last executing test programs:

1m4.844622059s ago: executing program 3 (id=1807):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000200010000009800088014000780080005000000000008"], 0xc0}}, 0x30004040)

1m4.675252157s ago: executing program 3 (id=1808):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3400000040000701feffffff00000000017c0000040042800c00018006000600800a0000100002800c00148008000d00bd"], 0x34}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f00000004c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
inotify_init()
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
io_uring_setup(0x1c97, &(0x7f0000000600)={0x0, 0x1ad0, 0x100, 0x2, 0x1df})
epoll_create1(0x80000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x68, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x1}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}, 0x1, 0x0, 0x0, 0x4810}, 0x0)
poll(&(0x7f0000000140)=[{r1, 0xc4f4}, {r2, 0xc004}, {r1, 0x8}, {r1, 0xa00d}], 0x4, 0x2)
fsopen(&(0x7f0000000340)='rpc_pipefs\x00', 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
pipe2(&(0x7f0000000000), 0x80080)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x6)

1m2.907582021s ago: executing program 3 (id=1814):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

1m2.770355166s ago: executing program 3 (id=1815):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080d0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x34000047}, 0x240000d0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
setxattr$incfs_size(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180), &(0x7f0000000280)=0x7, 0x8, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0)

1m2.374099496s ago: executing program 2 (id=1817):
syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x280)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x40, &(0x7f0000000380)={&(0x7f0000000200)={0x20, 0x35, 0x1, 0x470bd2b, 0x25dbdbfe, {0x4}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x2}, @typed={0x4, 0x5}]}, 0x20}, 0x1, 0xfc030000, 0x0, 0x24040050}, 0x24000080) (fail_nth: 3)

1m1.504923731s ago: executing program 3 (id=1818):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)
ioctl$TCXONC(r0, 0x540a, 0x3)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000380))
r2 = getpid()
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_pidfd_open(r2, 0x0)
setns(r4, 0x24020000)
syz_clone(0xb2168400, 0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f0000001400)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x1, 0x9, 0x1c, 0x100, 0x3, 0x3, 0x6, 0x2cb, 0x38, 0x212, 0x100, 0x9, 0x20, 0x3, 0x10, 0x7, 0x7}, [{0x1, 0x2, 0x9, 0x38235930, 0x493, 0xb, 0x7fffffff, 0x7f}, {0x60000000, 0x2, 0x8, 0x1, 0xe, 0x28000000, 0x9e, 0x35}, {0x7, 0x2, 0x4, 0x7, 0x9, 0xd, 0x9, 0x54df}], "d91b84b6fc9aba3090f715b9533b2f9bb9cbdf1f499ca90733273cbb522b557e9a369bca4dfaf533ed9dfe719f302acffcb520ca3cff6dd4b69c9dc93972d576e825ffaa8fade53a5ba444df39713079c2d46ec732a69c1ada98c4ac9141240b8fd2b0e8a7d486fed57722639945809b7a4854b5dc9250ac7f800c84647357bbdeb54e6177ed7a6400e9e307158f77cb8e022eea7e736663fcab5027c122e4a0e25558756a77e1e9dd12d4cc21f95824b19da81d0dcafa336c9c03a22e583618015ac90768813b6261822390a9a22909db850ff5343b39da72e7ef4e462bca3b96e9f3192933c64a6d", ['\x00', '\x00', '\x00']}, 0x481)
socket$nl_route(0x10, 0x3, 0x0)
setpriority(0x1, 0x0, 0xe0000000000000)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000013c0)={0x62, 0x3b, 0x6, 0x3, 0x1000, 0x8, &(0x7f00000003c0)="e09d3c6c1b06c377c7f3c162dd431795dd6e3bd19350bead409fdc4d8b8a19846b3b9556971628c08ff22faf049d4ace98ba5f3f48fbda9fc0a950812d5a4135cd0d8df6fa43a3a0dac151b104fb3433d2070e75266beadcddf75469a47e857728be22fca0173d416a935c5b4523bda679e34a54df34c2b68704f3ba8b4e41dedaf6417896bf30b6cf31163d74e70fa27cb11fa4b711f9d6b3c4eaf8d03c87e26460b9ce3df023dbca231d60ad5abd2698a57d0398d1191d5510efddf42de82782a275c614a2a7348ed5148324d94dc91ef39cdb50850c25d2d6f6fa0e85bb4ecdee05cfc431109505780d548b898d6a422e7d880bcecb2c0bde5b86134eb317ed743ce76dedd7654d1ed0178f3736d72954dddce68c1fee1851b447197118cf235850fc38496a28148f146d2b2997ba4e19368131f0ac49d03d63fe180db6f924f79ed338f9be4ad7128d62c669d7d7f6cffce2b634d77afa4a4f9f7040ce302d176ae8afb32480baa06468e30f8658a09079fccc8f92f870b12ec3082c285093dbdef2e1efe753d47c515bc7c0e0bf33bdec150ec9e1443b221d0fe46ccf3db7046e5941752e6dab03573f782b19942a4d78d664c99353717434c93f337509bbb1d0c3448a08f5793346a15ba2968f00e0fdec9fe3aee71d20e81cd4797104635360a643e50b93f065d95c8172b02aa1a444235fde5bf2982c1d5e41d727803100b79b44c315edb89273b28de674d9ca36f614e6d75d382fa886cc4b290e5d39b5319dc22f20963768b5df719048781dd7f34d0a261ea1bb010c33aa9076ceaa6ce3989624687cc79cc2a9729acade019e1f2f6163ff911a354db4cb8d06b875323b17e87aac9f6dbbac2ce387d6ac9f69e9fd396e61642096eeeff2fc93f29335e71113f44f22eaa060336152fac10af21a27edbb8ea8fd24fe7eb608f6adccc0b3e658b169bb068cd3220b18a0a145c57a95c42b510b64ff6cfbbdfda242534c4a19eea20afee6cdcf7aedfdd9efec0606aff7064190fa6cedd1ef9d807085425893abcf997e18345e5d04e31ceeb583f817b83dbcbf58db5da9980854158a5b73811382b92515b68ccab9fefebf25ae04506d5ee06bfea87068df750ef67b40fc0bb78d0bec0e432caba699f32d51d6908222ce55f36d2d62c3642cdf156723a6b87f1bbb2419c85598bd38fbb8fd27f5ef676250735b2222d5f725b2b7523e858d1c38c94cafeb4dddeb0264300d520e22a30868c5f02203c59efb57f905ef662146a49676f334041a1989b6e20bcab71902bf3d20604e9e7840174b1fb8a9c55321ac0666ba8a87c4e88ee0ec7cc9a26a1b302c6406552b4463d949cdb9afae2949e9ac0bacc8674f0a445643d3cc4916a8819a7baf1590d8a6154d6dcbcbf8e89fdf5a150d4cc8b592d05cb42e7157665c8d14d5a0364442c9d321d3f224dc398ce6aa68c2af1ad5d4b29d7f620331d84aa7d52b9a4a7fccfe2f08ba71f67148db7653599e4449cc0a76040ed6782c9cee6674290cf7600024189d5681b17dd3672e624658468ae436155780b9ab460596da0d54503627976fe5b92cb9b5c339b27d4f0906ced5afbc6bff7cee49536b647a71f8f535b79907fa5f9ee53ff0d051c49ea02da5027556e67475d1f93d7047644551770068afab9058604eef634d3d6a3b04bc22f710130bf64dbdd8d827b7203d209c083e5252ef46551fb8e08be5c7cf9a20b2820fcc3986e837a2ace797ab4ecca29ab85a4c9e36e978bade5d0bf8a3851b1048f12aa1d65860e6f3e6a42d87573a0bcb7ebe887d2974e257b018c6491a6174594f5b697566986cbaa164def10e672eabd8d377f4f0ccac1d207a55a5bcf96ac56dc9d81ef5c078a5694f1c064ec58c1539698be78a502f0cd86c88e48d5d6a5564e4400653da79c9351124edbb21b5f023ec8b2ae2db2c2d59875000230bdc01e0956da5dfdbbd06309893e84db17636b525ca627abdea540af87066803c21e15e32fa27b17576c1129fa6b70cce906967a235fbdc9877b2bc8c03885e1acc9825e7a649558744decbaf8edd9627def8ee36c5c3488b4265f460806ced0ceae52a54b61f53a82edb84934d8cbfbc2378200a23338cd89dc4f38b2d214101a6b5d1e4028041b430d4e01c481804d3ba88880976c18f0125391492aa9442e2c1d0b30c9e75faf2174d72e0452a4f6f8db8bc29a4372e164796048a11ea9ed7cf7eb61c29bac8bd16c3c6a115d155d18a426b821745e9c0b9604448a932149b8d41a809c53f15fba8956865805d85c4a1ad1e380614f878b6b2551bbb8cb06b3b8bc4d58a0a8de60d0478005d7c9a6e8ba800109e2716d54c05e1a7eced8792fa42412b2ad938f3ea8743706d9973789d220576d051a862f24a294102ec0f5258749f7cf9b5b588de7c49979958d9954163080aa1d3020a4a7e9048ff98e465fc8eb45a3542b191deaec96fd1796222c483ed24b455059298ff2c4932eeba64bf99ce077f980485150e0b57d07f9842695560623c63cf30177d124a584dd526cacb9c94ffc37e67d94df134d0cb304b211422a253f494b3d3a2323aafdf4a01f29c84f6af8d6fd1c22e2dafd8de8c398f2aca54521333839b73cebe459aed651a7b6d0d5970a6cfb49f0472d0016c1f660c003087efb4f85358ae2eae9abff91df00888ad6cad65325817340dcaf4de16135f3cca7ad73a032d7fcda619750533f872d82e93e88f7bb554fdae3ab213a834accd12b42a67ffc2f3cc55faf7decd0106467c242b222b275b4d2ebd0dc5427c612aa7dc91e2b538049a97bd63b59622f975af80aebf107b1623314d495b9bb1b37fbcb0009ce6e9a63ad552b5830322b6e74b65ca7b54ab9ed2003ebc4ace263b03025b317c38d29a0fe02f9965da8e3d06ab92eb130fe22da028ee74b41fb9026157484fc1cccead71a1bdd71a314b69d9c2a79cc28e583680c76e9c6e7913a7a82a3c650c95b5ba5ad01adf33ee610fcdd494c863577c8f17d7496da7eea285e3cee971cc09c832af0612e32ef01a199ea581e1cb45c638f359fd0a4cb2da19adc0dc83f4fb37e2291eaba1c45dcd3089f69237edfdc9cf949efcebff479f7b8a1e1854a1f0bffefe30c2d54055503d710d28b0d2fd6827742adabf988bec3a0c5a759ce2d4814317dade2849510752eb3534c29fe62d396216322bee5e9732979dc656fbc5f2220211b8df449ddddcdd58f5a4ea23295a13d448ca52a509998739f4c8bdc57deca1bf109115bf6da335b9b8e310f981693467b9c5dbc9e298dfdaad9d36919f2b2c380d537142d31437a408da2e6f963d7feb03e09b9e1e6f1e2fc83a35c1baa1696e81d35b08481a26402fc27b1ba00d8bd9695c48894ec34c30a3c5dfe169c7e765ac7038738b3785a74d504b19fafd027b375e044313bd6c933934b56e7700e7d2a4fffde936d0c93b2fad462328e6bb07abe531ee2821839d2915d360cc88142e8b62057bb5acd5fac4e80841f532ceff9de23c4d5580c460c120032aab97d60ee9d4dd899474e87907dbcf3aecb651e1cfbd3f5cb0431c650c6ec5cd66fbe07c8b375ee7d06f612a8655d1b11af0d03dc4cc877849aaef91825da3ad17f6af0ecb269754ac4f15ab6417f3e421cb1b5fccd5d49120984a124b9a9948fd1b00f1cb6f5bfec258485f896daeb1a8c35d7a8268ef22f653d0e7a4a5c01716d113d1a187e4be5405bb83fa438ee0608da1a82acca181444b1d8272abfa4db5b0eebb73ce37d7c6556ede1bb7d4c20e0af0d6da618ff275ec8ecef60f1d1ac66c9fbf53528f4faded801330fcc20da4f7c7566e13791090defa05a13c42fcde83b7d6e7ded392fef5f617658d6d50f0e45f5d9c3351a801987bbe6b90f1d074a439e1e3ccd25766f42646428d65ca629ff0d4193686b7a34235c4fcfbd6061d15d4fd83931b0c8c3a3aaf9dfa6c8f9cfa9add678b7ffd625b8e797e274590af182092130422d8b6bbb81741555a0cd58b208ace64b2838fb9a98b4847eb752838a5fa871526dce30bce7ed4ea81c6825f32321cbacdf3315af50eb58432a0d4aad41659c606cdffd3acc58c8ec9ea712aa55c9cf42ced57db3fb04bb7090bcc014cb139408b0f257905d56682a47cb7e918a8804f971970a62f1c7c514974ee3b43fd2a4ba36306ad9097a8247fb4584557a29feff0adbfcb1d484d65be7dae0e65492aca1bc12ab71f2ac71c57e309695d2032306721564a259add456ed617d8490ccdd4a7dcdf8640c90fb7aaecce7620703fe70fe615d388607af7fbdcca4a7195d31620bd876d7d6571431fffedd81c80e2b482432e0fd764c5715a3817b029263f6d0634aa3855536287693ac37e18bd744f5278587a1c7a37457f06a3ab9a0a5fabee46f87732b1661881d82b7a1a74b7c772d7200071dbed9ab8e7c262dcbe6a7aa19e6292857b6486364c90a5e799e3e13f4f78ee652f22303be0e0213971833449d93d6d86a4c73f9c2bd6e86019870ed1aca86f8c5070ffcba297b7dae317dc4d5a72b805b9892a03f1384cb5c5651a6e9ab6d695343c693c95856b17f82a83ae44b37b4e178cdb451e0a50b69016cc4c5f0d483a91d5c26a0c93f825d1ef6a072e76c4284152b2087de108ae236e5dc71dc96e5436d82cd270586d3674c2cf37bdd495e7b85c3d05a0d492a0e0a84c27b19c82721ea1b43ffd83a4af045eb647803825273df132c14b1c770ec659911507cd25f6c1e45358dddffc60fb8947a7b96d7fc05f079d0fe2a5947fb441e66291892e3b2fac3d1f9fed00789e08d3d4ff115ab00fd5592a54e25c3f4349e97804f9f10c03a3aa17e665b038fa9d05b9f50b3005a7847d3c106c01ab07d635b7d892e7f8cfebb3b4c5647be2e82faeeab5b877ee613bf1c64d02c9eaf79de5cf7eb468c7bb3ebbcbd89c0d620f8c6be76d6d629c21c30653adc02bc7b3ed5771051ff22b9ace96e712205602efd0a1dc71d9131ea0137a3e21f6aca0a520878377d4a6e1a5939b27f6b82405d96f12c0cdca5a05fd5b57e12ab6b010d663b27cf788f1de351e1abab4af3adccaabc30e5268bbac3a3bf8984966e0c5e134c6d79dca5ec005826009d9236684dc9b016df58e0def06788e402654006ca0e3992ebc8cf5df3b56037ada2c172953cb61a3eafe0793ad72cb3c0c780a805b538a16030fe9be7681309242050c827fb1501e223c4f456e8b0de5da647d6ead4af07e126f28aa3ded0383e0bc060c0bb3c47cb04fc5985ee76d8be03f7ef09ab0a1850ab62a52dbfbf4d888b0de8755723f83321139e42c4274085b7d84a645f0cbbb5f5bd391be51ffe634cff99c4be73630ae72a696f3d96ac1bdfa81708afea24e84e165648ea0df1dd6d9d18fb7816ee1f630da5f6acf978d60436ee96bf3ddac76a4608e426698ed6696cda93a5a11f72f72d7086a116339c40465caf297f7231c9aa34d82fda5052c418bb2b44b3bf44e62f3a012b88addeae1d28af239621e3763e344c7334bfe99938a742f6f1a56025174ae3c785ca44e6dcdf8d2a0f2133f6d71253462b2c9bfb1270edf119a0b4e283726b0a8437bafb914d2dc10c758eb48331029c2e3eac4d6c579f8f4f1a9eb913087b2dbfce629753cbb4df1165605de8bf5459b060c78e1b71df86d84a19765673928352649bae5ef22d13eea447d241e3d87d65a5a6d0cb57f444ba9c0c78f617a163b8e0f53357b0173809f0ec3956b7582a78e2f2539dd6a9f38e85806fccfc6a07f662c1fa0c4c82d9d51ed965ef8969d269a"})
syz_usb_connect(0x5, 0x1b, &(0x7f00000000c0)=ANY=[@ANYBLOB="120150029457071071133290496101020301090209000000faa00207559b947369fc2fb84361fc3bc7fbd8e231d23bcfb3c8f4439834addf81960fe7abf904f92fe99169e09f1f1475b549a361d7e2eb12dff32fa9cc57331053884997a396af447cfb1aac612dfbfb2fa0770942d6ade83ca810b21c9f153df16dde7ebce6f8373a89"], &(0x7f0000002380)={0x0, 0x0, 0x14, 0x0})
setsockopt$sock_int(r3, 0x1, 0xb, &(0x7f0000000000)=0x5, 0x4)

1m1.184583413s ago: executing program 2 (id=1821):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_DELCHAIN={0x58, 0x5, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_CHAIN_HOOK={0x18, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'wlan1\x00'}]}, @NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWTABLE={0x100, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x58, 0x6, "83f6c371bfe7a4d403918477c019bfd7c73660ac930f41db5b4064d81118dc230785f93729568c96faa62be906adf64229f5bf041182b0c362d203a3c8140fd5efc68f47fb69b73067fa122bc2a1e5df18133677"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_USERDATA={0x70, 0x6, "c0916ec16f0c2cdd03d1c79ae411136f21c70c533432d3f5cd113edac8e1847e20cddfdf3febbaf13e6dcd8f1b734e9ae2516f6817bb3925190d51de80f3e434ffda4c425dd2698d367e735557215453ece763f2a189df9a57947247c690b7941a364c46aafcb87644ff1568"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x180}, 0x1, 0x0, 0x0, 0x4810}, 0x10)
ioctl$XFS_IOC_SCRUBV_METADATA(r0, 0xc0285840, &(0x7f0000000280)={0x2, 0x1, 0x6, 0x0, 0xfffb, 0x3, 0x0, &(0x7f0000000240)=[{0x1, 0x1ff, 0x80000001}, {0x13, 0xfe, 0x3ff}, {0x15, 0x1ff, 0x5}]}) (async)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$XFS_IOC_SWAPEXT(r0, 0xc0c0586d, &(0x7f0000000300)={0x0, r1, r0, 0x4000000000000000, 0x80, '\x00', {0x80000000, 0x1, 0xc6d7, 0xffffa14d, 0x2, 0x1, 0x1, 0x1, {0x4, 0xcf}, {0x74b0d377, 0x81}, {0x7, 0x2}, 0x4, 0x81, 0x7, 0x1, 0x3, 0x3, 0x5, 0x80, 0x7, 0x1000, '\x00', 0x4, 0xfff, 0xa, 0xffff}})
splice(r0, &(0x7f00000003c0)=0x10000, r1, &(0x7f0000000400)=0xffffffffffffffff, 0x3, 0x8) (async)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
ioctl$FBIOPAN_DISPLAY(r2, 0x4606, &(0x7f0000000480)={0x578, 0x640, 0x190, 0x280, 0x3, 0x1, 0x1, 0x1, {0x8, 0x131e1744}, {0x7, 0x4}, {0x5, 0x14}, {0x0, 0x8}, 0x0, 0x1, 0x3, 0x0, 0x1, 0x8, 0x1a, 0x8, 0xd, 0x2, 0x8000, 0x1000, 0x9, 0x2, 0x2, 0x5}) (async, rerun: 32)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000540), 0x4000, 0x0) (async, rerun: 32)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000740)={&(0x7f0000000600)={0x124, r4, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1e}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x12, 0x1a}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3a}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffffffaa}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7f}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x64010102}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xe, 0x10}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x9d2cab05183b7a87, 0x28}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x5}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x59}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}]}, 0x124}}, 0x4000804) (async, rerun: 64)
setsockopt$inet6_tcp_TLS_RX(r3, 0x11a, 0x2, &(0x7f00000007c0)=@gcm_128={{0x303}, "597e446dc2b6ed21", "b6d170393c446b03219e08ef6352a080", "16847f46", "123d2aaf5fe372b0"}, 0x28) (async, rerun: 64)
ioctl$XFS_IOC_FSGEOMETRY(0xffffffffffffffff, 0x8100587e, &(0x7f0000000800))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000900)) (async, rerun: 64)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r3) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000009c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r3, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x70, r5, 0x8, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x101, 0x74}}}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "d43ca2a79c0440f882ddeb2370eb6431"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x29}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x3a}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x46}, @NL80211_ATTR_PMKID={0x14, 0x55, "97bc25c8116d3db7052ec6a6bc5ca14f"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5f}]}, 0x70}, 0x1, 0x0, 0x0, 0x24040800}, 0x4000) (async)
socket$netlink(0x10, 0x3, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b80)={{r3}, &(0x7f0000000b00), &(0x7f0000000b40)=r3}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000e00)={r3, 0x20, &(0x7f0000000dc0)={&(0x7f0000000c80)=""/29, 0x1d, <r7=>0x0, &(0x7f0000000cc0)=""/248, 0xf8}}, 0x10) (async)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000e40)={{0x1, 0x1, 0x18, <r8=>r2}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x7, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffff001}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, @jmp={0x5, 0x1, 0x5, 0x9, 0x6, 0xfffffffffffffff4, 0x10}]}, &(0x7f0000000c00)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c40)={0x3, 0x6, 0x0, 0x7fffffff}, 0x10, r7, r8, 0x1, 0x0, &(0x7f0000000e80)=[{0x4, 0x2, 0x5, 0x7}], 0x10, 0x4}, 0x94) (async, rerun: 64)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r8, 0x8982, &(0x7f0000000f80)) (rerun: 64)
ioctl$CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000fc0)={0x758c, 0x516, 0x5, 0x3, 0x4, 0x3, "d8a7b08f8e670120d933dab668e67f5d", 0x4, 0x5, 0x3, 0xa, 0x0, 0x6, 0x3})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000001000)={0x0, <r9=>0x0})
prlimit64(r9, 0x5, 0x0, &(0x7f0000001080))
fstat(r0, &(0x7f00000010c0)) (async)
ioctl$KVM_CAP_MAX_VCPU_ID(r8, 0x4068aea3, &(0x7f0000001140)={0x80, 0x0, 0x3}) (async)
ioctl$UI_SET_ABSBIT(r8, 0x40045567, 0x4) (async)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x34, r5, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xb}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000090}, 0x40000)

