][ T1018] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  130.878425][ T1018] usb 5-1: Product: syz
[  130.879611][ T1018] usb 5-1: Manufacturer: syz
[  130.886978][ T1018] cdc_wdm 5-1:1.0: skipping garbage
[  130.888566][ T1018] cdc_wdm 5-1:1.0: skipping garbage
[  130.890080][ T1018] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  130.911941][ T7812] ceph: No mds server is up or the cluster is laggy
[  131.089350][ T1018] usb 5-1: USB disconnect, device number 12
[  131.168033][ T7820] FAULT_INJECTION: forcing a failure.
[  131.168033][ T7820] name failslab, interval 1, probability 0, space 0, times 0
[  131.171498][ T7820] CPU: 1 UID: 0 PID: 7820 Comm: syz.3.455 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  131.171524][ T7820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  131.171531][ T7820] Call Trace:
[  131.171535][ T7820]  <TASK>
[  131.171541][ T7820]  dump_stack_lvl+0x16c/0x1f0
[  131.171559][ T7820]  should_fail_ex+0x50a/0x650
[  131.171577][ T7820]  ? fs_reclaim_acquire+0xae/0x150
[  131.171592][ T7820]  should_failslab+0xc2/0x120
[  131.171610][ T7820]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  131.171628][ T7820]  ? __alloc_skb+0x2b1/0x380
[  131.171644][ T7820]  __alloc_skb+0x2b1/0x380
[  131.171657][ T7820]  ? __pfx___alloc_skb+0x10/0x10
[  131.171672][ T7820]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  131.171689][ T7820]  netlink_alloc_large_skb+0x69/0x130
[  131.171704][ T7820]  netlink_sendmsg+0x689/0xd70
[  131.171720][ T7820]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.171738][ T7820]  ____sys_sendmsg+0xaaf/0xc90
[  131.171750][ T7820]  ? __pfx_____sys_sendmsg+0x10/0x10
[  131.171761][ T7820]  ? get_compat_msghdr+0x11b/0x170
[  131.171778][ T7820]  ___sys_sendmsg+0x135/0x1e0
[  131.171793][ T7820]  ? __pfx____sys_sendmsg+0x10/0x10
[  131.171813][ T7820]  ? __pfx_lock_release+0x10/0x10
[  131.171829][ T7820]  ? trace_lock_acquire+0x14e/0x1f0
[  131.171846][ T7820]  ? __fget_files+0x206/0x3a0
[  131.171865][ T7820]  __sys_sendmsg+0x16e/0x220
[  131.171880][ T7820]  ? __pfx___sys_sendmsg+0x10/0x10
[  131.171903][ T7820]  __do_fast_syscall_32+0x73/0x120
[  131.171918][ T7820]  do_fast_syscall_32+0x32/0x80
[  131.171931][ T7820]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  131.171950][ T7820] RIP: 0023:0xf7f44579
[  131.171963][ T7820] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  131.171974][ T7820] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  131.171984][ T7820] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000080
[  131.171991][ T7820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  131.171997][ T7820] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  131.172003][ T7820] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  131.172009][ T7820] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  131.172022][ T7820]  </TASK>
[  131.601947][ T7828] netlink: 'syz.1.458': attribute type 1 has an invalid length.
[  131.604121][ T7828] __nla_validate_parse: 1 callbacks suppressed
[  131.604130][ T7828] netlink: 244 bytes leftover after parsing attributes in process `syz.1.458'.
[  131.768326][  T836] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  131.916338][  T836] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  131.918744][  T836] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  131.921408][  T836] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  131.923763][  T836] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  131.929782][  T836] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  131.932299][  T836] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  131.934911][  T836] usb 5-1: Product: syz
[  131.936097][  T836] usb 5-1: Manufacturer: syz
[  131.940031][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  131.941491][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  131.942904][  T836] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  132.134361][   T63] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  132.144867][  T836] usb 5-1: USB disconnect, device number 13
[  132.297729][   T63] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  132.300198][   T63] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  132.303031][   T63] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  132.305790][   T63] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  132.309052][   T63] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64
[  132.313690][   T63] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  132.316675][   T63] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  132.319478][   T63] usb 8-1: Product: syz
[  132.320645][   T63] usb 8-1: Manufacturer: syz
[  132.326693][   T63] cdc_wdm 8-1:1.0: skipping garbage
[  132.328323][   T63] cdc_wdm 8-1:1.0: skipping garbage
[  132.329817][   T63] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  132.526234][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  132.528072][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  132.530201][   T35] usb 8-1: USB disconnect, device number 12
[  132.641157][ T7843] netlink: 20 bytes leftover after parsing attributes in process `syz.3.461'.
[  132.865878][ T7849] lo speed is unknown, defaulting to 1000
[  132.869954][ T7849] lo speed is unknown, defaulting to 1000
[  132.873477][ T7849] lo speed is unknown, defaulting to 1000
[  132.933831][ T7850] lo speed is unknown, defaulting to 1000
[  132.939376][ T7850] lo speed is unknown, defaulting to 1000
[  132.950549][ T7850] lo speed is unknown, defaulting to 1000
[  132.980571][ T7850] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  132.998297][ T7850] infiniband syú2: RDMA CMA: cma_listen_on_dev, error -98
[  133.085567][ T7850] lo speed is unknown, defaulting to 1000
[  133.089587][ T7850] lo speed is unknown, defaulting to 1000
[  133.091770][ T7850] lo speed is unknown, defaulting to 1000
[  133.093904][ T7850] lo speed is unknown, defaulting to 1000
[  133.102202][  T834] lo speed is unknown, defaulting to 1000
[  133.105488][ T7849] infiniband s
z1: set active
[  133.107308][ T7849] infiniband s
z1: added lo
[  133.231723][ T7849] RDS/IB: s
z1: added
[  133.236400][ T7849] smc: adding ib device s
z1 with port count 1
[  133.238413][ T7849] smc:    ib device s
z1 port 1 has pnetid 
[  133.242760][  T834] lo speed is unknown, defaulting to 1000
[  133.255739][ T7849] lo speed is unknown, defaulting to 1000
[  133.704509][ T7849] lo speed is unknown, defaulting to 1000
[  133.917326][ T7849] lo speed is unknown, defaulting to 1000
[  134.052339][ T7866] netlink: 20 bytes leftover after parsing attributes in process `syz.0.468'.
[  134.054942][ T7866] openvswitch: netlink: Flow actions attr not present in new flow.