1m0.88241734s ago: executing program 2 (id=1823):
syz_emit_ethernet(0xc6, &(0x7f0000000140)={@local, @link_local, @val={@val={0x88a8, 0x6, 0x1}, {0x8100, 0x1, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x7, 0xb0, 0x0, 0x0, 0x7f, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x1}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr]}}, 0x0, 0x26}, 0x28)
socket$unix(0x1, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x7, 0x37, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x10000)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r6, &(0x7f0000000780)=""/185, 0xb9, 0x40000000003c)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010800040000000000000b00200008000300", @ANYRES32=r7, @ANYBLOB="0a000600080211000001000030005080110001004abee33908f8eef16f162471f400000008000700000000000500020002000000080003"], 0x58}}, 0x0)

59.815748813s ago: executing program 2 (id=1826):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = userfaultfd(0x801)
read(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, 0x0)
inotify_init()
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000aae000000100000000000000000000000000000000000000000000008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800010000000000000000000000010000000033"], 0xf8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\v\x00\x00\x00B\x00\x00\x00>'], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6}, 0x0, 0x0}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000001c0), 0x13f, 0x6}}, 0x20)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180), 0x2, 0x4}}, 0xe)
r8 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_DQBUF(r9, 0xc0585611, &(0x7f00000000c0)=@userptr={0x40, 0xd, 0x4, 0x850, 0x762e500, {0x77359400}, {0x3, 0x0, 0x1, 0x1d, 0x9, 0x6, "09a1bd6b"}, 0x3, 0x2, {0x0}})
syz_usb_control_io(r1, 0x0, 0x0)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

59.779146646s ago: executing program 3 (id=1827):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000b1e000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0xe1}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xc0000000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x1, 0x80, 0x0, 0x0, 0x6, 0x7d, 0x0, 0x6, 0x800101, 0x0})
socket$nl_route(0x10, 0x3, 0x0)

55.532130504s ago: executing program 1 (id=1837):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)
ioctl$TCXONC(r0, 0x540a, 0x3)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000380))
r2 = getpid()
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_pidfd_open(r2, 0x0)
setns(r4, 0x24020000)
syz_clone(0xb2168400, 0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f0000001400)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x1, 0x9, 0x1c, 0x100, 0x3, 0x3, 0x6, 0x2cb, 0x38, 0x212, 0x100, 0x9, 0x20, 0x3, 0x10, 0x7, 0x7}, [{0x1, 0x2, 0x9, 0x38235930, 0x493, 0xb, 0x7fffffff, 0x7f}, {0x60000000, 0x2, 0x8, 0x1, 0xe, 0x28000000, 0x9e, 0x35}, {0x7, 0x2, 0x4, 0x7, 0x9, 0xd, 0x9, 0x54df}], "d91b84b6fc9aba3090f715b9533b2f9bb9cbdf1f499ca90733273cbb522b557e9a369bca4dfaf533ed9dfe719f302acffcb520ca3cff6dd4b69c9dc93972d576e825ffaa8fade53a5ba444df39713079c2d46ec732a69c1ada98c4ac9141240b8fd2b0e8a7d486fed57722639945809b7a4854b5dc9250ac7f800c84647357bbdeb54e6177ed7a6400e9e307158f77cb8e022eea7e736663fcab5027c122e4a0e25558756a77e1e9dd12d4cc21f95824b19da81d0dcafa336c9c03a22e583618015ac90768813b6261822390a9a22909db850ff5343b39da72e7ef4e462bca3b96e9f3192933c64a6d", ['\x00', '\x00', '\x00']}, 0x481)
socket$nl_route(0x10, 0x3, 0x0)
setpriority(0x1, 0x0, 0xe0000000000000)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000013c0)={0x62, 0x3b, 0x6, 0x3, 0x1000, 0x8, &(0x7f00000003c0)="e09d3c6c1b06c377c7f3c162dd431795dd6e3bd19350bead409fdc4d8b8a19846b3b9556971628c08ff22faf049d4ace98ba5f3f48fbda9fc0a950812d5a4135cd0d8df6fa43a3a0dac151b104fb3433d2070e75266beadcddf75469a47e857728be22fca0173d416a935c5b4523bda679e34a54df34c2b68704f3ba8b4e41dedaf6417896bf30b6cf31163d74e70fa27cb11fa4b711f9d6b3c4eaf8d03c87e26460b9ce3df023dbca231d60ad5abd2698a57d0398d1191d5510efddf42de82782a275c614a2a7348ed5148324d94dc91ef39cdb50850c25d2d6f6fa0e85bb4ecdee05cfc431109505780d548b898d6a422e7d880bcecb2c0bde5b86134eb317ed743ce76dedd7654d1ed0178f3736d72954dddce68c1fee1851b447197118cf235850fc38496a28148f146d2b2997ba4e19368131f0ac49d03d63fe180db6f924f79ed338f9be4ad7128d62c669d7d7f6cffce2b634d77afa4a4f9f7040ce302d176ae8afb32480baa06468e30f8658a09079fccc8f92f870b12ec3082c285093dbdef2e1efe753d47c515bc7c0e0bf33bdec150ec9e1443b221d0fe46ccf3db7046e5941752e6dab03573f782b19942a4d78d664c99353717434c93f337509bbb1d0c3448a08f5793346a15ba2968f00e0fdec9fe3aee71d20e81cd4797104635360a643e50b93f065d95c8172b02aa1a444235fde5bf2982c1d5e41d727803100b79b44c315edb89273b28de674d9ca36f614e6d75d382fa886cc4b290e5d39b5319dc22f20963768b5df719048781dd7f34d0a261ea1bb010c33aa9076ceaa6ce3989624687cc79cc2a9729acade019e1f2f6163ff911a354db4cb8d06b875323b17e87aac9f6dbbac2ce387d6ac9f69e9fd396e61642096eeeff2fc93f29335e71113f44f22eaa060336152fac10af21a27edbb8ea8fd24fe7eb608f6adccc0b3e658b169bb068cd3220b18a0a145c57a95c42b510b64ff6cfbbdfda242534c4a19eea20afee6cdcf7aedfdd9efec0606aff7064190fa6cedd1ef9d807085425893abcf997e18345e5d04e31ceeb583f817b83dbcbf58db5da9980854158a5b73811382b92515b68ccab9fefebf25ae04506d5ee06bfea87068df750ef67b40fc0bb78d0bec0e432caba699f32d51d6908222ce55f36d2d62c3642cdf156723a6b87f1bbb2419c85598bd38fbb8fd27f5ef676250735b2222d5f725b2b7523e858d1c38c94cafeb4dddeb0264300d520e22a30868c5f02203c59efb57f905ef662146a49676f334041a1989b6e20bcab71902bf3d20604e9e7840174b1fb8a9c55321ac0666ba8a87c4e88ee0ec7cc9a26a1b302c6406552b4463d949cdb9afae2949e9ac0bacc8674f0a445643d3cc4916a8819a7baf1590d8a6154d6dcbcbf8e89fdf5a150d4cc8b592d05cb42e7157665c8d14d5a0364442c9d321d3f224dc398ce6aa68c2af1ad5d4b29d7f620331d84aa7d52b9a4a7fccfe2f08ba71f67148db7653599e4449cc0a76040ed6782c9cee6674290cf7600024189d5681b17dd3672e624658468ae436155780b9ab460596da0d54503627976fe5b92cb9b5c339b27d4f0906ced5afbc6bff7cee49536b647a71f8f535b79907fa5f9ee53ff0d051c49ea02da5027556e67475d1f93d7047644551770068afab9058604eef634d3d6a3b04bc22f710130bf64dbdd8d827b7203d209c083e5252ef46551fb8e08be5c7cf9a20b2820fcc3986e837a2ace797ab4ecca29ab85a4c9e36e978bade5d0bf8a3851b1048f12aa1d65860e6f3e6a42d87573a0bcb7ebe887d2974e257b018c6491a6174594f5b697566986cbaa164def10e672eabd8d377f4f0ccac1d207a55a5bcf96ac56dc9d81ef5c078a5694f1c064ec58c1539698be78a502f0cd86c88e48d5d6a5564e4400653da79c9351124edbb21b5f023ec8b2ae2db2c2d59875000230bdc01e0956da5dfdbbd06309893e84db17636b525ca627abdea540af87066803c21e15e32fa27b17576c1129fa6b70cce906967a235fbdc9877b2bc8c03885e1acc9825e7a649558744decbaf8edd9627def8ee36c5c3488b4265f460806ced0ceae52a54b61f53a82edb84934d8cbfbc2378200a23338cd89dc4f38b2d214101a6b5d1e4028041b430d4e01c481804d3ba88880976c18f0125391492aa9442e2c1d0b30c9e75faf2174d72e0452a4f6f8db8bc29a4372e164796048a11ea9ed7cf7eb61c29bac8bd16c3c6a115d155d18a426b821745e9c0b9604448a932149b8d41a809c53f15fba8956865805d85c4a1ad1e380614f878b6b2551bbb8cb06b3b8bc4d58a0a8de60d0478005d7c9a6e8ba800109e2716d54c05e1a7eced8792fa42412b2ad938f3ea8743706d9973789d220576d051a862f24a294102ec0f5258749f7cf9b5b588de7c49979958d9954163080aa1d3020a4a7e9048ff98e465fc8eb45a3542b191deaec96fd1796222c483ed24b455059298ff2c4932eeba64bf99ce077f980485150e0b57d07f9842695560623c63cf30177d124a584dd526cacb9c94ffc37e67d94df134d0cb304b211422a253f494b3d3a2323aafdf4a01f29c84f6af8d6fd1c22e2dafd8de8c398f2aca54521333839b73cebe459aed651a7b6d0d5970a6cfb49f0472d0016c1f660c003087efb4f85358ae2eae9abff91df00888ad6cad65325817340dcaf4de16135f3cca7ad73a032d7fcda619750533f872d82e93e88f7bb554fdae3ab213a834accd12b42a67ffc2f3cc55faf7decd0106467c242b222b275b4d2ebd0dc5427c612aa7dc91e2b538049a97bd63b59622f975af80aebf107b1623314d495b9bb1b37fbcb0009ce6e9a63ad552b5830322b6e74b65ca7b54ab9ed2003ebc4ace263b03025b317c38d29a0fe02f9965da8e3d06ab92eb130fe22da028ee74b41fb9026157484fc1cccead71a1bdd71a314b69d9c2a79cc28e583680c76e9c6e7913a7a82a3c650c95b5ba5ad01adf33ee610fcdd494c863577c8f17d7496da7eea285e3cee971cc09c832af0612e32ef01a199ea581e1cb45c638f359fd0a4cb2da19adc0dc83f4fb37e2291eaba1c45dcd3089f69237edfdc9cf949efcebff479f7b8a1e1854a1f0bffefe30c2d54055503d710d28b0d2fd6827742adabf988bec3a0c5a759ce2d4814317dade2849510752eb3534c29fe62d396216322bee5e9732979dc656fbc5f2220211b8df449ddddcdd58f5a4ea23295a13d448ca52a509998739f4c8bdc57deca1bf109115bf6da335b9b8e310f981693467b9c5dbc9e298dfdaad9d36919f2b2c380d537142d31437a408da2e6f963d7feb03e09b9e1e6f1e2fc83a35c1baa1696e81d35b08481a26402fc27b1ba00d8bd9695c48894ec34c30a3c5dfe169c7e765ac7038738b3785a74d504b19fafd027b375e044313bd6c933934b56e7700e7d2a4fffde936d0c93b2fad462328e6bb07abe531ee2821839d2915d360cc88142e8b62057bb5acd5fac4e80841f532ceff9de23c4d5580c460c120032aab97d60ee9d4dd899474e87907dbcf3aecb651e1cfbd3f5cb0431c650c6ec5cd66fbe07c8b375ee7d06f612a8655d1b11af0d03dc4cc877849aaef91825da3ad17f6af0ecb269754ac4f15ab6417f3e421cb1b5fccd5d49120984a124b9a9948fd1b00f1cb6f5bfec258485f896daeb1a8c35d7a8268ef22f653d0e7a4a5c01716d113d1a187e4be5405bb83fa438ee0608da1a82acca181444b1d8272abfa4db5b0eebb73ce37d7c6556ede1bb7d4c20e0af0d6da618ff275ec8ecef60f1d1ac66c9fbf53528f4faded801330fcc20da4f7c7566e13791090defa05a13c42fcde83b7d6e7ded392fef5f617658d6d50f0e45f5d9c3351a801987bbe6b90f1d074a439e1e3ccd25766f42646428d65ca629ff0d4193686b7a34235c4fcfbd6061d15d4fd83931b0c8c3a3aaf9dfa6c8f9cfa9add678b7ffd625b8e797e274590af182092130422d8b6bbb81741555a0cd58b208ace64b2838fb9a98b4847eb752838a5fa871526dce30bce7ed4ea81c6825f32321cbacdf3315af50eb58432a0d4aad41659c606cdffd3acc58c8ec9ea712aa55c9cf42ced57db3fb04bb7090bcc014cb139408b0f257905d56682a47cb7e918a8804f971970a62f1c7c514974ee3b43fd2a4ba36306ad9097a8247fb4584557a29feff0adbfcb1d484d65be7dae0e65492aca1bc12ab71f2ac71c57e309695d2032306721564a259add456ed617d8490ccdd4a7dcdf8640c90fb7aaecce7620703fe70fe615d388607af7fbdcca4a7195d31620bd876d7d6571431fffedd81c80e2b482432e0fd764c5715a3817b029263f6d0634aa3855536287693ac37e18bd744f5278587a1c7a37457f06a3ab9a0a5fabee46f87732b1661881d82b7a1a74b7c772d7200071dbed9ab8e7c262dcbe6a7aa19e6292857b6486364c90a5e799e3e13f4f78ee652f22303be0e0213971833449d93d6d86a4c73f9c2bd6e86019870ed1aca86f8c5070ffcba297b7dae317dc4d5a72b805b9892a03f1384cb5c5651a6e9ab6d695343c693c95856b17f82a83ae44b37b4e178cdb451e0a50b69016cc4c5f0d483a91d5c26a0c93f825d1ef6a072e76c4284152b2087de108ae236e5dc71dc96e5436d82cd270586d3674c2cf37bdd495e7b85c3d05a0d492a0e0a84c27b19c82721ea1b43ffd83a4af045eb647803825273df132c14b1c770ec659911507cd25f6c1e45358dddffc60fb8947a7b96d7fc05f079d0fe2a5947fb441e66291892e3b2fac3d1f9fed00789e08d3d4ff115ab00fd5592a54e25c3f4349e97804f9f10c03a3aa17e665b038fa9d05b9f50b3005a7847d3c106c01ab07d635b7d892e7f8cfebb3b4c5647be2e82faeeab5b877ee613bf1c64d02c9eaf79de5cf7eb468c7bb3ebbcbd89c0d620f8c6be76d6d629c21c30653adc02bc7b3ed5771051ff22b9ace96e712205602efd0a1dc71d9131ea0137a3e21f6aca0a520878377d4a6e1a5939b27f6b82405d96f12c0cdca5a05fd5b57e12ab6b010d663b27cf788f1de351e1abab4af3adccaabc30e5268bbac3a3bf8984966e0c5e134c6d79dca5ec005826009d9236684dc9b016df58e0def06788e402654006ca0e3992ebc8cf5df3b56037ada2c172953cb61a3eafe0793ad72cb3c0c780a805b538a16030fe9be7681309242050c827fb1501e223c4f456e8b0de5da647d6ead4af07e126f28aa3ded0383e0bc060c0bb3c47cb04fc5985ee76d8be03f7ef09ab0a1850ab62a52dbfbf4d888b0de8755723f83321139e42c4274085b7d84a645f0cbbb5f5bd391be51ffe634cff99c4be73630ae72a696f3d96ac1bdfa81708afea24e84e165648ea0df1dd6d9d18fb7816ee1f630da5f6acf978d60436ee96bf3ddac76a4608e426698ed6696cda93a5a11f72f72d7086a116339c40465caf297f7231c9aa34d82fda5052c418bb2b44b3bf44e62f3a012b88addeae1d28af239621e3763e344c7334bfe99938a742f6f1a56025174ae3c785ca44e6dcdf8d2a0f2133f6d71253462b2c9bfb1270edf119a0b4e283726b0a8437bafb914d2dc10c758eb48331029c2e3eac4d6c579f8f4f1a9eb913087b2dbfce629753cbb4df1165605de8bf5459b060c78e1b71df86d84a19765673928352649bae5ef22d13eea447d241e3d87d65a5a6d0cb57f444ba9c0c78f617a163b8e0f53357b0173809f0ec3956b7582a78e2f2539dd6a9f38e85806fccfc6a07f662c1fa0c4c82d9d51ed965ef8969d269a"})
syz_usb_connect(0x5, 0x1b, &(0x7f00000000c0)=ANY=[@ANYBLOB="120150029457071071133290496101020301090209000000faa00207559b947369fc2fb84361fc3bc7fbd8e231d23bcfb3c8f4439834addf81960fe7abf904f92fe99169e09f1f1475b549a361d7e2eb12dff32fa9cc57331053884997a396af447cfb1aac612dfbfb2fa0770942d6ade83ca810b21c9f153df16dde7ebce6f8373a89"], &(0x7f0000002380)={0x0, 0x0, 0x14, 0x0})
setsockopt$sock_int(r3, 0x1, 0xb, &(0x7f0000000000)=0x5, 0x4)

55.53017108s ago: executing program 2 (id=1838):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x8000000, 0xe, 0x10001, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x40, '\x00', 0xb}, {0xff, 0x7f, 0x9, '\x00', 0x6}, {0x0, 0x5, 0xd4, '\x00', 0xf8}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xdf}, {0x71, 0xd7, 0xf1, '\x00', 0x7b}, {0x3, 0x4, 0xc}, {0x7f, 0xd, 0xb, '\x00', 0xb}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x0, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0xff, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0x9, 0x5, '\x00', 0xc}, {0x7, 0xe1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x8}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x44}]}})

55.310497052s ago: executing program 2 (id=1839):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10b500, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r4, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b00001400078008000500f2ff0000080003008100"], 0x40}, 0x1, 0x0, 0x0, 0x2404c001}, 0x40)
ppoll(&(0x7f0000000300)=[{r4, 0x3328}, {r3, 0x4236}], 0x2, 0x0, 0x0, 0x0)
close(r2)
ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x8000000000000000, 0x2000, 0xfb7f0000})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b)
ioctl$KVM_CAP_VM_TYPES(r9, 0x4068aea3, &(0x7f0000000140)={0xeb, 0x0, 0xe})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="1808000064560000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca9000000000000b5090100000000009500000000000000b509000002000000639a04fe00000000b509000000000000c39a00fee1000000bf8600000000000000000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000cdeb1c677f643087f847c33d1d84d65324624c6901595471f6fe3abc81681db0546d1425e3af80e7b99a0d92de99dc15c032cc55f9fb3ffa52ae720bd90676a3b87275cd61380c821839b354e20b4fb9fed2e310a20510bd05092b84e7e918df3ab0fb8c65c66dc0f45cc99995b3a668374e386f7909743ebcfb6180510addb1cbf55959e218db633630ef887d72a548a2758052f0e7d238a1738f09d16fbd7c9a1b43964d55eb76d6c72b7d4fd9be22cc7ed3e2f265e2dd7e087a4dcd0dbce648d1f4507f2464694fb6e110fde7efc77e8a483b60", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

52.231493187s ago: executing program 1 (id=1841):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c00010062"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000080)='2', 0x1}], 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="84000000180001002cbd7000ffdbdf251d0107000c000b00040000a00300008015000100030000a006000000bac45f9ce14233bd0000000008000900", @ANYRES32=r7, @ANYBLOB="0c000b00000000e0020000a015000200010000a0070300007f15f0386605000b0200000008000a"], 0x84}}, 0x0)
r8 = io_uring_setup(0x1ad2, &(0x7f0000000040)={0x0, 0xae7b, 0x0, 0xfffffffe, 0x3d0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20084080)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r10, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
r11 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00')
read$FUSE(r11, &(0x7f00000001c0)={0x2020}, 0x2020)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r10, 0xc058565d, &(0x7f0000000200)=@multiplanar_overlay={0x7, 0x1, 0x4, 0x10, 0x1, {}, {0x3, 0xb9b4223d5bd9c2ac, 0x8a, 0x81, 0xff, 0xd8, "b55576a9"}, 0x0, 0x3, {&(0x7f0000000180)=[{0x1, 0x1, {0x2}, 0xfb}, {0xff, 0x8ea, {0x850}, 0x6}]}, 0x5, 0x0, r11})
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x10010, r8, 0xffffe000)

49.734669601s ago: executing program 1 (id=1843):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_KEY={0x18, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8f91}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x100}, 0x24000000) (fail_nth: 5)

48.27705638s ago: executing program 1 (id=1845):
truncate(0x0, 0xb)
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
splice(r1, &(0x7f0000000040)=0xd, r0, 0x0, 0x79c1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7fffffff}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc8b93000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r5 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
preadv(r6, &(0x7f0000000880)=[{&(0x7f0000000780)=""/222, 0xde}, {0x0}, {&(0x7f0000000500)=""/199, 0xc7}, {&(0x7f0000000700)=""/84, 0x54}], 0x4, 0x9, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

46.306460728s ago: executing program 1 (id=1849):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x8000000, 0xe, 0x10001, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x40, '\x00', 0xb}, {0xff, 0x7f, 0x9, '\x00', 0x6}, {0x0, 0x5, 0xd4, '\x00', 0xf8}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xdf}, {0x71, 0xd7, 0xf1, '\x00', 0x7b}, {0x3, 0x4, 0xc}, {0x7f, 0xd, 0xb, '\x00', 0xb}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x0, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0xff, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0x9, 0x5, '\x00', 0xc}, {0x7, 0xe1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x8}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x44}]}})

45.189610933s ago: executing program 1 (id=1850):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000040)='./bus\x00', 0x16)
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000080)={{}, {0x1, 0x3}, [], {}, [{0x20, 0x2}], {0x10, 0x6}}, 0x2c, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000380)=0x9, 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000008100), 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x20, 0x16, 0x107, 0x70bd2c, 0x25dfdbfe, {0x1d, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r0}]}]}, 0xfffffde4}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x149a82, 0x80)
write$cgroup_int(r2, &(0x7f0000000040)=0x800000000001e7, 0x12)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r2)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="8a450200000000002400128009000100626f6e6400000000140002800500010006000000080002002839"], 0x44}}, 0x40)
sendmsg$L2TP_CMD_SESSION_CREATE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042dbd7000fedbdf211d00000006001b004e230000"], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x20004814)

43.909644807s ago: executing program 32 (id=1827):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000b1e000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0xe1}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xc0000000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x1, 0x80, 0x0, 0x0, 0x6, 0x7d, 0x0, 0x6, 0x800101, 0x0})
socket$nl_route(0x10, 0x3, 0x0)

39.949230748s ago: executing program 33 (id=1839):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10b500, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r4, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b00001400078008000500f2ff0000080003008100"], 0x40}, 0x1, 0x0, 0x0, 0x2404c001}, 0x40)
ppoll(&(0x7f0000000300)=[{r4, 0x3328}, {r3, 0x4236}], 0x2, 0x0, 0x0, 0x0)
close(r2)
ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x8000000000000000, 0x2000, 0xfb7f0000})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b)
ioctl$KVM_CAP_VM_TYPES(r9, 0x4068aea3, &(0x7f0000000140)={0xeb, 0x0, 0xe})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="1808000064560000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca9000000000000b5090100000000009500000000000000b509000002000000639a04fe00000000b509000000000000c39a00fee1000000bf8600000000000000000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000cdeb1c677f643087f847c33d1d84d65324624c6901595471f6fe3abc81681db0546d1425e3af80e7b99a0d92de99dc15c032cc55f9fb3ffa52ae720bd90676a3b87275cd61380c821839b354e20b4fb9fed2e310a20510bd05092b84e7e918df3ab0fb8c65c66dc0f45cc99995b3a668374e386f7909743ebcfb6180510addb1cbf55959e218db633630ef887d72a548a2758052f0e7d238a1738f09d16fbd7c9a1b43964d55eb76d6c72b7d4fd9be22cc7ed3e2f265e2dd7e087a4dcd0dbce648d1f4507f2464694fb6e110fde7efc77e8a483b60", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

38.796295044s ago: executing program 4 (id=1857):
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x18, 0x68, 0x5fb9a818fb7378e9, 0x70bd2d, 0x25dfdbff, {0xa, 0x0, 0x1, 0x0, 0x4}}, 0x18}}, 0x4000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000600)="63e4ed8e46080000003389f7f986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x840000000002, 0x3, 0xff)
syz_open_dev$video(&(0x7f0000000280), 0x101, 0xab02)
write(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x1)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)

36.599264829s ago: executing program 4 (id=1858):
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r2, @ANYBLOB="05042bbd7000f6dbdf250100000008000100", @ANYRES32=r3], 0xa0}, 0x1, 0x0, 0x0, 0x4008491}, 0x44084)
process_vm_writev(0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/159, 0x9f}, {&(0x7f00000000c0)=""/225, 0xe1}, {&(0x7f00000001c0)=""/252, 0xfc}, {&(0x7f00000002c0)=""/177, 0xb1}, {&(0x7f0000000380)=""/166, 0xa6}, {&(0x7f0000000440)=""/243, 0xf3}], 0x6, 0x0, 0x0, 0x0)

33.878015597s ago: executing program 4 (id=1861):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x2, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[], 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xb, 0x0, 0x6, 0x2}, 0x10}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r4=>r1, {0x2}}, './file0\x00'})
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r4, 0x1e, &(0x7f0000000180), 0x1)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x4}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

31.753469345s ago: executing program 4 (id=1862):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_inet_SIOCGIFBRDADDR(r2, 0x8919, &(0x7f00000000c0)={'syz_tun\x00', {0x2, 0x0, @multicast2}})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r3, 0xc01864c2, &(0x7f0000000080)={0x0, 0x0, r0})
r4 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000001, 0x40010, r3, 0xd0f3c000)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000000)=0x1000000014)
ioctl$BLKRRPART(r4, 0x125f, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0)

31.138494149s ago: executing program 4 (id=1863):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="120000000e0000000800000002"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = socket$tipc(0x1e, 0x2, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2000002, 0xfffffffe}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x844, 0x4}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r3, 0x6b, 0x4, &(0x7f0000000200), &(0x7f0000000240)=0x4)
close(r1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x48}, 0x94)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x10})
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$UFFDIO_COPY(r7, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000180)=r6, 0x4)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x210800, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2000})
fcntl$setown(r3, 0x8, 0x0)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xd50, 0xfffffffffffffee0, &(0x7f0000000000)="259a53f271a76d2608204c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, 0x0, 0x0}, 0x20)

29.791938136s ago: executing program 34 (id=1850):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000040)='./bus\x00', 0x16)
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000080)={{}, {0x1, 0x3}, [], {}, [{0x20, 0x2}], {0x10, 0x6}}, 0x2c, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000380)=0x9, 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000008100), 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x20, 0x16, 0x107, 0x70bd2c, 0x25dfdbfe, {0x1d, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r0}]}]}, 0xfffffde4}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x149a82, 0x80)
write$cgroup_int(r2, &(0x7f0000000040)=0x800000000001e7, 0x12)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r2)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="8a450200000000002400128009000100626f6e6400000000140002800500010006000000080002002839"], 0x44}}, 0x40)
sendmsg$L2TP_CMD_SESSION_CREATE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042dbd7000fedbdf211d00000006001b004e230000"], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x20004814)

29.689403763s ago: executing program 0 (id=1865):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)
ioctl$TCXONC(r0, 0x540a, 0x3)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000380))
getpid()
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000080)={0x6, 0x0, &(0x7f0000000040)=[r2, 0xffffffffffffffff]}, 0x2)
setns(0xffffffffffffffff, 0x24020000)
syz_clone(0xb2168400, 0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f0000001400)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x1, 0x9, 0x1c, 0x100, 0x3, 0x3, 0x6, 0x2cb, 0x38, 0x212, 0x100, 0x9, 0x20, 0x3, 0x10, 0x7, 0x7}, [{0x1, 0x2, 0x9, 0x38235930, 0x493, 0xb, 0x7fffffff, 0x7f}, {0x60000000, 0x2, 0x8, 0x1, 0xe, 0x28000000, 0x9e, 0x35}, {0x7, 0x2, 0x4, 0x7, 0x9, 0xd, 0x9, 0x54df}], "d91b84b6fc9aba3090f715b9533b2f9bb9cbdf1f499ca90733273cbb522b557e9a369bca4dfaf533ed9dfe719f302acffcb520ca3cff6dd4b69c9dc93972d576e825ffaa8fade53a5ba444df39713079c2d46ec732a69c1ada98c4ac9141240b8fd2b0e8a7d486fed57722639945809b7a4854b5dc9250ac7f800c84647357bbdeb54e6177ed7a6400e9e307158f77cb8e022eea7e736663fcab5027c122e4a0e25558756a77e1e9dd12d4cc21f95824b19da81d0dcafa336c9c03a22e583618015ac90768813b6261822390a9a22909db850ff5343b39da72e7ef4e462bca3b96e9f3192933c64a6d", ['\x00', '\x00', '\x00']}, 0x481)
socket$nl_route(0x10, 0x3, 0x0)
setpriority(0x1, 0x0, 0xe0000000000000)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000013c0)={0x62, 0x3b, 0x6, 0x3, 0x1000, 0x8, &(0x7f00000003c0)="e09d3c6c1b06c377c7f3c162dd431795dd6e3bd19350bead409fdc4d8b8a19846b3b9556971628c08ff22faf049d4ace98ba5f3f48fbda9fc0a950812d5a4135cd0d8df6fa43a3a0dac151b104fb3433d2070e75266beadcddf75469a47e857728be22fca0173d416a935c5b4523bda679e34a54df34c2b68704f3ba8b4e41dedaf6417896bf30b6cf31163d74e70fa27cb11fa4b711f9d6b3c4eaf8d03c87e26460b9ce3df023dbca231d60ad5abd2698a57d0398d1191d5510efddf42de82782a275c614a2a7348ed5148324d94dc91ef39cdb50850c25d2d6f6fa0e85bb4ecdee05cfc431109505780d548b898d6a422e7d880bcecb2c0bde5b86134eb317ed743ce76dedd7654d1ed0178f3736d72954dddce68c1fee1851b447197118cf235850fc38496a28148f146d2b2997ba4e19368131f0ac49d03d63fe180db6f924f79ed338f9be4ad7128d62c669d7d7f6cffce2b634d77afa4a4f9f7040ce302d176ae8afb32480baa06468e30f8658a09079fccc8f92f870b12ec3082c285093dbdef2e1efe753d47c515bc7c0e0bf33bdec150ec9e1443b221d0fe46ccf3db7046e5941752e6dab03573f782b19942a4d78d664c99353717434c93f337509bbb1d0c3448a08f5793346a15ba2968f00e0fdec9fe3aee71d20e81cd4797104635360a643e50b93f065d95c8172b02aa1a444235fde5bf2982c1d5e41d727803100b79b44c315edb89273b28de674d9ca36f614e6d75d382fa886cc4b290e5d39b5319dc22f20963768b5df719048781dd7f34d0a261ea1bb010c33aa9076ceaa6ce3989624687cc79cc2a9729acade019e1f2f6163ff911a354db4cb8d06b875323b17e87aac9f6dbbac2ce387d6ac9f69e9fd396e61642096eeeff2fc93f29335e71113f44f22eaa060336152fac10af21a27edbb8ea8fd24fe7eb608f6adccc0b3e658b169bb068cd3220b18a0a145c57a95c42b510b64ff6cfbbdfda242534c4a19eea20afee6cdcf7aedfdd9efec0606aff7064190fa6cedd1ef9d807085425893abcf997e18345e5d04e31ceeb583f817b83dbcbf58db5da9980854158a5b73811382b92515b68ccab9fefebf25ae04506d5ee06bfea87068df750ef67b40fc0bb78d0bec0e432caba699f32d51d6908222ce55f36d2d62c3642cdf156723a6b87f1bbb2419c85598bd38fbb8fd27f5ef676250735b2222d5f725b2b7523e858d1c38c94cafeb4dddeb0264300d520e22a30868c5f02203c59efb57f905ef662146a49676f334041a1989b6e20bcab71902bf3d20604e9e7840174b1fb8a9c55321ac0666ba8a87c4e88ee0ec7cc9a26a1b302c6406552b4463d949cdb9afae2949e9ac0bacc8674f0a445643d3cc4916a8819a7baf1590d8a6154d6dcbcbf8e89fdf5a150d4cc8b592d05cb42e7157665c8d14d5a0364442c9d321d3f224dc398ce6aa68c2af1ad5d4b29d7f620331d84aa7d52b9a4a7fccfe2f08ba71f67148db7653599e4449cc0a76040ed6782c9cee6674290cf7600024189d5681b17dd3672e624658468ae436155780b9ab460596da0d54503627976fe5b92cb9b5c339b27d4f0906ced5afbc6bff7cee49536b647a71f8f535b79907fa5f9ee53ff0d051c49ea02da5027556e67475d1f93d7047644551770068afab9058604eef634d3d6a3b04bc22f710130bf64dbdd8d827b7203d209c083e5252ef46551fb8e08be5c7cf9a20b2820fcc3986e837a2ace797ab4ecca29ab85a4c9e36e978bade5d0bf8a3851b1048f12aa1d65860e6f3e6a42d87573a0bcb7ebe887d2974e257b018c6491a6174594f5b697566986cbaa164def10e672eabd8d377f4f0ccac1d207a55a5bcf96ac56dc9d81ef5c078a5694f1c064ec58c1539698be78a502f0cd86c88e48d5d6a5564e4400653da79c9351124edbb21b5f023ec8b2ae2db2c2d59875000230bdc01e0956da5dfdbbd06309893e84db17636b525ca627abdea540af87066803c21e15e32fa27b17576c1129fa6b70cce906967a235fbdc9877b2bc8c03885e1acc9825e7a649558744decbaf8edd9627def8ee36c5c3488b4265f460806ced0ceae52a54b61f53a82edb84934d8cbfbc2378200a23338cd89dc4f38b2d214101a6b5d1e4028041b430d4e01c481804d3ba88880976c18f0125391492aa9442e2c1d0b30c9e75faf2174d72e0452a4f6f8db8bc29a4372e164796048a11ea9ed7cf7eb61c29bac8bd16c3c6a115d155d18a426b821745e9c0b9604448a932149b8d41a809c53f15fba8956865805d85c4a1ad1e380614f878b6b2551bbb8cb06b3b8bc4d58a0a8de60d0478005d7c9a6e8ba800109e2716d54c05e1a7eced8792fa42412b2ad938f3ea8743706d9973789d220576d051a862f24a294102ec0f5258749f7cf9b5b588de7c49979958d9954163080aa1d3020a4a7e9048ff98e465fc8eb45a3542b191deaec96fd1796222c483ed24b455059298ff2c4932eeba64bf99ce077f980485150e0b57d07f9842695560623c63cf30177d124a584dd526cacb9c94ffc37e67d94df134d0cb304b211422a253f494b3d3a2323aafdf4a01f29c84f6af8d6fd1c22e2dafd8de8c398f2aca54521333839b73cebe459aed651a7b6d0d5970a6cfb49f0472d0016c1f660c003087efb4f85358ae2eae9abff91df00888ad6cad65325817340dcaf4de16135f3cca7ad73a032d7fcda619750533f872d82e93e88f7bb554fdae3ab213a834accd12b42a67ffc2f3cc55faf7decd0106467c242b222b275b4d2ebd0dc5427c612aa7dc91e2b538049a97bd63b59622f975af80aebf107b1623314d495b9bb1b37fbcb0009ce6e9a63ad552b5830322b6e74b65ca7b54ab9ed2003ebc4ace263b03025b317c38d29a0fe02f9965da8e3d06ab92eb130fe22da028ee74b41fb9026157484fc1cccead71a1bdd71a314b69d9c2a79cc28e583680c76e9c6e7913a7a82a3c650c95b5ba5ad01adf33ee610fcdd494c863577c8f17d7496da7eea285e3cee971cc09c832af0612e32ef01a199ea581e1cb45c638f359fd0a4cb2da19adc0dc83f4fb37e2291eaba1c45dcd3089f69237edfdc9cf949efcebff479f7b8a1e1854a1f0bffefe30c2d54055503d710d28b0d2fd6827742adabf988bec3a0c5a759ce2d4814317dade2849510752eb3534c29fe62d396216322bee5e9732979dc656fbc5f2220211b8df449ddddcdd58f5a4ea23295a13d448ca52a509998739f4c8bdc57deca1bf109115bf6da335b9b8e310f981693467b9c5dbc9e298dfdaad9d36919f2b2c380d537142d31437a408da2e6f963d7feb03e09b9e1e6f1e2fc83a35c1baa1696e81d35b08481a26402fc27b1ba00d8bd9695c48894ec34c30a3c5dfe169c7e765ac7038738b3785a74d504b19fafd027b375e044313bd6c933934b56e7700e7d2a4fffde936d0c93b2fad462328e6bb07abe531ee2821839d2915d360cc88142e8b62057bb5acd5fac4e80841f532ceff9de23c4d5580c460c120032aab97d60ee9d4dd899474e87907dbcf3aecb651e1cfbd3f5cb0431c650c6ec5cd66fbe07c8b375ee7d06f612a8655d1b11af0d03dc4cc877849aaef91825da3ad17f6af0ecb269754ac4f15ab6417f3e421cb1b5fccd5d49120984a124b9a9948fd1b00f1cb6f5bfec258485f896daeb1a8c35d7a8268ef22f653d0e7a4a5c01716d113d1a187e4be5405bb83fa438ee0608da1a82acca181444b1d8272abfa4db5b0eebb73ce37d7c6556ede1bb7d4c20e0af0d6da618ff275ec8ecef60f1d1ac66c9fbf53528f4faded801330fcc20da4f7c7566e13791090defa05a13c42fcde83b7d6e7ded392fef5f617658d6d50f0e45f5d9c3351a801987bbe6b90f1d074a439e1e3ccd25766f42646428d65ca629ff0d4193686b7a34235c4fcfbd6061d15d4fd83931b0c8c3a3aaf9dfa6c8f9cfa9add678b7ffd625b8e797e274590af182092130422d8b6bbb81741555a0cd58b208ace64b2838fb9a98b4847eb752838a5fa871526dce30bce7ed4ea81c6825f32321cbacdf3315af50eb58432a0d4aad41659c606cdffd3acc58c8ec9ea712aa55c9cf42ced57db3fb04bb7090bcc014cb139408b0f257905d56682a47cb7e918a8804f971970a62f1c7c514974ee3b43fd2a4ba36306ad9097a8247fb4584557a29feff0adbfcb1d484d65be7dae0e65492aca1bc12ab71f2ac71c57e309695d2032306721564a259add456ed617d8490ccdd4a7dcdf8640c90fb7aaecce7620703fe70fe615d388607af7fbdcca4a7195d31620bd876d7d6571431fffedd81c80e2b482432e0fd764c5715a3817b029263f6d0634aa3855536287693ac37e18bd744f5278587a1c7a37457f06a3ab9a0a5fabee46f87732b1661881d82b7a1a74b7c772d7200071dbed9ab8e7c262dcbe6a7aa19e6292857b6486364c90a5e799e3e13f4f78ee652f22303be0e0213971833449d93d6d86a4c73f9c2bd6e86019870ed1aca86f8c5070ffcba297b7dae317dc4d5a72b805b9892a03f1384cb5c5651a6e9ab6d695343c693c95856b17f82a83ae44b37b4e178cdb451e0a50b69016cc4c5f0d483a91d5c26a0c93f825d1ef6a072e76c4284152b2087de108ae236e5dc71dc96e5436d82cd270586d3674c2cf37bdd495e7b85c3d05a0d492a0e0a84c27b19c82721ea1b43ffd83a4af045eb647803825273df132c14b1c770ec659911507cd25f6c1e45358dddffc60fb8947a7b96d7fc05f079d0fe2a5947fb441e66291892e3b2fac3d1f9fed00789e08d3d4ff115ab00fd5592a54e25c3f4349e97804f9f10c03a3aa17e665b038fa9d05b9f50b3005a7847d3c106c01ab07d635b7d892e7f8cfebb3b4c5647be2e82faeeab5b877ee613bf1c64d02c9eaf79de5cf7eb468c7bb3ebbcbd89c0d620f8c6be76d6d629c21c30653adc02bc7b3ed5771051ff22b9ace96e712205602efd0a1dc71d9131ea0137a3e21f6aca0a520878377d4a6e1a5939b27f6b82405d96f12c0cdca5a05fd5b57e12ab6b010d663b27cf788f1de351e1abab4af3adccaabc30e5268bbac3a3bf8984966e0c5e134c6d79dca5ec005826009d9236684dc9b016df58e0def06788e402654006ca0e3992ebc8cf5df3b56037ada2c172953cb61a3eafe0793ad72cb3c0c780a805b538a16030fe9be7681309242050c827fb1501e223c4f456e8b0de5da647d6ead4af07e126f28aa3ded0383e0bc060c0bb3c47cb04fc5985ee76d8be03f7ef09ab0a1850ab62a52dbfbf4d888b0de8755723f83321139e42c4274085b7d84a645f0cbbb5f5bd391be51ffe634cff99c4be73630ae72a696f3d96ac1bdfa81708afea24e84e165648ea0df1dd6d9d18fb7816ee1f630da5f6acf978d60436ee96bf3ddac76a4608e426698ed6696cda93a5a11f72f72d7086a116339c40465caf297f7231c9aa34d82fda5052c418bb2b44b3bf44e62f3a012b88addeae1d28af239621e3763e344c7334bfe99938a742f6f1a56025174ae3c785ca44e6dcdf8d2a0f2133f6d71253462b2c9bfb1270edf119a0b4e283726b0a8437bafb914d2dc10c758eb48331029c2e3eac4d6c579f8f4f1a9eb913087b2dbfce629753cbb4df1165605de8bf5459b060c78e1b71df86d84a19765673928352649bae5ef22d13eea447d241e3d87d65a5a6d0cb57f444ba9c0c78f617a163b8e0f53357b0173809f0ec3956b7582a78e2f2539dd6a9f38e85806fccfc6a07f662c1fa0c4c82d9d51ed965ef8969d269a"})
syz_usb_connect(0x5, 0x1b, &(0x7f00000000c0)=ANY=[@ANYBLOB="120150029457071071133290496101020301090209000000faa00207559b947369fc2fb84361fc3bc7fbd8e231d23bcfb3c8f4439834addf81960fe7abf904f92fe99169e09f1f1475b549a361d7e2eb12dff32fa9cc57331053884997a396af447cfb1aac612dfbfb2fa0770942d6ade83ca810b21c9f153df16dde7ebce6f8373a89"], &(0x7f0000002380)={0x0, 0x0, 0x14, 0x0})
setsockopt$sock_int(r2, 0x1, 0xb, &(0x7f0000000000)=0x5, 0x4)