[  134.082787][ T7849] lo speed is unknown, defaulting to 1000
[  134.586885][ T7849] syz.2.463 (7849) used greatest stack depth: 20608 bytes left
[  134.642794][ T7871] syz.2.470 (7871): drop_caches: 2
[  134.675173][ T7873] ubi: mtd0 is already attached to ubi31
[  134.943415][ T7879] netlink: 'syz.0.474': attribute type 1 has an invalid length.
[  134.946047][ T7879] netlink: 244 bytes leftover after parsing attributes in process `syz.0.474'.
[  134.964358][  T836] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  135.206115][  T836] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  135.209489][  T836] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  135.213141][  T836] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  135.216766][  T836] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  135.224114][  T836] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  135.227057][  T836] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  135.229298][  T836] usb 6-1: Product: syz
[  135.230421][  T836] usb 6-1: Manufacturer: syz
[  135.234159][  T836] cdc_wdm 6-1:1.0: skipping garbage
[  135.235861][  T836] cdc_wdm 6-1:1.0: skipping garbage
[  135.237334][  T836] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  135.441813][   T35] usb 6-1: USB disconnect, device number 9
[  135.512798][ T7891] netlink: 24 bytes leftover after parsing attributes in process `syz.2.477'.
[  135.593893][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'.
[  135.861300][ T7900] ubi: mtd0 is already attached to ubi31
[  135.968422][ T7897] fuse: Unknown parameter 'roktmode'
[  135.979548][ T7906] netlink: 'syz.3.483': attribute type 1 has an invalid length.
[  135.981760][ T7906] netlink: 244 bytes leftover after parsing attributes in process `syz.3.483'.
[  136.011115][ T7909] netlink: 20 bytes leftover after parsing attributes in process `syz.2.484'.
[  136.014833][ T7909] openvswitch: netlink: Flow actions attr not present in new flow.
[  136.024796][ T7910] netlink: 20 bytes leftover after parsing attributes in process `syz.3.485'.
[  136.028357][ T7910] openvswitch: netlink: Flow actions attr not present in new flow.
[  136.114399][  T836] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  136.204665][    T8] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  136.265798][  T836] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  136.268501][  T836] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  136.271430][  T836] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  136.275102][  T836] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  136.279992][  T836] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  136.282594][  T836] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  136.285251][  T836] usb 6-1: Product: syz
[  136.286462][  T836] usb 6-1: Manufacturer: syz
[  136.303533][  T836] cdc_wdm 6-1:1.0: skipping garbage
[  136.305886][  T836] cdc_wdm 6-1:1.0: skipping garbage
[  136.308359][  T836] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  136.394421][    T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  136.397084][    T8] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  136.400118][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  136.403662][    T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  136.409425][    T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  136.422742][    T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  136.431080][    T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  136.443623][    T8] usb 5-1: Product: syz
[  136.445597][    T8] usb 5-1: Manufacturer: syz
[  136.489297][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  136.491229][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  136.509109][  T836] usb 6-1: USB disconnect, device number 10
[  136.542145][    T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  136.545019][    T8] cdc_wdm 5-1:1.0: Unknown control protocol
[  136.743361][    C3] wdm_int_callback: 2 callbacks suppressed
[  136.743378][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  136.745047][    T8] usb 5-1: USB disconnect, device number 14
[  136.745177][    C3] wdm_int_callback: 2 callbacks suppressed
[  136.745187][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  136.745196][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  136.853470][ T7914] netlink: 20 bytes leftover after parsing attributes in process `syz.0.481'.
[  136.921134][ T7916] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  136.923246][ T7916] IPv6: NLM_F_CREATE should be set when creating new route
[  137.027590][ T7924] FAULT_INJECTION: forcing a failure.
[  137.027590][ T7924] name failslab, interval 1, probability 0, space 0, times 0
[  137.031306][ T7924] CPU: 2 UID: 0 PID: 7924 Comm: syz.3.489 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  137.031323][ T7924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  137.031331][ T7924] Call Trace:
[  137.031335][ T7924]  <TASK>
[  137.031340][ T7924]  dump_stack_lvl+0x16c/0x1f0
[  137.031359][ T7924]  should_fail_ex+0x50a/0x650
[  137.031377][ T7924]  ? fs_reclaim_acquire+0xae/0x150
[  137.031393][ T7924]  should_failslab+0xc2/0x120
[  137.031410][ T7924]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  137.031427][ T7924]  ? __asan_memcpy+0x3c/0x60
[  137.031440][ T7924]  ? alloc_pid+0xc7/0xbd0
[  137.031456][ T7924]  alloc_pid+0xc7/0xbd0
[  137.031472][ T7924]  copy_process+0x3901/0x8c50
[  137.031494][ T7924]  ? kasan_save_stack+0x33/0x60
[  137.031537][ T7924]  ? kasan_save_track+0x14/0x30
[  137.031553][ T7924]  ? __kasan_kmalloc+0xaa/0xb0
[  137.031567][ T7924]  ? vhost_task_create+0xe6/0x2d0
[  137.031580][ T7924]  ? kvm_mmu_post_init_vm+0x273/0x380
[  137.031594][ T7924]  ? kvm_arch_vcpu_ioctl_run+0x66/0x17f0
[  137.031607][ T7924]  ? kvm_vcpu_ioctl+0x5ea/0x16b0
[  137.031619][ T7924]  ? kvm_vcpu_compat_ioctl+0x210/0x3d0
[  137.031632][ T7924]  ? __do_fast_syscall_32+0x73/0x120
[  137.031645][ T7924]  ? do_fast_syscall_32+0x32/0x80
[  137.031664][ T7924]  ? __pfx_copy_process+0x10/0x10
[  137.031682][ T7924]  ? lockdep_init_map_type+0x16d/0x7d0
[  137.031698][ T7924]  ? __raw_spin_lock_init+0x3a/0x110
[  137.031716][ T7924]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  137.031733][ T7924]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  137.031752][ T7924]  vhost_task_create+0x1d3/0x2d0
[  137.031766][ T7924]  ? __pfx_vhost_task_create+0x10/0x10
[  137.031783][ T7924]  ? __pfx_vhost_task_fn+0x10/0x10
[  137.031798][ T7924]  ? lock_acquire.part.0+0x11b/0x380
[  137.031817][ T7924]  ? find_held_lock+0x2d/0x110
[  137.031833][ T7924]  kvm_mmu_post_init_vm+0x273/0x380
[  137.031884][ T7924]  kvm_arch_vcpu_ioctl_run+0x66/0x17f0
[  137.031903][ T7924]  ? lock_acquire+0x2f/0xb0
[  137.031926][ T7924]  ? kvm_vcpu_ioctl+0x14be/0x16b0
[  137.031941][ T7924]  kvm_vcpu_ioctl+0x5ea/0x16b0
[  137.031955][ T7924]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  137.031969][ T7924]  ? tomoyo_path_number_perm+0x190/0x590
[  137.031984][ T7924]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  137.031996][ T7924]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  137.032015][ T7924]  ? do_vfs_ioctl+0x513/0x1990
[  137.032028][ T7924]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  137.032049][ T7924]  ? __pfx_lock_release+0x10/0x10
[  137.032063][ T7924]  ? trace_lock_acquire+0x14e/0x1f0
[  137.032077][ T7924]  kvm_vcpu_compat_ioctl+0x210/0x3d0
[  137.032092][ T7924]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  137.032107][ T7924]  ? __fget_files+0x206/0x3a0
[  137.032126][ T7924]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  137.032139][ T7924]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  137.032154][ T7924]  __do_fast_syscall_32+0x73/0x120
[  137.032169][ T7924]  do_fast_syscall_32+0x32/0x80
[  137.032182][ T7924]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  137.032201][ T7924] RIP: 0023:0xf7f44579
[  137.032211][ T7924] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  137.032222][ T7924] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  137.032235][ T7924] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  137.032242][ T7924] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  137.032248][ T7924] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  137.032253][ T7924] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  137.032260][ T7924] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  137.032272][ T7924]  </TASK>
[  137.142354][    C2] vkms_vblank_simulate: vblank timer overrun
[  137.223595][ T7932] ubi: mtd0 is already attached to ubi31
[  137.563142][   T39] audit: type=1326 audit(1739646031.682:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.1.496" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f81579 code=0x0
[  137.710001][ T7952] netlink: 20 bytes leftover after parsing attributes in process `syz.2.497'.