26.413798882s ago: executing program 4 (id=1866):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x5a8, 0x0, {}, {0x77359400}, {}, 0x1, @can={{0x0, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "5e7ad9a9df82d46a"}}, 0x48}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x25ffdbfc, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_ARP_OP={0x5, 0x3d, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

25.517456264s ago: executing program 0 (id=1867):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000050)

23.913504012s ago: executing program 0 (id=1868):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r1)
sendmmsg$alg(r1, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000600)="8b4efad9459f08282d662cbb788a96bffed9d0bacd80657f3cac600356fe667d18f545a3b175a706442b241be0a2567c90703acce7d9a42940c375c89c1bb489f90616095f98a44bbdc43262ebb02f06c2203b51c10ed0dc402d9edeaf264f445dac81ee8ff173582bb39e1ed1fbe15dc78029f2f7251fb4a913a7b44102935204dd07d88b7cf62bc026f175d5", 0x8d}], 0x1, 0x0, 0x0, 0x4051}], 0x1, 0x40800)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000240)=0x101, 0x6, 0x1)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
r3 = getpid()
kcmp(r3, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x1, &(0x7f0000000400), 0x4)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
ioctl$DVB_DEMUX_DMX_ADD_PID(r2, 0x40026f33, &(0x7f0000000100)=0x808c)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(r2, 0x40026f34, &(0x7f0000000040)=0x808c)

22.023819802s ago: executing program 0 (id=1869):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000407d1ef62c00000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)=ANY=[@ANYBLOB="7c01000010007a694f9a0000fcdbdf25ac1414aa000000000000000000e4ff0000000000000000000000000000800000000000024e210002020000001d000000d7025c63e673b7cd5d21be1fd1359bec2c4a86fd0d84314d720bdf146e5e1ce64b39725f03", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000000000000fe320000000000000000000000000000000000000006000000000000000000000000000000fdffffffffffffff080000000000000001000000000000000900000000000000000000000000000004000000000000000900000000000000ffffffffffffff7f03000000000000007af70000000000000300000000000000040000002cbd7000003500000200010050000000000000001c00040007004e246e200000640101020000000000000000000000006d001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080100006000000021046821a8d9737faa540db9a200000000c538e2cb9375686c749af25cb0fdc0b5000000"], 0x17c}}, 0x40)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000640)={0x5, &(0x7f0000000340)=[{0x21, '\x00', @st={0x4, [{0x0, @uvalue=0x9}, {0x0, @svalue=0x7f}, {0x3, @svalue=0x8000000000000000}, {0x2, @uvalue=0x6}]}, 0x80000084}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYRES8=r3, @ANYRES32=r3, @ANYBLOB="4d3a8ed56d39fbc287d490fb7430a999926bf7ef938f2d02921ae002e86b7850426cd0ee3ce2eb9ab844b290ec31d03edbc3453cb6099a416dd641c6383a8ffeedc14eee28801d092fd510016c066c6e1ee1dfd9c8d638db2c400e6c74d85c0b922348a72146c1bd7f7fee2e8b423b9125dcb40ac7124171670c2512cb03cd54c09c9141f8fb31d1b564db468558d5d438e3f39f7f3868e896ffecb39d2b925c1133dfb26d2a70d811a38522ad66621439185d0550af3912cf140c28a316a8", @ANYRESDEC=r3, @ANYRES8=r0], 0x50)
ioctl$FE_SET_TONE(r3, 0x6f42, &(0x7f0000000580)=0x1)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000b40)={{{@in6, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@private1}, 0x0, @in=@empty}}, &(0x7f0000000b00)=0x1)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x84b, &(0x7f0000000880)={[{@redirect_dir_on, 0x3a}], [{@fowner_gt={'fowner>', r5}}], 0x2f})
listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000001040)={0x2020}, 0x2020)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r8=>0x0})
r9 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r9, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000700)={0xe0, 0x10, 0x50b, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @typed={0xa9, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff2d5f28732c5f289423debbb86f9dba4a2dba4dbe076c02262600c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b5eb5100100000000000000a0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d681"}, @nested={0x11, 0x0, 0x0, 0x1, [@generic="a64a6f8911da357ba323a96d75"]}]}, 0xe0}], 0x1}, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r9, 0x4040942c, &(0x7f00000005c0)={0x0, 0x6, [0xc9, 0xfd, 0xe, 0x0, 0x5, 0x100000001]})
sendmsg$xdp(r6, &(0x7f0000000540)={&(0x7f0000000040)={0x2c, 0x3, r8, 0x39}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000240)="f4dbb15e56fc5c03c91575bc609ab91c754f9ae782869a370f574851253918708d6b202e1a33fde63a7f4dad90412137e801332582f1a0d6ff01bb6fbf9599de9d026b6d9d275140ae316f7d1dbacdad4814f6755589a2a03556b11f2c74b3eee77752d05f7c999104a89d4f65fa9d147924cb8f31dcc905878ae7b4e8fb8590a0f19a28b48742fc47edfdeb4570", 0x8e}, {&(0x7f0000000400)="c1ad34996d7f84eb7c5156cd32761ad71655a6bb35eb801038d623be7d56fd13a560bf8b7bbe1c3c46628c3c7c77e6cc6306bd916c0d7d0eb661ba614fba2d56761f20c0ac2066bb6b72a95dacf551bf498613a3cfdd8e53ae3fc46602f00c246a328b79db1254479508fa9b714c44f9a8752778d5761f099138a9408639a81df3c973ad4425dc20d3444acc6106c088e36e7bc65c4f7070ea84895f91adf1cc98fe4476c15543a8f8fecc9cbfcd647379270fda8db9b2177168c894d1609cabf1c207ffdf1f4d727f", 0xc9}], 0x2, 0x0, 0x0, 0x800}, 0x8000)
r10 = socket$inet6(0xa, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f00000006c0)={'wlan0\x00', &(0x7f0000001000)=@ethtool_stats={0x11, 0x3, [0x1, 0x200, 0x200000000]}})
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000540)=[@ioring_restriction_register_op={0x0, 0x38fc2f1a6518ef8a}], 0x1)
fsetxattr$system_posix_acl(r4, &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000a40)=ANY=[@ANYBLOB="020000000100030000000000040006000000000008000600", @ANYRES32=0x0, @ANYBLOB="08000616e0950ebd9730d3d76d3b44084624ca198fb2876acf05c9380476a7d424ee3c4ae8eb94fde6b38b1c9abb1ac62a51933ae74db3a2fc6035eac8dcb5750ab6ccc52828dd3ebf4313eb", @ANYRES32=0xee00, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="10000200000000002000060000000000"], 0x3c, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000680)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0022000000457f675ed587a704778e5ee4ec37431c71b9e9"], 0x0}, 0x0)

17.400155694s ago: executing program 0 (id=1870):
r0 = socket$kcm(0x2, 0x1, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r4 = syz_open_procfs(0x0, &(0x7f0000000480)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4005011}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x3, 0x1, 0x801, 0x0, 0x0, {0x3, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004000)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000200)={r0})

16.445093436s ago: executing program 0 (id=1871):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x9, 0x80000000000000, 0x8, 0x9, 0x101000, 0x2, 0x1002, 0xfbfffffffffffffb, 0x8, 0x81, 0x2, 0x2372, 0x8bda, 0xfffffffffffffeff, 0x3fb, 0x8], 0x26000, 0x216156})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

10.696576133s ago: executing program 35 (id=1866):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x5a8, 0x0, {}, {0x77359400}, {}, 0x1, @can={{0x0, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "5e7ad9a9df82d46a"}}, 0x48}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x25ffdbfc, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_ARP_OP={0x5, 0x3d, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

0s ago: executing program 36 (id=1871):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x9, 0x80000000000000, 0x8, 0x9, 0x101000, 0x2, 0x1002, 0xfbfffffffffffffb, 0x8, 0x81, 0x2, 0x2372, 0x8bda, 0xfffffffffffffeff, 0x3fb, 0x8], 0x26000, 0x216156})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