[  137.712720][ T7952] openvswitch: netlink: Flow actions attr not present in new flow.
[  138.204741][ T7955] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  138.206956][ T7955] IPv6: NLM_F_CREATE should be set when creating new route
[  138.494422][  T836] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  138.577122][ T7964] ubi: mtd0 is already attached to ubi31
[  138.655522][  T836] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  138.658019][  T836] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  138.660817][  T836] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  138.663311][  T836] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  138.669445][  T836] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  138.672141][  T836] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  138.675020][  T836] usb 8-1: Product: syz
[  138.676198][  T836] usb 8-1: Manufacturer: syz
[  138.683155][  T836] cdc_wdm 8-1:1.0: skipping garbage
[  138.684787][  T836] cdc_wdm 8-1:1.0: skipping garbage
[  138.686279][  T836] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  138.884778][  T836] usb 8-1: USB disconnect, device number 13
[  138.901158][ T7988] gtp2: entered promiscuous mode
[  138.902800][ T7988] gtp2: entered allmulticast mode
[  138.970583][ T7994] input: syz1 as /devices/virtual/input/input6
[  138.986243][ T7988] netlink: 76 bytes leftover after parsing attributes in process `syz.1.505'.
[  139.033899][ T7996] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  139.120815][ T7999] gtp0: entered promiscuous mode
[  139.135612][ T7999] gtp0: entered allmulticast mode
[  139.267851][ T7999] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  139.276600][ T7999] netlink: 76 bytes leftover after parsing attributes in process `syz.0.508'.
[  139.500135][ T8008] netlink: 20 bytes leftover after parsing attributes in process `syz.0.510'.
[  139.502678][ T8008] openvswitch: netlink: Flow actions attr not present in new flow.
[  139.534595][  T836] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  139.671025][ T8011] ubi: mtd0 is already attached to ubi31
[  139.705934][  T836] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  139.708673][  T836] usb 8-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  139.712242][  T836] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  139.719886][  T836] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  139.726126][  T836] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  139.729718][  T836] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  139.732100][  T836] usb 8-1: Product: syz
[  139.733369][  T836] usb 8-1: Manufacturer: syz
[  139.739134][  T836] cdc_wdm 8-1:1.0: skipping garbage
[  139.740674][  T836] cdc_wdm 8-1:1.0: skipping garbage
[  139.742192][  T836] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  139.943289][  T836] usb 8-1: USB disconnect, device number 14
[  140.624466][  T836] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  140.787669][  T836] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  140.790161][  T836] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  140.802040][  T836] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  140.805038][  T836] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  140.808100][  T836] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  140.812427][  T836] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  140.820651][  T836] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  140.823333][  T836] usb 5-1: Product: syz
[  140.825146][  T836] usb 5-1: Manufacturer: syz
[  140.834824][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  140.836465][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  140.845503][  T836] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  140.847857][  T836] cdc_wdm 5-1:1.0: Unknown control protocol
[  140.880576][ T8030] Bluetooth: Invalid byte 02 after esc byte
[  141.089503][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.091383][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.093249][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.095149][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.097295][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.099161][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.101055][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.103116][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.105070][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.106907][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.108790][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.110655][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.112559][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.114441][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.118698][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.120521][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.122482][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  141.124545][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  141.126824][   T35] usb 5-1: USB disconnect, device number 15
[  141.128741][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  141.132686][ T8031] netlink: 'syz.1.517': attribute type 5 has an invalid length.
[  141.221740][ T8036] netlink: 20 bytes leftover after parsing attributes in process `syz.0.514'.
[  141.548891][ T8039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.519'.
[  141.556084][ T8041] ubi: mtd0 is already attached to ubi31
[  142.422621][    C2] dccp_check_seqno: Step 6 failed for CLOSE packet, (LSWL(46257515697082) <= P.seqno(46257515697081) <= S.SWH(46257515697156)) and (P.ackno exists or LAWL(146285231101977) <= P.ackno(146285231101977) <= S.AWH(146285231101977), sending SYNC...
[  142.824439][    T8] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  142.924566][ T5954] Bluetooth: hci4: command 0x1003 tx timeout
[  142.929051][ T5959] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  142.976167][    T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  142.979689][    T8] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  142.983664][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  142.987268][    T8] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  142.992381][    T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  142.995494][    T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  142.998306][    T8] usb 6-1: Product: syz
[  142.999490][    T8] usb 6-1: Manufacturer: syz
[  143.003234][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  143.005216][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  143.006687][    T8] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  143.203858][    T8] usb 6-1: USB disconnect, device number 11
[  143.844458][    T8] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  143.998956][    T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  144.002377][    T8] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  144.006844][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  144.010407][    T8] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  144.017193][    T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  144.020679][    T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  144.023756][    T8] usb 6-1: Product: syz
[  144.025763][    T8] usb 6-1: Manufacturer: syz
[  144.030589][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  144.032612][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  144.035449][    T8] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  144.248147][   T35] usb 6-1: USB disconnect, device number 12
[  144.260159][ T8072] netlink: 'syz.0.529': attribute type 5 has an invalid length.