, space 0, times 0
[  425.184469][T10150] CPU: 1 UID: 0 PID: 10150 Comm: syz.2.1464 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  425.184502][T10150] Tainted: [L]=SOFTLOCKUP
[  425.184508][T10150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  425.184517][T10150] Call Trace:
[  425.184524][T10150]  <TASK>
[  425.184532][T10150]  dump_stack_lvl+0xe8/0x150
[  425.184558][T10150]  should_fail_ex+0x46b/0x600
[  425.184589][T10150]  _copy_from_user+0x2d/0xb0
[  425.184612][T10150]  kstrtouint_from_user+0xd6/0x180
[  425.184639][T10150]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  425.184682][T10150]  proc_fail_nth_write+0x8e/0x210
[  425.184714][T10150]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  425.184745][T10150]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  425.184772][T10150]  vfs_write+0x2a3/0xba0
[  425.184806][T10150]  ? __pfx_vfs_write+0x10/0x10
[  425.184829][T10150]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  425.184855][T10150]  ? lockdep_hardirqs_on+0x7a/0x110
[  425.184881][T10150]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  425.184907][T10150]  ? mutex_lock_nested+0x152/0x1d0
[  425.184927][T10150]  ? fdget_pos+0x252/0x320
[  425.184953][T10150]  ksys_write+0x156/0x270
[  425.184976][T10150]  ? __pfx_ksys_write+0x10/0x10
[  425.185004][T10150]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.185025][T10150]  do_syscall_64+0x15f/0xf80
[  425.185041][T10150]  ? trace_irq_disable+0x3b/0x140
[  425.185063][T10150]  ? clear_bhb_loop+0x40/0x90
[  425.185086][T10150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.185104][T10150] RIP: 0033:0x7f1035ccd60e
[  425.185122][T10150] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  425.185138][T10150] RSP: 002b:00007f1033f44fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  425.185157][T10150] RAX: ffffffffffffffda RBX: 00007f1033f456c0 RCX: 00007f1035ccd60e
[  425.185171][T10150] RDX: 0000000000000001 RSI: 00007f1033f450a0 RDI: 0000000000000004
[  425.185183][T10150] RBP: 00007f1033f45090 R08: 0000000000000000 R09: 0000000000000000
[  425.185194][T10150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.185205][T10150] R13: 00007f1035f86128 R14: 00007f1035f86090 R15: 00007ffdcbd835d8
[  425.185235][T10150]  </TASK>
[  425.635768][T10164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  426.667835][T10175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  427.134888][T10193] syz.2.1480 uses obsolete (PF_INET,SOCK_PACKET)
[  428.343871][T10214] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  428.421639][T10216] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1489'.
[  428.421654][T10216] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1489'.
[  428.421665][T10216] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1489'.
[  428.458252][ T5864] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  428.458437][   T50] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  428.544340][T10218] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  428.623140][ T5864] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  428.623167][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.676276][ T5864] usb 4-1: config 0 descriptor??
[  428.697234][ T5864] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  428.711159][   T50] usb 1-1: unable to get BOS descriptor or descriptor too short
[  428.712038][   T50] usb 1-1: unable to read config index 0 descriptor/start: -71
[  428.712060][   T50] usb 1-1: can't read configurations, error -71
[  428.882520][ T5864] gp8psk: usb in 128 operation failed.
[  428.985739][T10224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.112658][ T5864] gp8psk: FW Version = 158.245.78 (0x9ef54e)  Build 2168/73/63
[  429.419340][ T5715] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  429.701894][ T5715] usb 5-1: unable to get BOS descriptor or descriptor too short
[  429.703185][ T5715] usb 5-1: unable to read config index 0 descriptor/start: -71
[  429.703221][ T5715] usb 5-1: can't read configurations, error -71
[  429.764706][ T5864] gp8psk: usb in 149 operation failed.
[  429.764725][ T5864] gp8psk: failed to get FPGA version
[  429.767773][ T5864] gp8psk: usb in 138 operation failed.
[  429.767791][ T5864] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  429.767831][ T5864] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  429.830028][ T5864] usb 4-1: USB disconnect, device number 32
[  430.607149][T10249] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  430.682876][T10246] tmpfs: Unknown parameter 'mp}0*!Pq{�'
[  430.908790][    T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  430.928881][T10267] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1506'.
[  431.141800][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  431.141884][    T9] usb 1-1: no configurations
[  431.141898][    T9] usb 1-1: can't read configurations, error -22
[  431.361351][T10283] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  432.018180][ T5730] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  432.132324][T10301] tmpfs: Unknown parameter 'mp}0*!Pq{�'
[  432.138183][ T5715] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  432.239889][ T5730] usb 5-1: unable to get BOS descriptor or descriptor too short
[  432.240883][ T5730] usb 5-1: unable to read config index 0 descriptor/start: -71
[  432.240916][ T5730] usb 5-1: can't read configurations, error -71
[  432.288122][ T5715] usb 3-1: Using ep0 maxpacket: 32
[  432.290127][ T5715] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.290179][ T5715] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  432.290207][ T5715] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  432.290233][ T5715] usb 3-1: config 0 interface 0 has no altsetting 0
[  432.290261][ T5715] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  432.290282][ T5715] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.327353][ T5715] usb 3-1: config 0 descriptor??
[  432.498304][    T9] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  432.655728][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.662244][    T9] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  432.662273][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.662293][    T9] usb 2-1: Product: syz
[  432.662306][    T9] usb 2-1: Manufacturer: syz
[  432.662320][    T9] usb 2-1: SerialNumber: syz
[  432.680656][    T9] usb 2-1: config 0 descriptor??
[  432.692092][    T9] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  432.742914][ T5715] usbhid 3-1:0.0: can't add hid device: -71
[  432.743039][ T5715] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  432.770875][ T5715] usb 3-1: USB disconnect, device number 44
[  434.116966][T10351] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1545'.
[  434.727128][T10352] syzkaller1: entered promiscuous mode
[  434.727154][T10352] syzkaller1: entered allmulticast mode
[  435.038122][   T50] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  435.189378][   T50] usb 5-1: Using ep0 maxpacket: 32
[  435.194184][   T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.194470][   T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  435.194510][   T50] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  435.194623][   T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.286636][   T50] usb 5-1: config 0 descriptor??
[  435.861934][ T5775] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  436.231029][T10365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  436.231602][T10365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.292934][ T5775] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  436.292974][ T5775] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 31, using maximum allowed: 30
[  436.292996][ T5775] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 31
[  436.295501][ T5775] usb 3-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=87.bd
[  436.295518][ T5775] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.295529][ T5775] usb 3-1: Product: syz
[  436.295536][ T5775] usb 3-1: Manufacturer: syz
[  436.295543][ T5775] usb 3-1: SerialNumber: syz
[  436.379252][ T5775] usb 3-1: config 0 descriptor??
[  436.399449][ T5775] ums_eneub6250 3-1:0.0: USB Mass Storage device detected
[  436.559775][ T5715] usb 2-1: USB disconnect, device number 34
[  436.864738][   T50] ft260 0003:0403:6030.0019: failed to retrieve chip version
[  436.865133][   T50] ft260 0003:0403:6030.0019: probe with driver ft260 failed with error -71
[  436.903717][   T50] usb 5-1: USB disconnect, device number 69
[  437.732604][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  437.785412][T10420] pim6reg: entered allmulticast mode
[  437.967528][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  437.971393][    T9] usb 2-1: unable to read config index 0 descriptor/start: -71
[  437.971427][    T9] usb 2-1: can't read configurations, error -71
[  438.249232][   T50] usb 3-1: USB disconnect, device number 45
[  438.465530][ T5612] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  438.526216][ T5612] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  438.533870][ T5612] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  438.545223][ T5612] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  438.722233][ T5864] usb 1-1: new full-speed USB device number 55 using dummy_hcd
[  438.752345][ T5612] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  438.879519][T10434] SQUASHFS error: Failed to read block 0x0: -5
[  439.654515][ T5864] usb 1-1: unable to get BOS descriptor or descriptor too short
[  439.702822][ T5864] usb 1-1: not running at top speed; connect to a high speed hub
[  439.705160][ T5864] usb 1-1: config 1 interface 0 altsetting 248 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  439.705193][ T5864] usb 1-1: config 1 interface 0 altsetting 248 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  439.705217][ T5864] usb 1-1: config 1 interface 0 altsetting 248 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  439.705243][ T5864] usb 1-1: config 1 interface 0 has no altsetting 0
[  439.735519][ T5864] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  439.735550][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.735569][ T5864] usb 1-1: Product: syz
[  439.735583][ T5864] usb 1-1: Manufacturer: syz
[  439.735596][ T5864] usb 1-1: SerialNumber: syz
[  439.808212][T10428] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  439.808407][T10428] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  440.073589][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  440.073655][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  440.136966][T10443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1576'.
[  440.337095][   T36] kauditd_printk_skb: 226 callbacks suppressed
[  440.337120][   T36] audit: type=1326 audit(1777173379.338:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10427 comm="syz.0.1573" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3765f0cdd9 code=0x0
[  440.391694][T10447] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1573'.
[  440.391736][T10447] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1573'.
[  440.521329][T10447] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1573'.
[  440.521381][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1573'.
[  440.522184][T10447] Context (ID=0x1) not attached to queue pair (handle=0x1:0x2)
[  440.756004][T10453] bridge_slave_1: left allmulticast mode
[  440.756090][T10453] bridge_slave_1: left promiscuous mode
[  440.792047][ T5615] Bluetooth: hci5: command tx timeout
[  440.852633][T10453] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.084019][T10463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1580'.
[  441.339568][T10453] bond0: (slave 
1
@���): Releasing backup interface
[  441.381827][T10453] 
@���: left promiscuous mode
[  441.394560][ T5582] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  441.407042][T10453] bond0: (slave bond_slave_1): Releasing backup interface
[  441.443456][T10453] bond_slave_1: left promiscuous mode
[  441.503509][T10453] team0: Port device team_slave_0 removed
[  441.538564][ T5582] usb 5-1: Using ep0 maxpacket: 8
[  441.540427][ T5582] usb 5-1: config 252 has an invalid interface number: 186 but max is 0
[  441.540454][ T5582] usb 5-1: config 252 has no interface number 0
[  441.540497][ T5582] usb 5-1: config 252 interface 186 altsetting 25 has 0 endpoint descriptors, different from the interface descriptor's value: 23
[  441.540528][ T5582] usb 5-1: config 252 interface 186 has no altsetting 0
[  441.540561][ T5582] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  441.540584][ T5582] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.668295][T10453] team0: Port device team_slave_1 removed
[  441.672015][T10453] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  441.672045][T10453] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.727583][T10453] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.727610][T10453] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.774083][T10453] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  441.791081][T10464] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1581'.
[  441.820211][ T5582] usb 5-1: string descriptor 0 read error: -71
[  441.824100][ T5582] pvrusb2: Hardware description: Terratec Grabster AV400
[  441.824130][ T5582] pvrusb2: **********
[  441.824136][ T5582] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  441.824148][ T5582] pvrusb2: Important functionality might not be entirely working.
[  441.824156][ T5582] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  441.824166][ T5582] pvrusb2: **********
[  441.824889][ T5582] usb 5-1: selecting invalid altsetting 0
[  441.899246][ T5582] usb 5-1: USB disconnect, device number 70
[  441.906353][ T5582] pvrusb2: Device being rendered inoperable
[  441.984106][ T5864] usb 1-1: No union descriptors
[  442.062105][ T5864] usb 1-1: USB disconnect, device number 55
[  442.528564][    T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  442.765722][T10480] FAULT_INJECTION: forcing a failure.
[  442.765722][T10480] name failslab, interval 1, probability 0, space 0, times 0
[  442.765758][T10480] CPU: 1 UID: 0 PID: 10480 Comm: syz.1.1588 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  442.765785][T10480] Tainted: [L]=SOFTLOCKUP
[  442.765792][T10480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  442.765803][T10480] Call Trace:
[  442.765812][T10480]  <TASK>
[  442.765821][T10480]  dump_stack_lvl+0xe8/0x150
[  442.765856][T10480]  should_fail_ex+0x46b/0x600
[  442.765891][T10480]  should_failslab+0xa8/0x100
[  442.765914][T10480]  __kmalloc_cache_noprof+0x84/0x690
[  442.765937][T10480]  ? xdp_umem_create+0x58/0x8b0
[  442.765967][T10480]  xdp_umem_create+0x58/0x8b0
[  442.765990][T10480]  ? lockdep_hardirqs_on+0x7a/0x110
[  442.766017][T10480]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  442.766053][T10480]  ? mutex_lock_nested+0x152/0x1d0
[  442.766074][T10480]  ? xsk_setsockopt+0x6d2/0x990
[  442.766101][T10480]  xsk_setsockopt+0x860/0x990
[  442.766127][T10480]  ? __pfx_xsk_setsockopt+0x10/0x10
[  442.766156][T10480]  ? __fget_files+0x2a/0x420
[  442.766185][T10480]  ? __fget_files+0x2a/0x420
[  442.766209][T10480]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  442.766229][T10480]  ? __pfx_xsk_setsockopt+0x10/0x10
[  442.766254][T10480]  do_sock_setsockopt+0x17c/0x1b0
[  442.766281][T10480]  __x64_sys_setsockopt+0x143/0x1b0
[  442.766304][T10480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.766326][T10480]  do_syscall_64+0x15f/0xf80
[  442.766343][T10480]  ? trace_irq_disable+0x3b/0x140
[  442.766366][T10480]  ? clear_bhb_loop+0x40/0x90
[  442.766389][T10480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.766408][T10480] RIP: 0033:0x7f1eeaf5cdd9
[  442.766426][T10480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  442.766443][T10480] RSP: 002b:00007f1ee91ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  442.766463][T10480] RAX: ffffffffffffffda RBX: 00007f1eeb1d5fa0 RCX: 00007f1eeaf5cdd9
[  442.766477][T10480] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003
[  442.766489][T10480] RBP: 00007f1ee91ae090 R08: 0000000000000020 R09: 0000000000000000
[  442.766502][T10480] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  442.766514][T10480] R13: 00007f1eeb1d6038 R14: 00007f1eeb1d5fa0 R15: 00007fff6d7c4758
[  442.766546][T10480]  </TASK>
[  442.878245][ T5615] Bluetooth: hci5: command tx timeout
[  443.005376][T10482] SQUASHFS error: Failed to read block 0x0: -5
[  443.882203][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  443.882272][    T9] usb 3-1: no configurations
[  443.882285][    T9] usb 3-1: can't read configurations, error -22
[  444.067856][  T777] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.128181][ T5864] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  444.328418][ T5864] usb 5-1: unable to get BOS descriptor or descriptor too short
[  444.330519][ T5864] usb 5-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[  444.330546][ T5864] usb 5-1: config 66 has 1 interface, different from the descriptor's value: 2
[  444.429093][ T5864] usb 5-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[  444.429122][ T5864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.429139][ T5864] usb 5-1: Product: syz
[  444.429152][ T5864] usb 5-1: Manufacturer: syz
[  444.429165][ T5864] usb 5-1: SerialNumber: syz
[  444.950973][ T5615] Bluetooth: hci5: command tx timeout
[  445.101509][  T777] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.162857][T10508] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1594'.
[  445.162877][T10508] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1594'.
[  445.162892][T10508] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1594'.
[  445.630594][T10513] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  445.687427][ T5864] ati_remote2 5-1:66.0: ati_remote2_probe(): interface 0 must have an endpoint
[  445.700806][ T5864] usb 5-1: USB disconnect, device number 71
[  446.472454][  T777] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.044286][ T5615] Bluetooth: hci5: command tx timeout
[  447.097685][  T777] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.224494][    T9] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  447.533634][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  447.533718][    T9] usb 3-1: no configurations
[  447.533731][    T9] usb 3-1: can't read configurations, error -22
[  447.702070][T10543] bond2 (unregistering): Released all slaves
[  447.798652][ T5854] usb 1-1: new full-speed USB device number 56 using dummy_hcd
[  447.952602][ T5854] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.952630][ T5854] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  447.952680][ T5854] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  447.952704][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.004658][ T5854] usb 1-1: config 0 descriptor??
[  448.013774][ T5854] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  448.013819][ T5854] dvb-usb: bulk message failed: -22 (3/0)
[  448.200683][ T5854] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  448.201815][ T5854] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  448.201867][ T5854] usb 1-1: media controller created
[  448.203890][ T5854] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  448.396415][T10564] dvb-usb: bulk message failed: -22 (3/0)
[  448.526673][ T5854] dvb-usb: bulk message failed: -22 (6/0)
[  448.526751][ T5854] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  448.541329][ T5854] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input20
[  448.562204][ T5854] dvb-usb: schedule remote query interval to 150 msecs.
[  448.562229][ T5854] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  448.670727][T10562] macvtap1: entered promiscuous mode
[  448.670750][T10562] ip6gretap0: entered promiscuous mode
[  448.672246][T10562] macvtap1: entered allmulticast mode
[  448.672271][T10562] ip6gretap0: entered allmulticast mode
[  448.702609][T10426] bridge0: port 1(bridge_slave_0) entered blocking state
[  448.708572][T10426] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.708789][T10426] bridge_slave_0: entered allmulticast mode
[  448.723142][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  448.723206][    T9] dvb-usb: error while querying for an remote control event.
[  448.733668][T10426] bridge_slave_0: entered promiscuous mode
[  448.851919][T10426] bridge0: port 2(bridge_slave_1) entered blocking state
[  448.852007][T10426] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.852145][T10426] bridge_slave_1: entered allmulticast mode
[  448.854646][T10426] bridge_slave_1: entered promiscuous mode
[  448.887010][ T5854] dvb-usb: bulk message failed: -22 (1/0)
[  448.887066][ T5854] dvb-usb: error while querying for an remote control event.
[  449.042065][ T5582] dvb-usb: bulk message failed: -22 (1/0)
[  449.042098][ T5582] dvb-usb: error while querying for an remote control event.
[  449.193211][T10426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  449.227772][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  449.227796][    T9] dvb-usb: error while querying for an remote control event.
[  449.378508][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  449.378540][    T9] dvb-usb: error while querying for an remote control event.
[  449.435598][T10426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  449.538506][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  449.538534][    T9] dvb-usb: error while querying for an remote control event.
[  449.720993][ T5582] dvb-usb: bulk message failed: -22 (1/0)
[  449.721026][ T5582] dvb-usb: error while querying for an remote control event.
[  449.878401][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  449.878469][    T9] dvb-usb: error while querying for an remote control event.
[  450.042910][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  450.042955][    T9] dvb-usb: error while querying for an remote control event.
[  450.203978][ T5854] dvb-usb: bulk message failed: -22 (1/0)
[  450.204043][ T5854] dvb-usb: error while querying for an remote control event.
[  450.359337][ T5854] dvb-usb: bulk message failed: -22 (1/0)
[  450.359402][ T5854] dvb-usb: error while querying for an remote control event.
[  450.425928][ T5864] usb 1-1: USB disconnect, device number 56
[  450.673320][T10571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.109923][ T5864] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  451.189021][  T777] bridge_slave_1: left allmulticast mode
[  451.189304][  T777] bridge_slave_1: left promiscuous mode
[  451.233573][  T777] bridge0: port 2(bridge_slave_1) entered disabled state
[  451.402600][  T777] bridge_slave_0: left allmulticast mode
[  451.402635][  T777] bridge_slave_0: left promiscuous mode
[  451.402910][  T777] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.178150][   T50] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  452.741204][   T50] usb 3-1: unable to get BOS descriptor or descriptor too short
[  452.741258][   T50] usb 3-1: no configurations
[  452.741266][   T50] usb 3-1: can't read configurations, error -22
[  453.249538][  T777] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  453.329331][  T777] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  453.411819][  T777] bond0 (unregistering): Released all slaves
[  453.474235][T10426] team0: Port device team_slave_0 added
[  453.555337][T10600] pim6reg: entered allmulticast mode
[  453.569079][T10426] team0: Port device team_slave_1 added
[  453.756439][T10426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  453.756456][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  453.756476][T10426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  453.819494][T10426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  453.819511][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  453.819538][T10426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  453.918192][   T50] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  454.100771][   T50] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  454.100799][   T50] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  454.100850][   T50] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  454.100875][   T50] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.201415][   T50] usb 3-1: config 0 descriptor??
[  454.286865][   T50] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  454.286919][   T50] dvb-usb: bulk message failed: -22 (3/0)
[  454.487759][T10426] hsr_slave_0: entered promiscuous mode
[  454.519613][   T50] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  454.527219][   T50] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  454.527274][   T50] usb 3-1: media controller created
[  454.540101][   T50] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  454.555338][T10618] dvb-usb: bulk message failed: -22 (3/0)
[  454.587490][   T50] dvb-usb: bulk message failed: -22 (6/0)
[  454.587582][   T50] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  454.598945][T10426] hsr_slave_1: entered promiscuous mode
[  454.599887][T10426] debugfs: 'hsr0' already exists in 'hsr'
[  454.599912][T10426] Cannot create hsr debugfs directory
[  454.653667][   T50] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input21
[  454.686137][   T50] dvb-usb: schedule remote query interval to 150 msecs.
[  454.686160][   T50] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  454.713567][   T50] usb 3-1: USB disconnect, device number 51
[  455.183332][   T50] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  456.155610][T10652] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1634'.
[  456.235760][T10656] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1634'.
[  456.572602][    T9] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[  456.578089][   T31] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  456.594808][    T9] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  456.604590][T10662] 9p: Bad value for 'rfdno'
[  456.798697][ T5582] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  456.835520][ T5258] 8021q: adding VLAN 0 to HW filter on device eth1
[  456.861807][   T31] usb 5-1: unable to get BOS descriptor or descriptor too short
[  456.861888][   T31] usb 5-1: no configurations
[  456.861901][   T31] usb 5-1: can't read configurations, error -22
[  456.969598][ T5582] usb 3-1: Using ep0 maxpacket: 16
[  456.974670][ T5582] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  456.974696][ T5582] usb 3-1: config 1 has no interface number 0
[  456.974736][ T5582] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  456.974761][ T5582] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  456.974785][ T5582] usb 3-1: config 1 interface 105 has no altsetting 0
[  457.029200][ T5582] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  457.029228][ T5582] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  457.029246][ T5582] usb 3-1: Product: syz