[  144.994406][  T836] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  145.155641][  T836] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  145.158199][  T836] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  145.161022][  T836] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  145.163664][  T836] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  145.169534][  T836] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  145.174750][  T836] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  145.177747][  T836] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  145.180836][  T836] usb 5-1: Product: syz
[  145.182518][  T836] usb 5-1: Manufacturer: syz
[  145.192193][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  145.195381][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  145.199869][  T836] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  145.202110][  T836] cdc_wdm 5-1:1.0: Unknown control protocol
[  145.434474][   T35] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  145.457772][    C2] wdm_int_callback: 4 callbacks suppressed
[  145.457790][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  145.459077][  T834] usb 5-1: USB disconnect, device number 16
[  145.459568][    C2] wdm_int_callback: 4 callbacks suppressed
[  145.459585][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  145.468368][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  145.474833][    C2] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  145.579851][ T8098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.531'.
[  145.588354][   T35] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  145.594093][   T35] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  145.598147][   T35] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  145.601810][   T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  145.605933][   T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  145.611463][   T35] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  145.616111][   T35] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  145.619054][   T35] usb 6-1: Product: syz
[  145.620617][   T35] usb 6-1: Manufacturer: syz
[  145.631368][   T35] cdc_wdm 6-1:1.0: skipping garbage
[  145.633367][   T35] cdc_wdm 6-1:1.0: skipping garbage
[  145.637420][ T8100] netlink: 'syz.3.537': attribute type 1 has an invalid length.
[  145.639611][ T8100] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  145.644390][   T35] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  145.646117][   T35] cdc_wdm 6-1:1.0: Unknown control protocol
[  145.886787][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  145.887353][    T8] usb 6-1: USB disconnect, device number 13
[  145.888685][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  145.888700][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  145.997269][ T8107] netlink: 20 bytes leftover after parsing attributes in process `syz.1.535'.
[  146.235107][ T8113] netlink: 'syz.3.539': attribute type 5 has an invalid length.
[  146.984497][   T35] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  147.135827][   T35] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  147.139515][   T35] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  147.143579][   T35] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  147.148622][   T35] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  147.154965][   T35] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  147.158065][   T35] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  147.160390][   T35] usb 7-1: Product: syz
[  147.161651][   T35] usb 7-1: Manufacturer: syz
[  147.175164][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  147.177403][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  147.179495][   T35] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  147.377014][   T30] usb 7-1: USB disconnect, device number 10
[  148.014550][   T35] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  148.195467][   T35] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  148.198025][   T35] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  148.200903][   T35] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  148.203458][   T35] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  148.212787][   T35] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  148.215641][   T35] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  148.217988][   T35] usb 7-1: Product: syz
[  148.219218][   T35] usb 7-1: Manufacturer: syz
[  148.226510][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  148.228128][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  148.229664][   T35] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  148.438011][   T35] usb 7-1: USB disconnect, device number 11
[  149.002223][ T8212] netlink: 16 bytes leftover after parsing attributes in process `syz.2.553'.
[  149.014107][ T8214] netlink: 88 bytes leftover after parsing attributes in process `syz.0.552'.
[  149.051629][ T8218] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  149.097693][ T8220] ubi: mtd0 is already attached to ubi31
[  149.140640][ T8222] netlink: 20 bytes leftover after parsing attributes in process `syz.1.557'.
[  149.143394][ T8222] openvswitch: netlink: Flow actions attr not present in new flow.
[  149.294350][   T35] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  149.478729][   T35] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  149.481195][   T35] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  149.494321][   T35] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  149.497685][   T35] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  149.501577][   T35] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  149.518337][   T35] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  149.521632][   T35] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  149.523818][   T35] usb 7-1: Product: syz
[  149.525660][   T35] usb 7-1: Manufacturer: syz
[  149.533681][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  149.536595][   T35] cdc_wdm 7-1:1.0: skipping garbage
[  149.539108][   T35] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  149.541273][   T35] cdc_wdm 7-1:1.0: Unknown control protocol
[  149.789270][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  149.791266][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  149.793226][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  149.795125][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  149.797128][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  149.799048][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  149.800883][   T35] usb 7-1: USB disconnect, device number 12
[  149.802670][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  149.802682][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  149.802690][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  149.958675][ T8230] netlink: 20 bytes leftover after parsing attributes in process `syz.2.555'.
[  150.344437][   T63] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  150.518244][   T63] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  150.521661][   T63] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  150.526657][   T63] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  150.530236][   T63] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  150.534944][   T63] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  150.542344][   T63] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  150.545188][   T63] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  150.547988][   T63] usb 6-1: Product: syz
[  150.549687][   T63] usb 6-1: Manufacturer: syz
[  150.555878][   T63] cdc_wdm 6-1:1.0: skipping garbage
[  150.558293][   T63] cdc_wdm 6-1:1.0: skipping garbage
[  150.560998][   T63] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  150.562772][   T63] cdc_wdm 6-1:1.0: Unknown control protocol
[  150.709280][ T8244] netlink: 'syz.0.561': attribute type 1 has an invalid length.
[  150.712426][ T8244] netlink: 244 bytes leftover after parsing attributes in process `syz.0.561'.
[  150.810336][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  150.810648][   T35] usb 6-1: USB disconnect, device number 14
[  150.812230][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  150.815845][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  150.818828][    C2] dummy_hcd dummy_hcd.1: timer fired with no URBs pending?
[  150.926627][ T8251] netlink: 20 bytes leftover after parsing attributes in process `syz.1.559'.
[  152.008110][ T8262] netlink: 'syz.0.565': attribute type 1 has an invalid length.
[  152.010390][ T8262] netlink: 244 bytes leftover after parsing attributes in process `syz.0.565'.
[  152.184131][ T8269] netlink: 88 bytes leftover after parsing attributes in process `syz.0.566'.
[  152.533897][ T8275] input: syz1 as /devices/virtual/input/input7
[  153.308453][ T8290] netlink: 'syz.0.571': attribute type 5 has an invalid length.
[  153.652055][ T8293] netlink: 20 bytes leftover after parsing attributes in process `syz.2.573'.
[  153.655206][ T8293] openvswitch: netlink: Flow actions attr not present in new flow.
[  154.233941][ T8300] ubi: mtd0 is already attached to ubi31
[  154.366470][ T8302] netlink: 20 bytes leftover after parsing attributes in process `syz.1.576'.
[  154.369079][ T8302] openvswitch: netlink: Flow actions attr not present in new flow.
[  154.943236][ T8314] netlink: 'syz.0.577': attribute type 1 has an invalid length.
[  154.947625][ T8314] netlink: 244 bytes leftover after parsing attributes in process `syz.0.577'.
[  156.101684][ T8340] netlink: 'syz.2.589': attribute type 1 has an invalid length.
[  156.103918][ T8340] netlink: 244 bytes leftover after parsing attributes in process `syz.2.589'.
[  156.148009][ T8343] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  156.414344][    T9] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  156.435856][    T8] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  156.564413][    T9] usb 6-1: Using ep0 maxpacket: 8
[  156.567061][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  156.569272][    T9] usb 6-1: config 0 has no interface number 0
[  156.570964][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  156.573963][    T9] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  156.576713][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.580699][    T9] usb 6-1: config 0 descriptor??
[  156.584501][    T9] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  156.616034][    T8] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  156.651500][    C0] vkms_vblank_simulate: vblank timer overrun
[  156.653485][    T8] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  156.656511][    T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  156.659075][    T8] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  156.663859][    T8] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  156.666488][    T8] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  156.669299][    T8] usb 7-1: Product: syz
[  156.670957][    T8] usb 7-1: Manufacturer: syz
[  156.676791][    T8] cdc_wdm 7-1:1.0: skipping garbage
[  156.678901][    T8] cdc_wdm 7-1:1.0: skipping garbage
[  156.680905][    T8] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  156.790832][    T8] usb 6-1: USB disconnect, device number 15
[  156.877665][  T834] usb 7-1: USB disconnect, device number 13
[  157.334418][ T8371] netlink: 'syz.1.596': attribute type 1 has an invalid length.
[  157.336642][ T8371] netlink: 224 bytes leftover after parsing attributes in process `syz.1.596'.
[  157.461151][ T8384] netlink: 20 bytes leftover after parsing attributes in process `syz.1.598'.
[  157.463737][ T8384] openvswitch: netlink: Flow actions attr not present in new flow.
[  157.484448][ T6013] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  157.534512][  T834] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  157.660483][ T6013] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  157.663315][ T6013] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  157.668857][ T6013] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  157.672259][ T6013] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  157.679237][ T6013] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  157.681828][ T6013] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  157.684113][ T6013] usb 5-1: Product: syz
[  157.686798][ T6013] usb 5-1: Manufacturer: syz
[  157.688432][  T834] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  157.690993][  T834] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  157.694596][  T834] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  157.697091][  T834] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  157.713138][ T6013] cdc_wdm 5-1:1.0: skipping garbage
[  157.714753][ T6013] cdc_wdm 5-1:1.0: skipping garbage
[  157.716245][ T6013] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  157.721590][  T834] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  157.724191][  T834] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  157.731064][  T834] usb 7-1: Product: syz
[  157.732345][  T834] usb 7-1: Manufacturer: syz
[  157.742694][  T834] cdc_wdm 7-1:1.0: skipping garbage
[  157.744362][  T834] cdc_wdm 7-1:1.0: skipping garbage
[  157.745867][  T834] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  157.932862][    T8] usb 5-1: USB disconnect, device number 17
[  157.953246][   T35] usb 7-1: USB disconnect, device number 14
[  158.423505][ T8396] netlink: 'syz.1.600': attribute type 1 has an invalid length.
[  158.425879][ T8396] netlink: 244 bytes leftover after parsing attributes in process `syz.1.600'.
[  158.584366][  T834] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  158.765564][  T834] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  158.768153][  T834] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  158.771043][  T834] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  158.773625][  T834] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  158.778904][  T834] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  158.781465][  T834] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  158.783672][  T834] usb 5-1: Product: syz
[  158.784985][  T834] usb 5-1: Manufacturer: syz
[  158.791412][  T834] cdc_wdm 5-1:1.0: skipping garbage
[  158.792986][  T834] cdc_wdm 5-1:1.0: skipping garbage
[  158.795240][  T834] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  159.006232][  T836] usb 5-1: USB disconnect, device number 18
[  159.541474][ T8420] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  159.588413][ T8424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.609'.
[  159.629613][ T8428] netlink: 'syz.1.611': attribute type 1 has an invalid length.
[  159.631843][ T8428] netlink: 244 bytes leftover after parsing attributes in process `syz.1.611'.
[  159.864459][  T836] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  159.951272][ T8441] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.019595][  T836] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  160.022140][  T836] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  160.025858][  T836] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  160.026581][ T8441] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.028353][  T836] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  160.039393][  T836] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  160.041898][  T836] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  160.044077][  T836] usb 5-1: Product: syz
[  160.045537][  T836] usb 5-1: Manufacturer: syz
[  160.049008][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  160.050482][  T836] cdc_wdm 5-1:1.0: skipping garbage
[  160.051934][  T836] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  160.154950][ T8441] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.225338][ T8441] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.251430][  T834] usb 5-1: USB disconnect, device number 19
[  160.297645][ T8441] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.303229][ T8441] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.309652][ T8441] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.315233][ T8441] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.886093][   T63] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  161.046207][   T63] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  161.048711][   T63] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  161.051522][   T63] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  161.055028][   T63] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  161.060239][   T63] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  161.062724][   T63] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  161.066599][   T63] usb 5-1: Product: syz
[  161.067904][   T63] usb 5-1: Manufacturer: syz
[  161.071620][   T63] cdc_wdm 5-1:1.0: skipping garbage
[  161.073088][   T63] cdc_wdm 5-1:1.0: skipping garbage
[  161.075220][   T63] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  161.274438][   T63] usb 5-1: USB disconnect, device number 20
[  161.978540][ T8458] netlink: 56 bytes leftover after parsing attributes in process `syz.0.617'.
[  162.139362][ T8461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.618'.
[  162.183095][ T8463] FAULT_INJECTION: forcing a failure.