[  457.029259][ T5582] usb 3-1: Manufacturer: syz
[  457.029273][ T5582] usb 3-1: SerialNumber: syz
[  457.090316][T10660] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  457.090490][T10660] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  457.358142][ T5864] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  457.501726][T10660] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  457.505510][T10660] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  457.555188][ T5864] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  457.555215][ T5864] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  457.555265][ T5864] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  457.555289][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.627719][ T5864] usb 1-1: config 0 descriptor??
[  457.710580][ T5864] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  457.710629][ T5864] dvb-usb: bulk message failed: -22 (3/0)
[  457.747357][T10660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.758761][T10660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.955883][ T5582] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  457.956166][ T5582] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71
[  457.972890][ T5864] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  457.981569][ T5864] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  457.981636][ T5864] usb 1-1: media controller created
[  457.985508][ T5864] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  458.030353][ T5582] usb 3-1: USB disconnect, device number 52
[  458.150945][ T5864] dvb-usb: bulk message failed: -22 (6/0)
[  458.151026][ T5864] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  458.199684][ T5864] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input22
[  458.208637][ T5864] dvb-usb: schedule remote query interval to 150 msecs.
[  458.208661][ T5864] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  458.229651][ T5864] usb 1-1: USB disconnect, device number 57
[  458.795303][ T5864] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  458.795984][T10699] 9p: Bad value for 'rfdno'
[  459.630076][    T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  459.750707][ T5258] 8021q: adding VLAN 0 to HW filter on device eth2
[  459.784055][    T9] usb 2-1: Using ep0 maxpacket: 16
[  459.790881][    T9] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.790911][    T9] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.790932][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  459.790962][    T9] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  459.790985][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.887713][    T9] usb 2-1: config 0 descriptor??
[  460.008643][ T5854] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  460.150701][   T50] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[  460.179168][   T50] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  460.458206][   T31] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  460.605705][ T5854] usb 5-1: unable to get BOS descriptor or descriptor too short
[  460.605788][ T5854] usb 5-1: no configurations
[  460.605800][ T5854] usb 5-1: can't read configurations, error -22
[  460.638112][   T31] usb 3-1: Using ep0 maxpacket: 16
[  460.642562][   T31] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  460.642590][   T31] usb 3-1: config 1 has no interface number 0
[  460.642633][   T31] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  460.642658][   T31] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  460.642684][   T31] usb 3-1: config 1 interface 105 has no altsetting 0
[  460.683062][   T31] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  460.683094][   T31] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  460.683116][   T31] usb 3-1: Product: syz
[  460.683131][   T31] usb 3-1: Manufacturer: syz
[  460.683145][   T31] usb 3-1: SerialNumber: syz
[  460.837465][T10737] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  460.837735][T10737] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  460.975500][T10746] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1657'.
[  461.251282][T10737] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  461.251957][T10737] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  461.470045][T10737] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.472261][T10737] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.627086][   T31] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  461.627329][   T31] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71
[  461.700840][   T31] usb 3-1: USB disconnect, device number 53
[  462.018631][  T777] hsr_slave_0: left promiscuous mode
[  462.058683][  T777] hsr_slave_1: left promiscuous mode
[  462.080797][  T777] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  462.081041][  T777] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.178789][  T777] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  462.178819][  T777] batman_adv: batadv0: Removing interface: batadv_slave_1
[  462.471873][  T777] veth1_macvtap: left promiscuous mode
[  462.472321][  T777] veth0_macvtap: left promiscuous mode
[  462.504222][  T777] veth1_vlan: left promiscuous mode
[  462.511736][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  462.513743][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  462.527836][    T9] usb 2-1: USB disconnect, device number 37
[  462.611934][  T777] veth0_vlan: left promiscuous mode
[  462.771597][T10770] tmpfs: Unknown parameter 'mp}0*!Pq{�'
[  463.949302][  T777] team0 (unregistering): Port device team_slave_1 removed
[  464.009347][  T777] team0 (unregistering): Port device team_slave_0 removed
[  464.290850][T10754] tipc: Enabled bearer <eth:macvlan1>, priority 14
[  464.448655][T10796] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1668'.
[  464.709813][   T31] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[  464.812747][T10811] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[  464.812775][T10811] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  464.891325][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  464.891353][   T31] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  464.891403][   T31] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  464.891426][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.944662][   T31] usb 5-1: config 0 descriptor??
[  464.975609][   T31] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  464.975660][   T31] dvb-usb: bulk message failed: -22 (3/0)
[  465.016648][   T31] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  465.017517][   T31] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  465.017570][   T31] usb 5-1: media controller created
[  465.040578][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  465.109474][   T31] dvb-usb: bulk message failed: -22 (6/0)
[  465.109558][   T31] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  465.116176][   T31] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input23
[  465.147638][   T31] dvb-usb: schedule remote query interval to 150 msecs.
[  465.147661][   T31] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  465.252586][T10819] dvb-usb: bulk message failed: -22 (3/0)
[  465.312126][   T31] dvb-usb: bulk message failed: -22 (1/0)
[  465.312160][   T31] dvb-usb: error while querying for an remote control event.
[  465.434646][    T9] usb 5-1: USB disconnect, device number 76
[  465.884785][T10833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1677'.
[  466.035806][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  466.550635][T10843] FAULT_INJECTION: forcing a failure.
[  466.550635][T10843] name failslab, interval 1, probability 0, space 0, times 0
[  466.552725][T10843] CPU: 1 UID: 0 PID: 10843 Comm: syz.4.1679 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  466.552762][T10843] Tainted: [L]=SOFTLOCKUP
[  466.552769][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  466.552780][T10843] Call Trace:
[  466.552788][T10843]  <TASK>
[  466.552796][T10843]  dump_stack_lvl+0xe8/0x150
[  466.552824][T10843]  should_fail_ex+0x46b/0x600
[  466.552858][T10843]  should_failslab+0xa8/0x100
[  466.552882][T10843]  kmem_cache_alloc_noprof+0x87/0x680
[  466.552904][T10843]  ? security_inode_alloc+0x39/0x310
[  466.552928][T10843]  security_inode_alloc+0x39/0x310
[  466.552950][T10843]  inode_init_always_gfp+0x99a/0xd50
[  466.552981][T10843]  ? __pfx_proc_alloc_inode+0x10/0x10
[  466.553000][T10843]  alloc_inode+0x82/0x1b0
[  466.553028][T10843]  new_inode+0x22/0x170
[  466.553056][T10843]  proc_pid_make_inode+0x21/0x130
[  466.553077][T10843]  proc_pident_instantiate+0x6d/0x2b0
[  466.553103][T10843]  proc_pident_lookup+0x1b7/0x270
[  466.553129][T10843]  __lookup_slow+0x2d2/0x440
[  466.553151][T10843]  ? __pfx___lookup_slow+0x10/0x10
[  466.553184][T10843]  ? down_read+0x156/0x200
[  466.553204][T10843]  ? __pfx_down_read+0x10/0x10
[  466.553226][T10843]  ? lookup_fast+0x192/0x5b0
[  466.553250][T10843]  lookup_slow+0x53/0x70
[  466.553269][T10843]  link_path_walk+0xd1e/0x18d0
[  466.553316][T10843]  path_lookupat+0xe4/0x8c0
[  466.553359][T10843]  filename_lookup+0x256/0x5d0
[  466.553390][T10843]  ? __pfx_filename_lookup+0x10/0x10
[  466.553442][T10843]  ? strncpy_from_user+0x150/0x2b0
[  466.553471][T10843]  ? do_getname+0x151/0x250
[  466.553498][T10843]  do_readlinkat+0xe3/0x510
[  466.553520][T10843]  ? __pfx_do_readlinkat+0x10/0x10
[  466.553539][T10843]  ? __pfx_ksys_write+0x10/0x10
[  466.553567][T10843]  __x64_sys_readlinkat+0x9a/0xb0
[  466.553593][T10843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.553614][T10843]  do_syscall_64+0x15f/0xf80
[  466.553631][T10843]  ? trace_irq_disable+0x3b/0x140
[  466.553654][T10843]  ? clear_bhb_loop+0x40/0x90
[  466.553677][T10843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.553697][T10843] RIP: 0033:0x7f049deacdd9
[  466.553715][T10843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.553738][T10843] RSP: 002b:00007f049c0fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000010b
[  466.553760][T10843] RAX: ffffffffffffffda RBX: 00007f049e125fa0 RCX: 00007f049deacdd9
[  466.553775][T10843] RDX: 0000200000000540 RSI: 00002000000000c0 RDI: 0000000000000004
[  466.553789][T10843] RBP: 00007f049c0fe090 R08: 0000000000000000 R09: 0000000000000000
[  466.553802][T10843] R10: 000000000000004c R11: 0000000000000246 R12: 0000000000000001
[  466.553813][T10843] R13: 00007f049e126038 R14: 00007f049e125fa0 R15: 00007fff465bd338
[  466.553843][T10843]  </TASK>
[  466.779652][T10848] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1680'.
[  467.475672][T10867] FAULT_INJECTION: forcing a failure.
[  467.475672][T10867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.475730][T10867] CPU: 1 UID: 0 PID: 10867 Comm: syz.1.1684 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  467.475757][T10867] Tainted: [L]=SOFTLOCKUP
[  467.475765][T10867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  467.475777][T10867] Call Trace:
[  467.475785][T10867]  <TASK>
[  467.475794][T10867]  dump_stack_lvl+0xe8/0x150
[  467.475821][T10867]  should_fail_ex+0x46b/0x600
[  467.475855][T10867]  strncpy_from_user+0x36/0x2b0
[  467.475885][T10867]  do_getname+0x77/0x250
[  467.475912][T10867]  do_sys_openat2+0xca/0x200
[  467.475938][T10867]  ? __pfx___schedule+0x10/0x10
[  467.475964][T10867]  ? __pfx_do_sys_openat2+0x10/0x10
[  467.475991][T10867]  ? ksys_write+0x248/0x270
[  467.476012][T10867]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  467.476045][T10867]  __x64_sys_openat+0x138/0x170
[  467.476073][T10867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.476094][T10867]  do_syscall_64+0x15f/0xf80
[  467.476114][T10867]  ? clear_bhb_loop+0x40/0x90
[  467.476137][T10867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.476164][T10867] RIP: 0033:0x7f1eeaf1d60e
[  467.476183][T10867] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  467.476199][T10867] RSP: 002b:00007f1ee916bec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  467.476220][T10867] RAX: ffffffffffffffda RBX: 00007f1ee916c6c0 RCX: 00007f1eeaf1d60e
[  467.476234][T10867] RDX: 0000000000000002 RSI: 00007f1ee916bf90 RDI: ffffffffffffff9c
[  467.476248][T10867] RBP: 00007f1ee916c090 R08: 0000000000000000 R09: 0000000000000000
[  467.476260][T10867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.476272][T10867] R13: 00007f1eeb1d6218 R14: 00007f1eeb1d6180 R15: 00007fff6d7c4758
[  467.476303][T10867]  </TASK>
[  468.647699][T10881] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  468.787429][T10885] FAULT_INJECTION: forcing a failure.
[  468.787429][T10885] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.787457][T10885] CPU: 0 UID: 0 PID: 10885 Comm: syz.0.1688 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  468.787481][T10885] Tainted: [L]=SOFTLOCKUP
[  468.787486][T10885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  468.787495][T10885] Call Trace:
[  468.787501][T10885]  <TASK>
[  468.787507][T10885]  dump_stack_lvl+0xe8/0x150
[  468.787530][T10885]  should_fail_ex+0x46b/0x600
[  468.787564][T10885]  _copy_to_user+0x31/0xb0
[  468.787581][T10885]  drm_ioctl+0x6e0/0xb80
[  468.787597][T10885]  ? smk_tskacc+0x311/0x3a0
[  468.787615][T10885]  ? __pfx_drm_syncobj_create_ioctl+0x10/0x10
[  468.787635][T10885]  ? __pfx_drm_ioctl+0x10/0x10
[  468.787660][T10885]  ? __fget_files+0x2a/0x420
[  468.787683][T10885]  ? bpf_lsm_file_ioctl+0x9/0x20
[  468.787699][T10885]  ? __pfx_drm_ioctl+0x10/0x10
[  468.787715][T10885]  __se_sys_ioctl+0xff/0x170
[  468.787730][T10885]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.787745][T10885]  do_syscall_64+0x15f/0xf80
[  468.787758][T10885]  ? trace_irq_disable+0x3b/0x140
[  468.787780][T10885]  ? clear_bhb_loop+0x40/0x90
[  468.787797][T10885]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.787810][T10885] RIP: 0033:0x7f3765f0cdd9
[  468.787824][T10885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  468.787836][T10885] RSP: 002b:00007f3764166028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  468.787852][T10885] RAX: ffffffffffffffda RBX: 00007f3766185fa0 RCX: 00007f3765f0cdd9
[  468.787861][T10885] RDX: 0000200000000040 RSI: 00000000c00864bf RDI: 0000000000000003
[  468.787871][T10885] RBP: 00007f3764166090 R08: 0000000000000000 R09: 0000000000000000
[  468.787880][T10885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.787888][T10885] R13: 00007f3766186038 R14: 00007f3766185fa0 R15: 00007ffc2dab58b8
[  468.787910][T10885]  </TASK>
[  469.097223][T10890] FAULT_INJECTION: forcing a failure.
[  469.097223][T10890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  469.097252][T10890] CPU: 1 UID: 0 PID: 10890 Comm: syz.2.1689 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  469.097280][T10890] Tainted: [L]=SOFTLOCKUP
[  469.097284][T10890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  469.097293][T10890] Call Trace:
[  469.097299][T10890]  <TASK>
[  469.097306][T10890]  dump_stack_lvl+0xe8/0x150
[  469.097328][T10890]  should_fail_ex+0x46b/0x600
[  469.097356][T10890]  _copy_to_user+0x31/0xb0
[  469.097375][T10890]  simple_read_from_buffer+0xe1/0x170
[  469.097400][T10890]  proc_fail_nth_read+0x1be/0x230
[  469.097424][T10890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  469.097447][T10890]  ? rw_verify_area+0x2ac/0x4e0
[  469.097462][T10890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  469.097485][T10890]  vfs_read+0x212/0xa80
[  469.097506][T10890]  ? __pfx_vfs_read+0x10/0x10
[  469.097525][T10890]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  469.097547][T10890]  ? lockdep_hardirqs_on+0x7a/0x110
[  469.097567][T10890]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  469.097586][T10890]  ? mutex_lock_nested+0x152/0x1d0
[  469.097601][T10890]  ? fdget_pos+0x252/0x320
[  469.097619][T10890]  ksys_read+0x156/0x270
[  469.097636][T10890]  ? __pfx_ksys_read+0x10/0x10
[  469.097657][T10890]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.097672][T10890]  do_syscall_64+0x15f/0xf80
[  469.097685][T10890]  ? trace_irq_disable+0x3b/0x140
[  469.097701][T10890]  ? clear_bhb_loop+0x40/0x90
[  469.097718][T10890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.097731][T10890] RIP: 0033:0x7f1035ccd60e
[  469.097745][T10890] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  469.097757][T10890] RSP: 002b:00007f1033f65fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  469.097773][T10890] RAX: ffffffffffffffda RBX: 00007f1033f666c0 RCX: 00007f1035ccd60e
[  469.097783][T10890] RDX: 000000000000000f RSI: 00007f1033f660a0 RDI: 0000000000000005
[  469.097791][T10890] RBP: 00007f1033f66090 R08: 0000000000000000 R09: 0000000000000000
[  469.097800][T10890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.097808][T10890] R13: 00007f1035f86038 R14: 00007f1035f85fa0 R15: 00007ffdcbd835d8
[  469.097831][T10890]  </TASK>
[  469.200631][T10426] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  469.396063][T10426] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  469.397461][T10426] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  469.522756][T10426] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  469.532975][T10426] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  469.617752][T10426] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  469.619542][T10426] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  469.741150][T10901] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1692'.
[  469.741197][T10901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1692'.
[  469.766249][T10426] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  469.952331][T10907] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1694'.
[  470.009818][    T9] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  470.076689][  T777] IPVS: stop unused estimator thread 0...
[  470.223283][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  470.223370][    T9] usb 3-1: no configurations
[  470.223383][    T9] usb 3-1: can't read configurations, error -22
[  470.268403][   T50] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  470.421030][   T50] usb 2-1: unable to get BOS descriptor or descriptor too short
[  470.422272][   T50] usb 2-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[  470.422298][   T50] usb 2-1: config 66 has 1 interface, different from the descriptor's value: 2
[  470.454666][   T50] usb 2-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[  470.454698][   T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.454720][   T50] usb 2-1: Product: syz
[  470.454735][   T50] usb 2-1: Manufacturer: syz
[  470.454750][   T50] usb 2-1: SerialNumber: syz
[  470.842582][T10426] 8021q: adding VLAN 0 to HW filter on device bond0
[  471.053909][T10935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'.
[  471.258766][   T50] ati_remote2 2-1:66.0: ati_remote2_probe(): interface 0 must have an endpoint
[  471.283476][   T50] usb 2-1: USB disconnect, device number 38
[  471.335205][T10426] 8021q: adding VLAN 0 to HW filter on device team0
[  471.520120][ T7009] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.522476][ T7009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  471.526747][ T7009] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.544932][ T7009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  471.738620][    T9] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  471.839080][T10949] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1703'.
[  471.839133][T10949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1703'.
[  471.929080][    T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  471.929098][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.929109][    T9] usb 3-1: Product: syz
[  471.929117][    T9] usb 3-1: Manufacturer: syz
[  471.929125][    T9] usb 3-1: SerialNumber: syz
[  472.022710][T10950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.068130][   T50] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  472.198133][   T50] usb 1-1: device descriptor read/64, error -71
[  472.310602][ T5852] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  472.458170][   T50] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  472.461598][ T5852] usb 5-1: unable to get BOS descriptor or descriptor too short
[  472.463514][ T5852] usb 5-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[  472.463539][ T5852] usb 5-1: config 66 has 1 interface, different from the descriptor's value: 2
[  472.470295][ T5852] usb 5-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[  472.470323][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.470393][ T5852] usb 5-1: Product: syz
[  472.470407][ T5852] usb 5-1: Manufacturer: syz
[  472.470421][ T5852] usb 5-1: SerialNumber: syz
[  472.540199][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  472.540252][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  472.540272][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  472.598297][   T50] usb 1-1: device descriptor read/64, error -71
[  472.603960][    T9] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  472.685350][    T9] usb 3-1: USB disconnect, device number 56
[  472.718429][   T50] usb usb1-port1: attempt power cycle
[  473.098383][   T50] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  473.131842][   T50] usb 1-1: device descriptor read/8, error -71
[  473.243603][ T5852] ati_remote2 5-1:66.0: ati_remote2_probe(): interface 0 must have an endpoint
[  473.278590][ T5852] usb 5-1: USB disconnect, device number 77
[  473.383195][T10966] FAULT_INJECTION: forcing a failure.
[  473.383195][T10966] name failslab, interval 1, probability 0, space 0, times 0
[  473.383229][T10966] CPU: 1 UID: 0 PID: 10966 Comm: syz.2.1705 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  473.383256][T10966] Tainted: [L]=SOFTLOCKUP
[  473.383264][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  473.383274][T10966] Call Trace:
[  473.383282][T10966]  <TASK>
[  473.383291][T10966]  dump_stack_lvl+0xe8/0x150
[  473.383318][T10966]  should_fail_ex+0x46b/0x600
[  473.383350][T10966]  should_failslab+0xa8/0x100
[  473.383380][T10966]  __kmalloc_noprof+0xdf/0x7b0
[  473.383401][T10966]  ? copy_splice_read+0x16f/0xab0
[  473.383431][T10966]  copy_splice_read+0x16f/0xab0
[  473.383470][T10966]  ? __pfx_copy_splice_read+0x10/0x10
[  473.383494][T10966]  ? rcu_is_watching+0x15/0xb0
[  473.383522][T10966]  ? look_up_lock_class+0x57/0x110
[  473.383549][T10966]  ? register_lock_class+0x31/0x2e0
[  473.383575][T10966]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  473.383601][T10966]  ? alloc_pipe_info+0x373/0x4d0
[  473.383622][T10966]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  473.383651][T10966]  splice_direct_to_actor+0x4ab/0xc80
[  473.383681][T10966]  ? __pfx_direct_splice_actor+0x10/0x10
[  473.383707][T10966]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  473.383735][T10966]  do_splice_direct+0x19b/0x2a0
[  473.383756][T10966]  ? __pfx_do_splice_direct+0x10/0x10
[  473.383776][T10966]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  473.383802][T10966]  ? rw_verify_area+0x25b/0x4e0
[  473.383826][T10966]  do_sendfile+0x547/0x7e0
[  473.383850][T10966]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  473.383883][T10966]  ? __pfx_do_sendfile+0x10/0x10
[  473.383919][T10966]  __se_sys_sendfile64+0x144/0x1a0
[  473.383946][T10966]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  473.383977][T10966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.383998][T10966]  do_syscall_64+0x15f/0xf80
[  473.384015][T10966]  ? trace_irq_disable+0x3b/0x140
[  473.384037][T10966]  ? clear_bhb_loop+0x40/0x90
[  473.384060][T10966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.384078][T10966] RIP: 0033:0x7f1035d0cdd9
[  473.384102][T10966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  473.384118][T10966] RSP: 002b:00007f1033f66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  473.384139][T10966] RAX: ffffffffffffffda RBX: 00007f1035f85fa0 RCX: 00007f1035d0cdd9
[  473.384154][T10966] RDX: 0000000000000000 RSI: 000000000000000d RDI: 000000000000000e
[  473.384166][T10966] RBP: 00007f1033f66090 R08: 0000000000000000 R09: 0000000000000000
[  473.384178][T10966] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001
[  473.384191][T10966] R13: 00007f1035f86038 R14: 00007f1035f85fa0 R15: 00007ffdcbd835d8
[  473.384222][T10966]  </TASK>
[  473.989758][   T50] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  474.320663][   T50] usb 1-1: device descriptor read/8, error -71
[  474.428438][   T50] usb usb1-port1: unable to enumerate USB device
[  474.648596][ T5852] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[  474.651896][T10426] 8021q: adding VLAN 0 to HW filter on device batadv0
[  474.703499][T10426] veth0_vlan: entered promiscuous mode
[  474.722296][T10426] veth1_vlan: entered promiscuous mode
[  474.764948][T10426] veth0_macvtap: entered promiscuous mode
[  474.779352][T10426] veth1_macvtap: entered promiscuous mode
[  474.807289][ T5852] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.808707][ T5582] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[  474.810123][ T5852] usb 5-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=87.bd
[  474.810150][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.810169][ T5852] usb 5-1: Product: syz
[  474.810232][ T5852] usb 5-1: Manufacturer: syz
[  474.810246][ T5852] usb 5-1: SerialNumber: syz
[  474.834887][ T5852] usb 5-1: config 0 descriptor??
[  474.861474][ T5852] ums_eneub6250 5-1:0.0: USB Mass Storage device detected
[  474.879615][T10426] batman_adv: batadv0: Interface activated: batadv_slave_0
[  474.898973][T10426] batman_adv: batadv0: Interface activated: batadv_slave_1
[  474.917465][  T777] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  474.917670][  T777] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  474.917704][  T777] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  474.917745][  T777] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  475.051214][ T5582] usb 3-1: unable to get BOS descriptor or descriptor too short
[  475.052764][ T5582] usb 3-1: not running at top speed; connect to a high speed hub
[  475.113743][ T5582] usb 3-1: config 9 has an invalid interface number: 7 but max is 0
[  475.113761][ T5582] usb 3-1: config 9 has no interface number 0
[  475.113789][ T5582] usb 3-1: config 9 interface 7 altsetting 6 endpoint 0x6 has invalid wMaxPacketSize 0
[  475.113802][ T5582] usb 3-1: config 9 interface 7 has no altsetting 0
[  475.115771][    T9] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  475.160404][ T5582] usb 3-1: New USB device found, idVendor=040b, idProduct=6521, bcdDevice=de.de
[  475.160435][ T5582] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.160454][ T5582] usb 3-1: Product: ж
[  475.160469][ T5582] usb 3-1: Manufacturer: 菰侅刱ꭸ蘙χ窢ﻷ쬃㲅囗㫞솳뒝ꚝ硅컔뵎欘ࣟ昈䂌䱪Ƣ튏䍾駧㭻
[  475.160486][ T5582] usb 3-1: SerialNumber: ࠚ