[  162.183095][ T8463] name failslab, interval 1, probability 0, space 0, times 0
[  162.187626][ T8463] CPU: 0 UID: 0 PID: 8463 Comm: syz.1.619 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  162.187647][ T8463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.187657][ T8463] Call Trace:
[  162.187663][ T8463]  <TASK>
[  162.187669][ T8463]  dump_stack_lvl+0x16c/0x1f0
[  162.187696][ T8463]  should_fail_ex+0x50a/0x650
[  162.187719][ T8463]  ? fs_reclaim_acquire+0xae/0x150
[  162.187740][ T8463]  ? p9_fcall_init+0x97/0x260
[  162.187764][ T8463]  should_failslab+0xc2/0x120
[  162.187788][ T8463]  __kmalloc_noprof+0xcb/0x510
[  162.187810][ T8463]  ? rcu_is_watching+0x12/0xc0
[  162.187826][ T8463]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  162.187847][ T8463]  p9_fcall_init+0x97/0x260
[  162.187871][ T8463]  p9_tag_alloc+0x17a/0x660
[  162.187888][ T8463]  ? __pfx_p9_tag_alloc+0x10/0x10
[  162.187903][ T8463]  ? __lock_acquire+0x15a9/0x3c40
[  162.187929][ T8463]  p9_client_prepare_req+0x19f/0x4d0
[  162.187945][ T8463]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  162.187963][ T8463]  ? hlock_class+0x4e/0x130
[  162.187978][ T8463]  ? mark_lock+0xb5/0xc60
[  162.187999][ T8463]  p9_client_rpc+0x1c3/0xc10
[  162.188017][ T8463]  ? __pfx_p9_client_rpc+0x10/0x10
[  162.188034][ T8463]  ? idr_preload_end+0xc2/0x230
[  162.188057][ T8463]  ? __pfx_lock_release+0x10/0x10
[  162.188076][ T8463]  ? __pfx_lock_release+0x10/0x10
[  162.188099][ T8463]  ? mark_held_locks+0x9f/0xe0
[  162.188119][ T8463]  ? rcu_is_watching+0x12/0xc0
[  162.188138][ T8463]  p9_client_walk+0x1ac/0x530
[  162.188156][ T8463]  ? __pfx_p9_client_walk+0x10/0x10
[  162.188175][ T8463]  ? v9fs_fid_lookup+0xe9/0xec0
[  162.188197][ T8463]  v9fs_file_open+0x596/0xac0
[  162.188212][ T8463]  ? __pfx_apparmor_file_open+0x10/0x10
[  162.188232][ T8463]  ? __pfx_v9fs_file_open+0x10/0x10
[  162.188249][ T8463]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  162.188273][ T8463]  do_dentry_open+0x735/0x1c40
[  162.188294][ T8463]  ? __pfx_v9fs_file_open+0x10/0x10
[  162.188310][ T8463]  ? inode_permission+0xdd/0x5f0
[  162.188328][ T8463]  vfs_open+0x82/0x3f0
[  162.188341][ T8463]  ? may_open+0x1f2/0x400
[  162.188358][ T8463]  path_openat+0x1e88/0x2d80
[  162.188387][ T8463]  ? __pfx_path_openat+0x10/0x10
[  162.188407][ T8463]  ? __pfx___lock_acquire+0x10/0x10
[  162.188426][ T8463]  ? lock_acquire.part.0+0x11b/0x380
[  162.188446][ T8463]  ? find_held_lock+0x2d/0x110
[  162.188464][ T8463]  do_filp_open+0x20c/0x470
[  162.188484][ T8463]  ? __pfx_do_filp_open+0x10/0x10
[  162.188504][ T8463]  ? find_held_lock+0x2d/0x110
[  162.188532][ T8463]  ? alloc_fd+0x41f/0x760
[  162.188558][ T8463]  do_sys_openat2+0x17a/0x1e0
[  162.188573][ T8463]  ? __pfx_do_sys_openat2+0x10/0x10
[  162.188590][ T8463]  ? __fget_files+0x206/0x3a0
[  162.188614][ T8463]  __ia32_compat_sys_openat+0x16e/0x210
[  162.188631][ T8463]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  162.188647][ T8463]  ? ksys_write+0x1ba/0x250
[  162.188674][ T8463]  __do_fast_syscall_32+0x73/0x120
[  162.188697][ T8463]  do_fast_syscall_32+0x32/0x80
[  162.188737][ T8463]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  162.188762][ T8463] RIP: 0023:0xf7f81579
[  162.188774][ T8463] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  162.188788][ T8463] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  162.188804][ T8463] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 000000008000c380
[  162.188814][ T8463] RDX: 0000000000020842 RSI: 0000000000000000 RDI: 0000000000000000
[  162.188823][ T8463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  162.188832][ T8463] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  162.188841][ T8463] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  162.188859][ T8463]  </TASK>
[  162.297461][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.670218][ T8468] netlink: 'syz.1.620': attribute type 5 has an invalid length.
[  163.256300][ T8476] netlink: 'syz.0.622': attribute type 10 has an invalid length.
[  163.259435][ T8476] netlink: 40 bytes leftover after parsing attributes in process `syz.0.622'.
[  163.275482][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  163.286878][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  163.292459][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  163.295331][ T8476] team0: Port device geneve0 added
[  163.295554][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  163.299550][ T5954] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  163.302674][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  163.369613][ T8475] lo speed is unknown, defaulting to 1000
[  163.425028][ T8480] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  163.431586][ T8479] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  163.440296][ T8481] block nbd1: NBD_DISCONNECT
[  163.442550][ T8480] block nbd1: NBD_DISCONNECT
[  163.442944][ T8475] lo speed is unknown, defaulting to 1000
[  163.633337][ T1171] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.651691][ T8475] chnl_net:caif_netlink_parms(): no params data found
[  163.781936][ T8475] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.784009][ T8475] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.794499][ T8475] bridge_slave_0: entered allmulticast mode
[  163.798261][ T8475] bridge_slave_0: entered promiscuous mode
[  163.801055][ T8475] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.802951][ T8475] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.812339][ T8475] bridge_slave_1: entered allmulticast mode
[  163.815917][ T8475] bridge_slave_1: entered promiscuous mode
[  163.875253][ T8475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.005640][ T1171] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.015243][ T8475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.238951][ T1171] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.257708][ T8475] team0: Port device team_slave_0 added
[  164.260859][ T8475] team0: Port device team_slave_1 added
[  164.305056][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.307169][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.314167][ T8475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.319021][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.320926][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.330749][ T8475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.397010][ T1171] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.520338][ T8475] hsr_slave_0: entered promiscuous mode
[  164.522461][ T8475] hsr_slave_1: entered promiscuous mode
[  164.524771][ T8475] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.527548][ T8475] Cannot create hsr debugfs directory
[  164.631539][ T1171] bridge_slave_1: left allmulticast mode
[  164.634170][ T1171] bridge_slave_1: left promiscuous mode
[  164.638426][ T1171] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.642994][ T1171] bridge_slave_0: left allmulticast mode
[  164.646762][ T1171] bridge_slave_0: left promiscuous mode
[  164.648434][ T1171] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.933864][ T1171] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.939467][ T1171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.944014][ T1171] bond0 (unregistering): Released all slaves
[  164.991231][ T8475] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  165.024198][ T8475] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  165.028788][ T8475] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  165.032542][ T8475] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  165.101276][ T8475] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.113227][ T8475] 8021q: adding VLAN 0 to HW filter on device team0
[  165.123277][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.125550][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.145530][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.147770][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.335059][ T5954] Bluetooth: hci4: command tx timeout
[  165.489984][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.638631][ T8475] veth0_vlan: entered promiscuous mode
[  165.646982][ T8475] veth1_vlan: entered promiscuous mode
[  165.656331][ T8475] veth0_macvtap: entered promiscuous mode
[  165.659358][ T8475] veth1_macvtap: entered promiscuous mode
[  165.692267][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.695898][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.700009][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.702985][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.706448][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.709427][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.956520][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.041466][ T8529] netlink: 'syz.1.629': attribute type 5 has an invalid length.