[  475.271370][ T5615] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  475.271582][ T5615] Bluetooth: hci4: Injecting HCI hardware error event
[  475.274581][ T5612] Bluetooth: hci4: hardware error 0x00
[  475.495173][ T5582] xbox_remote_probe: Unexpected desc.bNumEndpoints: 2
[  475.539819][ T5582] usb 3-1: USB disconnect, device number 57
[  475.693325][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  475.693401][    T9] usb 1-1: no configurations
[  475.693415][    T9] usb 1-1: can't read configurations, error -22
[  476.429123][ T6115] usb 5-1: USB disconnect, device number 78
[  476.495442][ T5854] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  476.659798][T10992] Mount JFS Failure: -22
[  476.659815][T10992] jfs_mount failed w/return code = -22
[  476.701814][ T5854] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  476.701843][ T5854] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  476.701897][ T5854] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  476.701922][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.749910][ T5854] usb 2-1: config 0 descriptor??
[  476.772061][ T5854] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  476.772102][ T5854] dvb-usb: bulk message failed: -22 (3/0)
[  476.776535][ T5854] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  476.777306][ T5854] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  476.777357][ T5854] usb 2-1: media controller created
[  476.851313][ T5854] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  476.894525][ T5854] dvb-usb: bulk message failed: -22 (6/0)
[  476.894612][ T5854] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  476.915036][ T5854] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input24
[  476.941137][ T5854] dvb-usb: schedule remote query interval to 150 msecs.
[  476.941161][ T5854] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  476.966258][ T7009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  476.966279][ T7009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  477.098582][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  477.098613][    T9] dvb-usb: error while querying for an remote control event.
[  477.111625][T10998] dvb-usb: bulk message failed: -22 (3/0)
[  477.258600][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  477.258632][    T9] dvb-usb: error while querying for an remote control event.
[  477.324497][   T31] usb 2-1: USB disconnect, device number 39
[  477.351391][ T5612] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  477.362544][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  477.362565][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  477.549058][    T9] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  477.698779][    T9] usb 3-1: Using ep0 maxpacket: 16
[  477.701651][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  477.705082][    T9] usb 3-1: config 7 has an invalid interface number: 78 but max is 0
[  477.705107][    T9] usb 3-1: config 7 has no interface number 0
[  477.705153][    T9] usb 3-1: config 7 interface 78 has no altsetting 0
[  477.729111][    T9] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0181, bcdDevice= 1.fd
[  477.729141][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.729160][    T9] usb 3-1: Product: syz
[  477.729176][    T9] usb 3-1: Manufacturer: syz
[  477.729190][    T9] usb 3-1: SerialNumber: syz
[  477.768281][   T31] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  478.116245][    T9] ftdi_sio 3-1:7.78: FTDI USB Serial Device converter detected
[  478.117671][    T9] usb 3-1: Detected SIO
[  478.187871][    T9] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  478.209257][    T9] usb 3-1: USB disconnect, device number 58
[  478.641622][ T5715] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  478.680952][T11026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1721'.
[  478.712455][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  478.713202][    T9] ftdi_sio 3-1:7.78: device disconnected
[  478.788688][ T5715] usb 4-1: device descriptor read/64, error -71
[  478.807921][T11019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.039163][ T5715] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  479.051340][T11034] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1724'.
[  479.126675][T11036] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1725'.
[  479.168138][ T5715] usb 4-1: device descriptor read/64, error -71
[  479.278559][ T5715] usb usb4-port1: attempt power cycle
[  479.473956][T11045] FAULT_INJECTION: forcing a failure.
[  479.473956][T11045] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  479.473981][T11045] CPU: 1 UID: 0 PID: 11045 Comm: syz.1.1728 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  479.473997][T11045] Tainted: [L]=SOFTLOCKUP
[  479.474001][T11045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  479.474008][T11045] Call Trace:
[  479.474013][T11045]  <TASK>
[  479.474018][T11045]  dump_stack_lvl+0xe8/0x150
[  479.474036][T11045]  should_fail_ex+0x46b/0x600
[  479.474056][T11045]  prepare_alloc_pages+0x22a/0x6b0
[  479.474075][T11045]  __alloc_frozen_pages_noprof+0x12f/0x380
[  479.474090][T11045]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  479.474106][T11045]  ? __pfx_policy_nodemask+0x10/0x10
[  479.474118][T11045]  ? filemap_get_entry+0x378/0x3f0
[  479.474131][T11045]  ? __pfx_filemap_get_entry+0x10/0x10
[  479.474144][T11045]  alloc_pages_mpol+0xd1/0x380
[  479.474159][T11045]  folio_alloc_mpol_noprof+0x3b/0x1e0
[  479.474173][T11045]  shmem_get_folio_gfp+0x644/0x1a80
[  479.474185][T11045]  ? unwind_next_frame+0xa6/0x2550
[  479.474211][T11045]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  479.474221][T11045]  ? is_bpf_text_address+0x26/0x2b0
[  479.474237][T11045]  ? kernel_text_address+0xa5/0xe0
[  479.474255][T11045]  shmem_fault+0x170/0x380
[  479.474272][T11045]  __do_fault+0x138/0x2a0
[  479.474287][T11045]  do_pte_missing+0x65b/0x2950
[  479.474304][T11045]  ? handle_mm_fault+0xe7/0x13c0
[  479.474318][T11045]  handle_mm_fault+0xd0a/0x13c0
[  479.474333][T11045]  ? handle_mm_fault+0xe7/0x13c0
[  479.474346][T11045]  ? __pfx_handle_mm_fault+0x10/0x10
[  479.474364][T11045]  ? __lock_acquire+0x6b5/0x2cf0
[  479.474381][T11045]  ? lock_mm_and_find_vma+0xa7/0x340
[  479.474403][T11045]  do_user_addr_fault+0x75b/0x1340
[  479.474424][T11045]  exc_page_fault+0x6a/0xc0
[  479.474441][T11045]  asm_exc_page_fault+0x26/0x30
[  479.474452][T11045] RIP: 0010:__put_user_2+0xd/0x20
[  479.474468][T11045] Code: 88 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <66> 89 01 31 c9 0f 01 ca e9 06 52 04 00 90 90 90 90 90 90 90 90 90
[  479.474477][T11045] RSP: 0018:ffffc900078dfc98 EFLAGS: 00050206
[  479.474487][T11045] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000001600
[  479.474495][T11045] RDX: 0000000000000002 RSI: ffffffff8d8609ab RDI: ffff888051af4c98
[  479.474502][T11045] RBP: 0000000000000000 R08: ffffffff8214061f R09: ffff8880371d83b0
[  479.474509][T11045] R10: dffffc0000000000 R11: ffffed100d06adb3 R12: dffffc0000000000
[  479.474517][T11045] R13: ffff888051af4c98 R14: ffff888051af0290 R15: ffff888051af0338
[  479.474528][T11045]  ? __might_fault+0xaf/0x130
[  479.474544][T11045]  vhost_update_used_flags+0x175/0x2b0
[  479.474558][T11045]  vhost_vq_init_access+0x100/0x450
[  479.474572][T11045]  vhost_net_ioctl+0x1284/0x17d0
[  479.474594][T11045]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  479.474614][T11045]  ? __fget_files+0x2a/0x420
[  479.474629][T11045]  ? __fget_files+0x3a6/0x420
[  479.474646][T11045]  ? __fget_files+0x2a/0x420
[  479.474663][T11045]  ? bpf_lsm_file_ioctl+0x9/0x20
[  479.474675][T11045]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  479.474691][T11045]  __se_sys_ioctl+0xff/0x170
[  479.474705][T11045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.474716][T11045]  do_syscall_64+0x15f/0xf80
[  479.474726][T11045]  ? trace_irq_disable+0x3b/0x140
[  479.474738][T11045]  ? clear_bhb_loop+0x40/0x90
[  479.474752][T11045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.474762][T11045] RIP: 0033:0x7f1eeaf5cdd9
[  479.474772][T11045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  479.474781][T11045] RSP: 002b:00007f1ee91ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  479.474791][T11045] RAX: ffffffffffffffda RBX: 00007f1eeb1d5fa0 RCX: 00007f1eeaf5cdd9
[  479.474799][T11045] RDX: 0000200000000040 RSI: 000000004008af30 RDI: 0000000000000003
[  479.474805][T11045] RBP: 00007f1ee91ae090 R08: 0000000000000000 R09: 0000000000000000
[  479.474812][T11045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  479.474818][T11045] R13: 00007f1eeb1d6038 R14: 00007f1eeb1d5fa0 R15: 00007fff6d7c4758
[  479.474835][T11045]  </TASK>
[  479.618146][ T5715] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  479.631134][    T9] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  479.669433][ T5715] usb 4-1: device descriptor read/8, error -71
[  479.908171][ T5715] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  479.928937][ T5715] usb 4-1: device descriptor read/8, error -71
[  480.010128][T11041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.028149][T11041] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.039149][ T5715] usb usb4-port1: unable to enumerate USB device
[  480.085331][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  480.085413][    T9] usb 5-1: no configurations
[  480.085428][    T9] usb 5-1: can't read configurations, error -22
[  480.356167][T11052] FAULT_INJECTION: forcing a failure.
[  480.356167][T11052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.356191][T11052] CPU: 1 UID: 0 PID: 11052 Comm: syz.2.1730 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  480.356206][T11052] Tainted: [L]=SOFTLOCKUP
[  480.356210][T11052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  480.356218][T11052] Call Trace:
[  480.356222][T11052]  <TASK>
[  480.356228][T11052]  dump_stack_lvl+0xe8/0x150
[  480.356245][T11052]  should_fail_ex+0x46b/0x600
[  480.356273][T11052]  _copy_to_user+0x31/0xb0
[  480.356286][T11052]  simple_read_from_buffer+0xe1/0x170
[  480.356304][T11052]  proc_fail_nth_read+0x1be/0x230
[  480.356323][T11052]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  480.356340][T11052]  ? rw_verify_area+0x2ac/0x4e0
[  480.356352][T11052]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  480.356367][T11052]  vfs_read+0x212/0xa80
[  480.356383][T11052]  ? __pfx_vfs_read+0x10/0x10
[  480.356395][T11052]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  480.356412][T11052]  ? lockdep_hardirqs_on+0x7a/0x110
[  480.356427][T11052]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  480.356442][T11052]  ? mutex_lock_nested+0x152/0x1d0
[  480.356454][T11052]  ? fdget_pos+0x252/0x320
[  480.356468][T11052]  ksys_read+0x156/0x270
[  480.356480][T11052]  ? __pfx_ksys_read+0x10/0x10
[  480.356495][T11052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.356506][T11052]  do_syscall_64+0x15f/0xf80
[  480.356518][T11052]  ? trace_irq_disable+0x3b/0x140
[  480.356530][T11052]  ? clear_bhb_loop+0x40/0x90
[  480.356543][T11052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.356553][T11052] RIP: 0033:0x7f1035ccd60e
[  480.356563][T11052] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  480.356572][T11052] RSP: 002b:00007f1033f65fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  480.356586][T11052] RAX: ffffffffffffffda RBX: 00007f1033f666c0 RCX: 00007f1035ccd60e
[  480.356599][T11052] RDX: 000000000000000f RSI: 00007f1033f660a0 RDI: 0000000000000007
[  480.356610][T11052] RBP: 00007f1033f66090 R08: 0000000000000000 R09: 0000000000000000
[  480.356622][T11052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.356632][T11052] R13: 00007f1035f86038 R14: 00007f1035f85fa0 R15: 00007ffdcbd835d8
[  480.356662][T11052]  </TASK>
[  482.513744][T11082] FAULT_INJECTION: forcing a failure.
[  482.513744][T11082] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  482.513767][T11082] CPU: 1 UID: 0 PID: 11082 Comm: syz.4.1741 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  482.513783][T11082] Tainted: [L]=SOFTLOCKUP
[  482.513787][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  482.513793][T11082] Call Trace:
[  482.513798][T11082]  <TASK>
[  482.513803][T11082]  dump_stack_lvl+0xe8/0x150
[  482.513821][T11082]  should_fail_ex+0x46b/0x600
[  482.513840][T11082]  prepare_alloc_pages+0x22a/0x6b0
[  482.513859][T11082]  __alloc_frozen_pages_noprof+0x12f/0x380
[  482.513874][T11082]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  482.513890][T11082]  ? __pfx_policy_nodemask+0x10/0x10
[  482.513908][T11082]  alloc_pages_mpol+0xd1/0x380
[  482.513923][T11082]  folio_alloc_mpol_noprof+0x3b/0x1e0
[  482.513937][T11082]  vma_alloc_folio_noprof+0xe1/0x1e0
[  482.513951][T11082]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  482.513969][T11082]  do_wp_page+0x1109/0x3d90
[  482.513980][T11082]  ? rt_spin_lock+0x1e0/0x400
[  482.514000][T11082]  ? preempt_count_add+0x91/0x190
[  482.514012][T11082]  ? __pfx_do_wp_page+0x10/0x10
[  482.514023][T11082]  ? rt_spin_lock+0x2ce/0x400
[  482.514038][T11082]  ? __pfx_rt_spin_lock+0x10/0x10
[  482.514053][T11082]  ? pte_offset_map_rw_nolock+0xea/0x160
[  482.514066][T11082]  handle_mm_fault+0x9f5/0x13c0
[  482.514081][T11082]  ? handle_mm_fault+0xe7/0x13c0
[  482.514094][T11082]  ? __pfx_handle_mm_fault+0x10/0x10
[  482.514105][T11082]  ? follow_page_pte+0xab3/0xe40
[  482.514121][T11082]  ? __pfx_follow_page_pte+0x10/0x10
[  482.514138][T11082]  __get_user_pages+0x168f/0x2570
[  482.514165][T11082]  __gup_longterm_locked+0xdcf/0x1630
[  482.514179][T11082]  ? lock_acquire+0x106/0x350
[  482.514194][T11082]  ? sanity_check_pinned_pages+0x7a8/0x870
[  482.514215][T11082]  gup_fast_fallback+0x1cf3/0x2040
[  482.514242][T11082]  ? __pfx_gup_fast_fallback+0x10/0x10
[  482.514257][T11082]  ? pin_user_pages_fast+0x4d/0xb0
[  482.514269][T11082]  iov_iter_extract_pages+0x37b/0x5f0
[  482.514292][T11082]  extract_iter_to_sg+0xefb/0x25d0
[  482.514315][T11082]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  482.514339][T11082]  ? __asan_memset+0x22/0x50
[  482.514355][T11082]  af_alg_get_rsgl+0x4b6/0x8e0
[  482.514376][T11082]  skcipher_recvmsg+0x392/0x1140
[  482.514391][T11082]  ? __lock_acquire+0x6b5/0x2cf0
[  482.514410][T11082]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  482.514422][T11082]  ? __lock_acquire+0x6b5/0x2cf0
[  482.514436][T11082]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  482.514448][T11082]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  482.514459][T11082]  ? security_socket_recvmsg+0x7e/0x2c0
[  482.514471][T11082]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  482.514484][T11082]  sock_recvmsg+0x172/0x1b0
[  482.514501][T11082]  ____sys_recvmsg+0x1f2/0x4b0
[  482.514519][T11082]  ? __pfx_____sys_recvmsg+0x10/0x10
[  482.514539][T11082]  ? import_iovec+0x73/0xa0
[  482.514552][T11082]  ___sys_recvmsg+0x215/0x590
[  482.514562][T11082]  ? get_pid_task+0x20/0x1f0
[  482.514578][T11082]  ? __pfx____sys_recvmsg+0x10/0x10
[  482.514593][T11082]  ? __fget_files+0x2a/0x420
[  482.514618][T11082]  ? __fget_files+0x3a6/0x420
[  482.514638][T11082]  __x64_sys_recvmsg+0x1c0/0x2a0
[  482.514651][T11082]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  482.514669][T11082]  ? __pfx_ksys_write+0x10/0x10
[  482.514685][T11082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.514696][T11082]  do_syscall_64+0x15f/0xf80
[  482.514705][T11082]  ? trace_irq_disable+0x3b/0x140
[  482.514717][T11082]  ? clear_bhb_loop+0x40/0x90
[  482.514730][T11082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.514740][T11082] RIP: 0033:0x7f049deacdd9
[  482.514751][T11082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  482.514759][T11082] RSP: 002b:00007f049c0fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  482.514771][T11082] RAX: ffffffffffffffda RBX: 00007f049e125fa0 RCX: 00007f049deacdd9
[  482.514779][T11082] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  482.514786][T11082] RBP: 00007f049c0fe090 R08: 0000000000000000 R09: 0000000000000000
[  482.514793][T11082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.514799][T11082] R13: 00007f049e126038 R14: 00007f049e125fa0 R15: 00007fff465bd338
[  482.514815][T11082]  </TASK>
[  482.868634][ T5612] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  482.869023][ T5612] Bluetooth: hci3: Injecting HCI hardware error event
[  482.880918][ T5615] Bluetooth: hci3: hardware error 0x00
[  483.154197][T11086] FAULT_INJECTION: forcing a failure.
[  483.154197][T11086] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  483.154236][T11086] CPU: 0 UID: 0 PID: 11086 Comm: syz.1.1743 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  483.154289][T11086] Tainted: [L]=SOFTLOCKUP
[  483.154297][T11086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  483.154308][T11086] Call Trace:
[  483.154316][T11086]  <TASK>
[  483.154325][T11086]  dump_stack_lvl+0xe8/0x150
[  483.154352][T11086]  should_fail_ex+0x46b/0x600
[  483.154385][T11086]  _copy_from_iter+0x1d3/0x1670
[  483.154420][T11086]  ? trace_kmem_cache_alloc+0x29/0xe0
[  483.154440][T11086]  ? __alloc_skb+0x27d/0x7d0
[  483.154460][T11086]  ? __pfx__copy_from_iter+0x10/0x10
[  483.154485][T11086]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  483.154506][T11086]  ? __alloc_skb+0x27d/0x7d0
[  483.154529][T11086]  ? netlink_sendmsg+0x650/0xb40
[  483.154548][T11086]  ? skb_put+0x11b/0x210
[  483.154570][T11086]  netlink_sendmsg+0x6c0/0xb40
[  483.154598][T11086]  ? __pfx_netlink_sendmsg+0x10/0x10
[  483.154620][T11086]  ? unwind_get_return_address+0x4d/0x90
[  483.154648][T11086]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  483.154671][T11086]  ____sys_sendmsg+0x94c/0x9c0
[  483.154697][T11086]  ? __pfx_____sys_sendmsg+0x10/0x10
[  483.154726][T11086]  ? import_iovec+0x73/0xa0
[  483.154750][T11086]  ___sys_sendmsg+0x2a5/0x360
[  483.154770][T11086]  ? __lock_acquire+0x6b5/0x2cf0
[  483.154798][T11086]  ? __pfx____sys_sendmsg+0x10/0x10
[  483.154852][T11086]  ? __fget_files+0x2a/0x420
[  483.154876][T11086]  ? __fget_files+0x3a6/0x420
[  483.154910][T11086]  __x64_sys_sendmsg+0x1c3/0x2a0
[  483.154935][T11086]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  483.154966][T11086]  ? __pfx_ksys_write+0x10/0x10
[  483.154995][T11086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.155016][T11086]  do_syscall_64+0x15f/0xf80
[  483.155040][T11086]  ? trace_irq_disable+0x3b/0x140
[  483.155060][T11086]  ? clear_bhb_loop+0x40/0x90
[  483.155081][T11086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.155098][T11086] RIP: 0033:0x7f1eeaf5cdd9
[  483.155114][T11086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  483.155129][T11086] RSP: 002b:00007f1ee91ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  483.155148][T11086] RAX: ffffffffffffffda RBX: 00007f1eeb1d5fa0 RCX: 00007f1eeaf5cdd9
[  483.155162][T11086] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  483.155174][T11086] RBP: 00007f1ee91ae090 R08: 0000000000000000 R09: 0000000000000000
[  483.155186][T11086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  483.155197][T11086] R13: 00007f1eeb1d6038 R14: 00007f1eeb1d5fa0 R15: 00007fff6d7c4758
[  483.155228][T11086]  </TASK>
[  483.459318][ T5715] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  483.481946][T11096] binder: 11093:11096 ioctl c0306201 2000000001c0 returned -22
[  483.947142][ T5715] usb 5-1: unable to get BOS descriptor or descriptor too short
[  483.947233][ T5715] usb 5-1: no configurations
[  483.947246][ T5715] usb 5-1: can't read configurations, error -22
[  484.148586][ T5582] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  484.186133][T11110] FAULT_INJECTION: forcing a failure.
[  484.186133][T11110] name failslab, interval 1, probability 0, space 0, times 0
[  484.186170][T11110] CPU: 0 UID: 0 PID: 11110 Comm: syz.1.1755 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  484.186197][T11110] Tainted: [L]=SOFTLOCKUP
[  484.186204][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  484.186216][T11110] Call Trace:
[  484.186224][T11110]  <TASK>
[  484.186232][T11110]  dump_stack_lvl+0xe8/0x150
[  484.186260][T11110]  should_fail_ex+0x46b/0x600
[  484.186293][T11110]  should_failslab+0xa8/0x100
[  484.186318][T11110]  kmem_cache_alloc_noprof+0x87/0x680
[  484.186339][T11110]  ? __netlink_lookup+0xc6/0x8b0
[  484.186360][T11110]  ? skb_clone+0x212/0x3a0
[  484.186387][T11110]  skb_clone+0x212/0x3a0
[  484.186412][T11110]  __netlink_deliver_tap+0x404/0x850
[  484.186444][T11110]  ? netlink_deliver_tap+0x2e/0x1b0
[  484.186466][T11110]  netlink_deliver_tap+0x19c/0x1b0
[  484.186488][T11110]  netlink_unicast+0x754/0x920
[  484.186526][T11110]  netlink_sendmsg+0x813/0xb40
[  484.186560][T11110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  484.186582][T11110]  ? unwind_get_return_address+0x4d/0x90
[  484.186611][T11110]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  484.186635][T11110]  ____sys_sendmsg+0x94c/0x9c0
[  484.186662][T11110]  ? __pfx_____sys_sendmsg+0x10/0x10
[  484.186693][T11110]  ? import_iovec+0x73/0xa0
[  484.186717][T11110]  ___sys_sendmsg+0x2a5/0x360
[  484.186737][T11110]  ? __lock_acquire+0x6b5/0x2cf0
[  484.186764][T11110]  ? __pfx____sys_sendmsg+0x10/0x10
[  484.186820][T11110]  ? __fget_files+0x2a/0x420
[  484.186845][T11110]  ? __fget_files+0x3a6/0x420
[  484.186879][T11110]  __x64_sys_sendmsg+0x1c3/0x2a0
[  484.186903][T11110]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  484.186933][T11110]  ? __pfx_ksys_write+0x10/0x10
[  484.186963][T11110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.186983][T11110]  do_syscall_64+0x15f/0xf80
[  484.187001][T11110]  ? trace_irq_disable+0x3b/0x140
[  484.187022][T11110]  ? clear_bhb_loop+0x40/0x90
[  484.187045][T11110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.187064][T11110] RIP: 0033:0x7f1eeaf5cdd9
[  484.187081][T11110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  484.187097][T11110] RSP: 002b:00007f1ee91ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  484.187118][T11110] RAX: ffffffffffffffda RBX: 00007f1eeb1d5fa0 RCX: 00007f1eeaf5cdd9
[  484.187138][T11110] RDX: 0000000000000000 RSI: 0000200000009b40 RDI: 0000000000000003
[  484.187150][T11110] RBP: 00007f1ee91ae090 R08: 0000000000000000 R09: 0000000000000000
[  484.187163][T11110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  484.187174][T11110] R13: 00007f1eeb1d6038 R14: 00007f1eeb1d5fa0 R15: 00007fff6d7c4758
[  484.187206][T11110]  </TASK>
[  484.335919][T11110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1755'.
[  484.335955][T11110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1755'.
[  484.397278][ T5582] usb 4-1: not running at top speed; connect to a high speed hub
[  484.411231][ T5582] usb 4-1: config 6 has an invalid interface number: 172 but max is 0
[  484.411260][ T5582] usb 4-1: config 6 contains an unexpected descriptor of type 0x1, skipping
[  484.411278][ T5582] usb 4-1: config 6 contains an unexpected descriptor of type 0x2, skipping
[  484.411297][ T5582] usb 4-1: config 6 has no interface number 0
[  484.411347][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has an invalid descriptor for endpoint zero, skipping
[  484.411371][ T5582] usb 4-1: config 6 interface 172 altsetting 250 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  484.411397][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has an endpoint descriptor with address 0x7B, changing to 0xB
[  484.411422][ T5582] usb 4-1: config 6 interface 172 altsetting 250 endpoint 0xB has invalid maxpacket 28225, setting to 64
[  484.411448][ T5582] usb 4-1: config 6 interface 172 altsetting 250 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  484.411475][ T5582] usb 4-1: config 6 interface 172 altsetting 250 endpoint 0xA has invalid maxpacket 512, setting to 64
[  484.411501][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has an invalid descriptor for endpoint zero, skipping
[  484.411521][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has an invalid descriptor for endpoint zero, skipping
[  484.411542][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has a duplicate endpoint with address 0x1, skipping
[  484.411562][ T5582] usb 4-1: config 6 interface 172 altsetting 250 endpoint 0x9 has an invalid bInterval 97, changing to 4
[  484.411588][ T5582] usb 4-1: config 6 interface 172 altsetting 250 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  484.411614][ T5582] usb 4-1: config 6 interface 172 has no altsetting 0
[  484.550678][ T5582] usb 4-1: language id specifier not provided by device, defaulting to English
[  484.656722][T11117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  484.672577][ T5582] usb 4-1: New USB device found, idVendor=1c9e, idProduct=9605, bcdDevice=2a.87
[  484.672630][ T5582] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.672665][ T5582] usb 4-1: Product: 㤣῿⤠ཆ磔씄ꆧ㳩恼吁㌮ǁ᧾⅟詜얃굠몿ࣿ皫쑕齸⣮鵩㝥ꔞೠ舞ᑍ剸劬쾪዇Ὕꫲ擭ዝ펪䰳ᓚ冇䞨達䢅枤ѣ᩶敽
[  484.798526][T11103] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  484.801040][T11103] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  484.948834][ T5615] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  485.058482][ T5582] option 4-1:6.172: GSM modem (1-port) converter detected
[  485.070945][T11121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1758'.
[  485.171598][T11123] vlan0: entered allmulticast mode
[  485.171621][T11123] macsec0: entered allmulticast mode
[  485.171634][T11123] veth1_macvtap: entered allmulticast mode
[  485.261521][T11125] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1760'.
[  485.319667][ T6115] usb 4-1: USB disconnect, device number 37
[  485.364012][ T6115] option 4-1:6.172: device disconnected
[  485.591017][T11131] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1761'.
[  485.782536][T11134] vivid-000: disconnect
[  485.783302][T11134] vivid-000: reconnect
[  486.038124][ T5715] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  486.225518][ T5715] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.225545][ T5715] usb 5-1: config 0 has no interfaces?
[  486.225575][ T5715] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  486.225587][ T5715] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.277542][ T5715] usb 5-1: config 0 descriptor??
[  486.501930][ T5854] usb 5-1: USB disconnect, device number 83
[  486.871765][ T6115] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  487.832286][T11172] Scaler: =================  START STATUS  =================
[  487.832302][T11172] Scaler: ==================  END STATUS  ==================
[  488.199763][T11174] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1770'.
[  488.199810][T11174] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1770'.
[  488.639558][T11182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.427830][ T6115] usb 1-1: unable to get BOS descriptor or descriptor too short
[  492.427903][ T6115] usb 1-1: no configurations
[  492.427911][ T6115] usb 1-1: can't read configurations, error -22