[  166.049113][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.052010][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.055246][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.058222][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.060933][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.063653][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.068823][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.077203][ T8475] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.080525][ T8475] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.083735][ T8475] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.094509][ T8475] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.115187][ T1171] ------------[ cut here ]------------
[  166.122153][ T1171] Have pending ack frames!
[  166.128105][ T1171] WARNING: CPU: 2 PID: 1171 at net/mac80211/main.c:1713 ieee80211_free_ack_frame+0x5a/0x60
[  166.131062][ T1171] Modules linked in:
[  166.133230][ T1171] CPU: 2 UID: 0 PID: 1171 Comm: kworker/u32:9 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  166.138660][ T1171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  166.141674][ T1171] Workqueue: netns cleanup_net
[  166.143025][ T1171] RIP: 0010:ieee80211_free_ack_frame+0x5a/0x60
[  166.144934][ T1171] Code: 31 ff e8 b9 18 67 fe 31 c0 5b 5d c3 cc cc cc cc e8 cb dd f5 f6 c6 05 c2 04 87 05 01 90 48 c7 c7 00 97 c1 8c e8 c7 17 b6 f6 90 <0f> 0b 90 90 eb c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  166.150431][ T1171] RSP: 0018:ffffc90006daf950 EFLAGS: 00010286
[  166.152136][ T1171] RAX: 0000000000000000 RBX: ffff888028804500 RCX: ffffffff817a1229
[  166.154313][ T1171] RDX: ffff888021ae0000 RSI: ffffffff817a1236 RDI: 0000000000000001
[  166.156466][ T1171] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  166.158695][ T1171] R10: 0000000000000001 R11: 0000000000000003 R12: dffffc0000000000
[  166.160985][ T1171] R13: ffffffff8ac3f870 R14: 0000000080000000 R15: 0000000000000000
[  166.163165][ T1171] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  166.166101][ T1171] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  166.168011][ T1171] CR2: 00005559cc9fd000 CR3: 000000004a6dc000 CR4: 0000000000352ef0
[  166.170226][ T1171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  166.172605][ T1171] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  166.176245][ T1171] Call Trace:
[  166.177226][ T1171]  <TASK>
[  166.178061][ T1171]  ? __warn+0xea/0x3c0
[  166.179214][ T1171]  ? ieee80211_free_ack_frame+0x5a/0x60
[  166.180774][ T1171]  ? report_bug+0x3c0/0x580
[  166.182127][ T1171]  ? handle_bug+0x54/0xa0
[  166.183349][ T1171]  ? exc_invalid_op+0x17/0x50
[  166.184896][ T1171]  ? asm_exc_invalid_op+0x1a/0x20
[  166.186653][ T1171]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  166.188435][ T1171]  ? __warn_printk+0x199/0x350
[  166.189799][ T1171]  ? __warn_printk+0x1a6/0x350
[  166.191157][ T1171]  ? ieee80211_free_ack_frame+0x5a/0x60
[  166.192760][ T1171]  idr_for_each+0x141/0x270
[  166.194150][ T1171]  ? __pfx_idr_for_each+0x10/0x10
[  166.195898][ T1171]  ? kfree+0x2c4/0x4d0
[  166.197124][ T1171]  ? kfree+0x2c4/0x4d0
[  166.198331][ T1171]  ? kfree_const+0x55/0x60
[  166.199634][ T1171]  ieee80211_free_hw+0x9b/0x2d0
[  166.201201][ T1171]  ? kobject_put+0x210/0x5a0
[  166.202657][ T1171]  hwsim_exit_net+0x3fe/0x7d0
[  166.204274][ T1171]  ? __pfx_hwsim_exit_net+0x10/0x10
[  166.205839][ T1171]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[  166.207703][ T1171]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[  166.209419][ T1171]  ? __pfx_hwsim_exit_net+0x10/0x10
[  166.210960][ T1171]  ops_exit_list+0xb0/0x180
[  166.212330][ T1171]  cleanup_net+0x5c6/0xbf0
[  166.213602][ T1171]  ? __pfx_cleanup_net+0x10/0x10
[  166.215165][ T1171]  ? lock_acquire+0x2f/0xb0
[  166.216439][ T1171]  ? process_one_work+0x921/0x1ba0
[  166.217921][ T1171]  process_one_work+0x9c5/0x1ba0
[  166.219312][ T1171]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  166.220901][ T1171]  ? __pfx_process_one_work+0x10/0x10
[  166.222377][ T1171]  ? assign_work+0x1a0/0x250
[  166.224189][ T1171]  worker_thread+0x6c8/0xf00
[  166.225660][ T1171]  ? __kthread_parkme+0x148/0x220
[  166.227076][ T1171]  ? __pfx_worker_thread+0x10/0x10
[  166.228552][ T1171]  kthread+0x3af/0x750
[  166.229733][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.231054][ T1171]  ? lock_acquire+0x2f/0xb0
[  166.232336][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.233663][ T1171]  ret_from_fork+0x45/0x80
[  166.235088][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.236418][ T1171]  ret_from_fork_asm+0x1a/0x30
[  166.237806][ T1171]  </TASK>
[  166.238690][ T1171] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  166.240702][ T1171] CPU: 2 UID: 0 PID: 1171 Comm: kworker/u32:9 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0
[  166.243628][ T1171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  166.246924][ T1171] Workqueue: netns cleanup_net
[  166.248431][ T1171] Call Trace:
[  166.249393][ T1171]  <TASK>
[  166.250233][ T1171]  dump_stack_lvl+0x3d/0x1f0
[  166.251538][ T1171]  panic+0x71d/0x800
[  166.252645][ T1171]  ? __pfx_panic+0x10/0x10
[  166.253957][ T1171]  ? show_trace_log_lvl+0x29d/0x3d0
[  166.255415][ T1171]  ? check_panic_on_warn+0x1f/0xb0
[  166.256912][ T1171]  ? ieee80211_free_ack_frame+0x5a/0x60
[  166.258505][ T1171]  check_panic_on_warn+0xab/0xb0
[  166.259896][ T1171]  __warn+0xf6/0x3c0
[  166.261029][ T1171]  ? ieee80211_free_ack_frame+0x5a/0x60
[  166.262563][ T1171]  report_bug+0x3c0/0x580
[  166.263785][ T1171]  handle_bug+0x54/0xa0
[  166.264971][ T1171]  exc_invalid_op+0x17/0x50
[  166.266244][ T1171]  asm_exc_invalid_op+0x1a/0x20
[  166.267530][ T1171] RIP: 0010:ieee80211_free_ack_frame+0x5a/0x60
[  166.269292][ T1171] Code: 31 ff e8 b9 18 67 fe 31 c0 5b 5d c3 cc cc cc cc e8 cb dd f5 f6 c6 05 c2 04 87 05 01 90 48 c7 c7 00 97 c1 8c e8 c7 17 b6 f6 90 <0f> 0b 90 90 eb c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  166.274524][ T1171] RSP: 0018:ffffc90006daf950 EFLAGS: 00010286
[  166.276153][ T1171] RAX: 0000000000000000 RBX: ffff888028804500 RCX: ffffffff817a1229
[  166.278411][ T1171] RDX: ffff888021ae0000 RSI: ffffffff817a1236 RDI: 0000000000000001
[  166.280684][ T1171] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  166.282858][ T1171] R10: 0000000000000001 R11: 0000000000000003 R12: dffffc0000000000
[  166.285011][ T1171] R13: ffffffff8ac3f870 R14: 0000000080000000 R15: 0000000000000000
[  166.287052][ T1171]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  166.288719][ T1171]  ? __warn_printk+0x199/0x350
[  166.290026][ T1171]  ? __warn_printk+0x1a6/0x350
[  166.291402][ T1171]  idr_for_each+0x141/0x270
[  166.292683][ T1171]  ? __pfx_idr_for_each+0x10/0x10
[  166.294093][ T1171]  ? kfree+0x2c4/0x4d0
[  166.295237][ T1171]  ? kfree+0x2c4/0x4d0
[  166.296379][ T1171]  ? kfree_const+0x55/0x60
[  166.297630][ T1171]  ieee80211_free_hw+0x9b/0x2d0
[  166.298924][ T1171]  ? kobject_put+0x210/0x5a0
[  166.300436][ T1171]  hwsim_exit_net+0x3fe/0x7d0
[  166.301799][ T1171]  ? __pfx_hwsim_exit_net+0x10/0x10
[  166.303228][ T1171]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[  166.304700][ T1171]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[  166.306233][ T1171]  ? __pfx_hwsim_exit_net+0x10/0x10
[  166.307632][ T1171]  ops_exit_list+0xb0/0x180
[  166.308867][ T1171]  cleanup_net+0x5c6/0xbf0
[  166.310089][ T1171]  ? __pfx_cleanup_net+0x10/0x10
[  166.311468][ T1171]  ? lock_acquire+0x2f/0xb0
[  166.312698][ T1171]  ? process_one_work+0x921/0x1ba0
[  166.314121][ T1171]  process_one_work+0x9c5/0x1ba0
[  166.315467][ T1171]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  166.316985][ T1171]  ? __pfx_process_one_work+0x10/0x10
[  166.318445][ T1171]  ? assign_work+0x1a0/0x250
[  166.319685][ T1171]  worker_thread+0x6c8/0xf00
[  166.321024][ T1171]  ? __kthread_parkme+0x148/0x220
[  166.322394][ T1171]  ? __pfx_worker_thread+0x10/0x10
[  166.323777][ T1171]  kthread+0x3af/0x750
[  166.324883][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.326116][ T1171]  ? lock_acquire+0x2f/0xb0
[  166.327384][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.328625][ T1171]  ret_from_fork+0x45/0x80
[  166.329837][ T1171]  ? __pfx_kthread+0x10/0x10
[  166.331110][ T1171]  ret_from_fork_asm+0x1a/0x30
[  166.332491][ T1171]  </TASK>
[  166.333797][ T1171] Kernel Offset: disabled
[  166.335001][ T1171] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:01:00  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffc90002c4fdd0 RCX=ffffffff82323435 RDX=ffff888023e6a440
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc90002c4fab8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000004 R13=ffffc90002c4fdc8 R14=ffffc90002c4fc20 R15=0000000000000000
RIP=ffffffff81b9d680 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7203410 CR3=000000004af9a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=ffff88804a27e200 RCX=1ffff1100944fc45 RDX=ffff88806c1601b0
RSI=ffffffff8a386537 RDI=ffff88804a27e228 RBP=1ffff92000dedf59 RSP=ffffc90006f6faa8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000004
R12=ffff88806c160140 R13=ffff888069edf810 R14=000000000000008e R15=0000000000000000
RIP=ffffffff8a386572 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fdf9ffc CR3=000000002654a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000178800000000 0000000600000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff853e45b0 RDI=ffffffff9ab6be20 RBP=ffffffff9ab6bde0 RSP=ffffc90006daf280
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000007
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff356d816 R15=dffffc0000000000
RIP=ffffffff853e45d7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005559cc9fd000 CR3=000000004a6dc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff900 Opmask01=0000000001100000 Opmask02=000000000fffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffff0000ff
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e2e2e2e2e2e2e2e 2e2e2e2e2e2e2e2e
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e2e2e2e2e2e2e2e 2e2e2e2e2e2e2e2e
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffff0000ff
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6573206f74206465 6c696166203a7325 002f74656e2f7373 616c632f7379732f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0030303900000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000d0d040f0d0d0d 0d0d0d0f0d45514a 0043000d004e5850 5c535b5413495853
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0cac9dbd36d1fc47 00000005559cc6d7 0000000000000051 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0cac9dbd36d1fc47 0000555c99f1bde7 0000000000000051 000030316e616c77
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 00005559a90a4233 73656d5f70636864
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 725f0f318a528661 72610f6ffe7df37f 6567757bfb7f7fff 7f7f7d7f75777965
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 642f7261762f0073 253a73252d73253a 73252d7325007325 2d73250074736575
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 0000726565666965
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 00006d5f65636864
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbf2b313423342c
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 df312e232d2435bf 2324353124322431
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8207061b RDX=ffff8880215d8000
RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc90006367610
R8 =0000000000000004 R9 =00000000000001fd R10=0000000000000106 R11=0000000000000003
R12=0000000000000000 R13=ffffc90006367780 R14=ffff88801f081400 R15=dffffc0000000000
RIP=ffffffff81b9d120 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000800018c0 CR3=000000004a218000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000178800000000 0000000600000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000