[  494.254960][T11226] sctp: [Deprecated]: syz.1.1789 (pid 11226) Use of int in max_burst socket option.
[  494.254960][T11226] Use struct sctp_assoc_value instead
[  495.414009][ T5715] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[  495.450100][ T5715] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  495.728107][ T5715] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  495.899134][ T5715] usb 5-1: Using ep0 maxpacket: 16
[  495.904140][ T5715] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  495.904168][ T5715] usb 5-1: config 1 has no interface number 0
[  495.904212][ T5715] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  495.904238][ T5715] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  495.904263][ T5715] usb 5-1: config 1 interface 105 has no altsetting 0
[  495.958196][ T5715] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  495.958226][ T5715] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  495.958246][ T5715] usb 5-1: Product: syz
[  495.958261][ T5715] usb 5-1: Manufacturer: syz
[  495.958276][ T5715] usb 5-1: SerialNumber: syz
[  496.068490][T11236] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  496.069285][T11236] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  496.495532][T11236] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  496.495732][T11236] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  496.793152][T11236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  496.793932][T11236] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  497.851140][T11248] netlink: 'syz.3.1798': attribute type 1 has an invalid length.
[  497.851161][T11248] netlink: 'syz.3.1798': attribute type 2 has an invalid length.
[  498.514981][ T5715] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  498.515417][ T5715] aqc111 5-1:1.105: probe with driver aqc111 failed with error -71
[  498.553647][ T5715] usb 5-1: USB disconnect, device number 84
[  498.867890][ T7412] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  498.915732][ T7412] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  499.148156][ T5715] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  499.529143][ T5715] usb 1-1: Using ep0 maxpacket: 16
[  499.531713][ T5715] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  499.531741][ T5715] usb 1-1: config 1 has no interface number 0
[  499.531801][ T5715] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  499.531826][ T5715] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  499.531851][ T5715] usb 1-1: config 1 interface 105 has no altsetting 0
[  499.607769][ T5715] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  499.607799][ T5715] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  499.607818][ T5715] usb 1-1: Product: syz
[  499.607832][ T5715] usb 1-1: Manufacturer: syz
[  499.607846][ T5715] usb 1-1: SerialNumber: syz
[  499.681200][T11261] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  499.681414][T11261] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  500.101829][T11261] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  500.101946][T11261] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  500.312758][T11261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.313452][T11261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.413499][ T5715] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  500.413869][ T5715] aqc111 1-1:1.105: probe with driver aqc111 failed with error -71
[  500.460859][ T5715] usb 1-1: USB disconnect, device number 66
[  500.701492][ T6115] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  500.884617][ T6115] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  500.884649][ T6115] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.884670][ T6115] usb 4-1: Product: syz
[  500.884685][ T6115] usb 4-1: Manufacturer: syz
[  500.884699][ T6115] usb 4-1: SerialNumber: syz
[  501.510094][ T6115] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  501.510145][ T6115] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  501.510164][ T6115] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  501.580052][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  501.580124][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  502.424766][ T6115] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  503.159722][T11297] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  503.426908][T11305] FAULT_INJECTION: forcing a failure.
[  503.426908][T11305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  503.426945][T11305] CPU: 1 UID: 0 PID: 11305 Comm: syz.2.1817 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  503.426973][T11305] Tainted: [L]=SOFTLOCKUP
[  503.426980][T11305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  503.426992][T11305] Call Trace:
[  503.427000][T11305]  <TASK>
[  503.427008][T11305]  dump_stack_lvl+0xe8/0x150
[  503.427036][T11305]  should_fail_ex+0x46b/0x600
[  503.427069][T11305]  _copy_from_iter+0x1d3/0x1670
[  503.427104][T11305]  ? trace_kmem_cache_alloc+0x29/0xe0
[  503.427125][T11305]  ? __alloc_skb+0x27d/0x7d0
[  503.427144][T11305]  ? __pfx__copy_from_iter+0x10/0x10
[  503.427168][T11305]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  503.427187][T11305]  ? __alloc_skb+0x27d/0x7d0
[  503.427211][T11305]  ? netlink_sendmsg+0x650/0xb40
[  503.427230][T11305]  ? skb_put+0x11b/0x210
[  503.427256][T11305]  netlink_sendmsg+0x6c0/0xb40
[  503.427284][T11305]  ? __pfx_netlink_sendmsg+0x10/0x10
[  503.427306][T11305]  ? unwind_get_return_address+0x4d/0x90
[  503.427333][T11305]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  503.427357][T11305]  ____sys_sendmsg+0x94c/0x9c0
[  503.427383][T11305]  ? __pfx_____sys_sendmsg+0x10/0x10
[  503.427414][T11305]  ? import_iovec+0x73/0xa0
[  503.427443][T11305]  ___sys_sendmsg+0x2a5/0x360
[  503.427463][T11305]  ? __lock_acquire+0x6b5/0x2cf0
[  503.427491][T11305]  ? __pfx____sys_sendmsg+0x10/0x10
[  503.427546][T11305]  ? __fget_files+0x2a/0x420
[  503.427571][T11305]  ? __fget_files+0x3a6/0x420
[  503.427606][T11305]  __x64_sys_sendmsg+0x1c3/0x2a0
[  503.427630][T11305]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  503.427661][T11305]  ? __pfx_ksys_write+0x10/0x10
[  503.427690][T11305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.427711][T11305]  do_syscall_64+0x15f/0xf80
[  503.427729][T11305]  ? trace_irq_disable+0x3b/0x140
[  503.427750][T11305]  ? clear_bhb_loop+0x40/0x90
[  503.427773][T11305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.427792][T11305] RIP: 0033:0x7f1035d0cdd9
[  503.427810][T11305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  503.427826][T11305] RSP: 002b:00007f1033f66028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  503.427848][T11305] RAX: ffffffffffffffda RBX: 00007f1035f85fa0 RCX: 00007f1035d0cdd9
[  503.427862][T11305] RDX: 0000000024000080 RSI: 0000200000000780 RDI: 0000000000000004
[  503.427875][T11305] RBP: 00007f1033f66090 R08: 0000000000000000 R09: 0000000000000000
[  503.427888][T11305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  503.427900][T11305] R13: 00007f1035f86038 R14: 00007f1035f85fa0 R15: 00007ffdcbd835d8
[  503.427931][T11305]  </TASK>
[  503.706121][ T6115] usb 4-1: USB disconnect, device number 38
[  503.831497][   T50] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  503.998118][   T50] usb 5-1: Using ep0 maxpacket: 32
[  504.000758][   T50] usb 5-1: unable to get BOS descriptor or descriptor too short
[  504.002195][   T50] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  504.002219][   T50] usb 5-1: config 0 has no interface number 0
[  504.002251][   T50] usb 5-1: config 0 interface 214 has no altsetting 0
[  504.012127][   T50] usb 5-1: New USB device found, idVendor=cf13, idProduct=e209, bcdDevice=62.e8
[  504.012157][   T50] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.012177][   T50] usb 5-1: Product: syz
[  504.012191][   T50] usb 5-1: Manufacturer: syz
[  504.012205][   T50] usb 5-1: SerialNumber: syz
[  504.033763][   T50] usb 5-1: config 0 descriptor??
[  504.329878][   T50] usb-storage 5-1:0.214: USB Mass Storage device detected
[  504.578142][ T5864] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  504.748204][ T5864] usb 1-1: Using ep0 maxpacket: 32
[  504.752021][ T5864] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  504.752073][ T5864] usb 1-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  504.752100][ T5864] usb 1-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  504.752127][ T5864] usb 1-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  504.755076][ T5864] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  504.755105][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.755126][ T5864] usb 1-1: Product: syz
[  504.755140][ T5864] usb 1-1: Manufacturer: syz
[  504.755155][ T5864] usb 1-1: SerialNumber: syz
[  504.802134][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  504.821731][ T5864] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/input/input25
[  504.998708][ T5775] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  505.048103][ T5864] imon 1-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  505.048124][ T5864]  (id 0x00)
[  505.158429][ T5775] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  505.158462][ T5775] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.158482][ T5775] usb 2-1: Product: syz
[  505.158497][ T5775] usb 2-1: Manufacturer: syz
[  505.158512][ T5775] usb 2-1: SerialNumber: syz
[  505.878227][ T7412] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  505.968594][ T5864] rc_core: IR keymap rc-imon-pad not found
[  505.968616][ T5864] Registered IR keymap rc-empty
[  505.968889][ T5864] imon 1-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  505.968909][ T5864] imon 1-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  505.971663][ T5864] imon:send_packet: packet tx failed (-71)
[  505.998768][ T5864] imon 1-1:155.0: remote input dev register failed
[  505.999060][ T5864] imon 1-1:155.0: imon_init_intf0: rc device setup failed
[  506.039724][ T5775] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  506.039779][ T5775] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  506.039799][ T5775] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  506.158200][ T7412] usb 3-1: Using ep0 maxpacket: 32
[  506.161250][ T7412] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  506.161302][ T7412] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  506.161330][ T7412] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  506.161357][ T7412] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  506.165489][ T7412] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  506.165518][ T7412] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.165539][ T7412] usb 3-1: Product: syz
[  506.165553][ T7412] usb 3-1: Manufacturer: syz
[  506.165568][ T7412] usb 3-1: SerialNumber: syz
[  506.261008][ T5775] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  506.307887][    C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  506.334856][ T7412] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input27
[  506.356234][ T5775] usb 2-1: USB disconnect, device number 40
[  506.995687][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  506.995710][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.055332][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.055354][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.055600][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.055615][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.055826][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.055840][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.121445][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.121466][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.121730][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.121745][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.127388][T11348] netlink: 'syz.1.1830': attribute type 12 has an invalid length.
[  507.127409][T11348] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1830'.
[  507.336819][ T5864] imon 1-1:155.0: unable to initialize intf0, err 0
[  507.336842][ T5864] imon:imon_probe: failed to initialize context!
[  507.336856][ T5864] imon 1-1:155.0: unable to register, err -19
[  507.348753][ T7412] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  507.348774][ T7412]  (id 0x00)
[  507.394817][ T5864] usb 1-1: USB disconnect, device number 67
[  507.791841][ T7412] rc_core: IR keymap rc-imon-pad not found
[  507.791862][ T7412] Registered IR keymap rc-empty
[  507.791940][ T7412] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  507.791958][ T7412] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  507.792309][ T7412] imon:send_packet: packet tx failed (-71)
[  507.808198][ T7412] imon 3-1:155.0: remote input dev register failed
[  507.808365][ T7412] imon 3-1:155.0: imon_init_intf0: rc device setup failed
[  508.241713][T11364] SQUASHFS error: Failed to read block 0x0: -5
[  510.094520][T11373] tmpfs: Unknown parameter 'mp}0*!Pq{�'
[  510.774982][ T7412] imon 3-1:155.0: unable to initialize intf0, err 0
[  510.775004][ T7412] imon:imon_probe: failed to initialize context!
[  510.775017][ T7412] imon 3-1:155.0: unable to register, err -19
[  510.847833][ T7412] usb 3-1: USB disconnect, device number 59
[  513.345010][T11393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1841'.
[  515.832760][T11398] FAULT_INJECTION: forcing a failure.
[  515.832760][T11398] name failslab, interval 1, probability 0, space 0, times 0
[  515.832797][T11398] CPU: 1 UID: 0 PID: 11398 Comm: syz.1.1843 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  515.832827][T11398] Tainted: [L]=SOFTLOCKUP
[  515.832835][T11398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  515.832847][T11398] Call Trace:
[  515.832854][T11398]  <TASK>
[  515.832864][T11398]  dump_stack_lvl+0xe8/0x150
[  515.832891][T11398]  should_fail_ex+0x46b/0x600
[  515.832925][T11398]  should_failslab+0xa8/0x100
[  515.832949][T11398]  __kmalloc_noprof+0xdf/0x7b0
[  515.832970][T11398]  ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[  515.833002][T11398]  genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[  515.833035][T11398]  genl_family_rcv_msg_doit+0xd9/0x330
[  515.833057][T11398]  ? __asan_memcpy+0x40/0x70
[  515.833086][T11398]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  515.833112][T11398]  ? rcu_is_watching+0x15/0xb0
[  515.833139][T11398]  ? cap_capable+0x123/0x460
[  515.833162][T11398]  ? safesetid_security_capable+0xa9/0x1a0
[  515.833187][T11398]  ? bpf_lsm_capable+0x9/0x20
[  515.833209][T11398]  ? security_capable+0x7e/0x2c0
[  515.833241][T11398]  genl_rcv_msg+0x61c/0x7a0
[  515.833272][T11398]  ? __pfx_genl_rcv_msg+0x10/0x10
[  515.833293][T11398]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  515.833318][T11398]  ? __pfx_nl802154_del_llsec_key+0x10/0x10
[  515.833349][T11398]  ? __pfx_nl802154_post_doit+0x10/0x10
[  515.833388][T11398]  netlink_rcv_skb+0x232/0x4b0
[  515.833410][T11398]  ? __pfx_genl_rcv_msg+0x10/0x10
[  515.833435][T11398]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  515.833468][T11398]  ? netlink_deliver_tap+0x2e/0x1b0
[  515.833488][T11398]  ? netlink_deliver_tap+0x2e/0x1b0
[  515.833511][T11398]  genl_rcv+0x28/0x40
[  515.833533][T11398]  netlink_unicast+0x780/0x920
[  515.833570][T11398]  netlink_sendmsg+0x813/0xb40
[  515.833601][T11398]  ? __pfx_netlink_sendmsg+0x10/0x10
[  515.833623][T11398]  ? unwind_get_return_address+0x4d/0x90
[  515.833651][T11398]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  515.833675][T11398]  ____sys_sendmsg+0x94c/0x9c0
[  515.833703][T11398]  ? __pfx_____sys_sendmsg+0x10/0x10
[  515.833734][T11398]  ? import_iovec+0x73/0xa0
[  515.833759][T11398]  ___sys_sendmsg+0x2a5/0x360
[  515.833779][T11398]  ? __lock_acquire+0x6b5/0x2cf0
[  515.833808][T11398]  ? __pfx____sys_sendmsg+0x10/0x10
[  515.833866][T11398]  ? __fget_files+0x2a/0x420
[  515.833892][T11398]  ? __fget_files+0x3a6/0x420
[  515.833927][T11398]  __x64_sys_sendmsg+0x1c3/0x2a0
[  515.833952][T11398]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  515.833984][T11398]  ? __pfx_ksys_write+0x10/0x10
[  515.834014][T11398]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.834035][T11398]  do_syscall_64+0x15f/0xf80
[  515.834053][T11398]  ? trace_irq_disable+0x3b/0x140
[  515.834075][T11398]  ? clear_bhb_loop+0x40/0x90
[  515.834097][T11398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.834116][T11398] RIP: 0033:0x7f1eeaf5cdd9
[  515.834135][T11398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  515.834151][T11398] RSP: 002b:00007f1ee91ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  515.834171][T11398] RAX: ffffffffffffffda RBX: 00007f1eeb1d5fa0 RCX: 00007f1eeaf5cdd9
[  515.834186][T11398] RDX: 0000000024000000 RSI: 0000200000000c80 RDI: 0000000000000004
[  515.834198][T11398] RBP: 00007f1ee91ae090 R08: 0000000000000000 R09: 0000000000000000
[  515.834211][T11398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.834222][T11398] R13: 00007f1eeb1d6038 R14: 00007f1eeb1d5fa0 R15: 00007fff6d7c4758
[  515.834254][T11398]  </TASK>
[  518.469974][T11412] FAULT_INJECTION: forcing a failure.
[  518.469974][T11412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  518.470010][T11412] CPU: 1 UID: 0 PID: 11412 Comm: syz.4.1848 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  518.470036][T11412] Tainted: [L]=SOFTLOCKUP
[  518.470043][T11412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  518.470054][T11412] Call Trace:
[  518.470062][T11412]  <TASK>
[  518.470071][T11412]  dump_stack_lvl+0xe8/0x150
[  518.470098][T11412]  should_fail_ex+0x46b/0x600
[  518.470132][T11412]  _copy_to_user+0x31/0xb0
[  518.470155][T11412]  simple_read_from_buffer+0xe1/0x170
[  518.470187][T11412]  proc_fail_nth_read+0x1be/0x230
[  518.470217][T11412]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  518.470247][T11412]  ? rw_verify_area+0x2ac/0x4e0
[  518.470266][T11412]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  518.470294][T11412]  vfs_read+0x212/0xa80
[  518.470327][T11412]  ? __pfx_vfs_read+0x10/0x10
[  518.470349][T11412]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  518.470378][T11412]  ? lockdep_hardirqs_on+0x7a/0x110
[  518.470404][T11412]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  518.470430][T11412]  ? mutex_lock_nested+0x152/0x1d0
[  518.470451][T11412]  ? fdget_pos+0x252/0x320
[  518.470477][T11412]  ksys_read+0x156/0x270
[  518.470500][T11412]  ? __pfx_ksys_read+0x10/0x10
[  518.470520][T11412]  ? __pfx_fb_ioctl+0x10/0x10
[  518.470546][T11412]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.470566][T11412]  do_syscall_64+0x15f/0xf80
[  518.470583][T11412]  ? trace_irq_disable+0x3b/0x140
[  518.470605][T11412]  ? clear_bhb_loop+0x40/0x90
[  518.470628][T11412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.470647][T11412] RIP: 0033:0x7f049de6d60e
[  518.470665][T11412] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  518.470681][T11412] RSP: 002b:00007f049c0fdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  518.470701][T11412] RAX: ffffffffffffffda RBX: 00007f049c0fe6c0 RCX: 00007f049de6d60e
[  518.470715][T11412] RDX: 000000000000000f RSI: 00007f049c0fe0a0 RDI: 0000000000000004
[  518.470728][T11412] RBP: 00007f049c0fe090 R08: 0000000000000000 R09: 0000000000000000
[  518.470740][T11412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.470752][T11412] R13: 00007f049e126038 R14: 00007f049e125fa0 R15: 00007fff465bd338
[  518.470791][T11412]  </TASK>
[  523.964719][ T5612] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  524.018708][ T5612] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  524.075127][ T5612] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  524.085791][ T5612] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  524.112778][ T5612] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  525.479914][T11419] bond3 (unregistering): Released all slaves
[  526.840038][ T5615] Bluetooth: hci1: command tx timeout
[  528.868718][ T5615] Bluetooth: hci1: command tx timeout
[  529.022082][ T5612] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  529.084624][ T5612] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  529.106510][ T5612] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  529.123466][ T5612] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  529.126757][ T5612] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  529.403584][T11448] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1858'.
[  529.413098][T11449] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  529.468471][T11444] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  530.971464][ T5612] Bluetooth: hci1: command tx timeout
[  531.268112][ T5615] Bluetooth: hci6: command tx timeout
[  533.028366][ T5615] Bluetooth: hci1: command tx timeout
[  533.350490][ T5615] Bluetooth: hci6: command tx timeout
[  535.428684][ T5615] Bluetooth: hci6: command tx timeout
[  537.293861][ T5612] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  537.348328][ T5612] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  537.355906][ T5612] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  537.504362][ T5612] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  537.536958][ T5612] Bluetooth: hci6: command tx timeout
[  537.547347][ T5612] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  537.547685][ T7412] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  537.547984][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  538.208218][ T7412] usb 1-1: device descriptor read/64, error -32
[  538.564958][ T7412] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  538.808070][ T7412] usb 1-1: Using ep0 maxpacket: 16
[  538.835350][ T7412] usb 1-1: unable to get BOS descriptor or descriptor too short
[  538.837231][ T7412] usb 1-1: config 0 has no interfaces?
[  538.958351][ T7412] usb 1-1: New USB device found, idVendor=1371, idProduct=9032, bcdDevice=61.49
[  538.958382][ T7412] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.958401][ T7412] usb 1-1: Product: syz
[  538.958414][ T7412] usb 1-1: Manufacturer: syz
[  538.958427][ T7412] usb 1-1: SerialNumber: syz
[  539.053662][ T7412] usb 1-1: config 0 descriptor??
[  539.254549][ T7412] usb 1-1: can't set config #0, error -71
[  539.266662][ T7412] usb 1-1: USB disconnect, device number 69
[  540.149026][ T5615] Bluetooth: hci7: command tx timeout
[  542.233792][ T5615] Bluetooth: hci7: command tx timeout
[  542.710732][T11494] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  543.458093][ T7412] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  543.670669][ T7412] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  543.670697][ T7412] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  543.670734][ T7412] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  543.670756][ T7412] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.771859][ T7412] usb 1-1: config 0 descriptor??
[  544.308861][ T5615] Bluetooth: hci7: command tx timeout
[  544.475255][   T50] usb 5-1: USB disconnect, device number 85
[  546.389004][ T5615] Bluetooth: hci7: command tx timeout
[  547.361190][ T6115] usb 1-1: USB disconnect, device number 70
[  555.563203][T11482] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  555.622497][T11482] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  555.691043][T11482] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  555.792675][T11482] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  555.812143][T11482] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  558.060495][T11482] Bluetooth: hci8: command tx timeout
[  560.228192][T11482] Bluetooth: hci8: command tx timeout
[  562.308268][T11482] Bluetooth: hci8: command tx timeout
[  563.032781][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  563.032854][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  563.246276][T11439] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.246400][T11439] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.246631][T11439] bridge_slave_0: entered allmulticast mode
[  563.286157][T11439] bridge_slave_0: entered promiscuous mode
[  563.649267][T11439] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.649403][T11439] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.649583][T11439] bridge_slave_1: entered allmulticast mode
[  563.685615][T11439] bridge_slave_1: entered promiscuous mode
[  564.418069][T11433] Bluetooth: hci8: command tx timeout
[  565.039355][ T5615] Bluetooth: hci5: command 0x0406 tx timeout
[  565.674058][T11430] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.674178][T11430] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.674442][T11430] bridge_slave_0: entered allmulticast mode
[  565.765378][T11430] bridge_slave_0: entered promiscuous mode
[  567.367349][T11430] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.367472][T11430] bridge0: port 2(bridge_slave_1) entered disabled state
[  567.367718][T11430] bridge_slave_1: entered allmulticast mode
[  567.484373][ T5615] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  567.550390][T11430] bridge_slave_1: entered promiscuous mode
[  567.924924][ T5615] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  567.926512][ T5615] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  568.018283][ T5615] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  568.019093][ T5615] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  568.214755][T11439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.229629][T11439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.228297][T11482] Bluetooth: hci9: command tx timeout
[  572.308320][T11482] Bluetooth: hci9: command tx timeout
[  574.401048][T11482] Bluetooth: hci9: command tx timeout
[  576.478361][T11482] Bluetooth: hci9: command tx timeout
[  577.574288][T11430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  578.677206][T11430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  578.699969][T11439] team0: Port device team_slave_0 added
[  580.861381][T11439] team0: Port device team_slave_1 added
[  583.539244][T11479] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.539380][T11479] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.539615][T11479] bridge_slave_0: entered allmulticast mode
[  583.694964][T11479] bridge_slave_0: entered promiscuous mode
[  584.012001][T11479] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.012122][T11479] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.012364][T11479] bridge_slave_1: entered allmulticast mode
[  584.564131][ T5615] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  584.618217][ T5615] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  584.688829][ T5615] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  584.731370][ T5615] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  584.732240][ T5615] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  584.993226][T11479] bridge_slave_1: entered promiscuous mode
[  585.055164][T11439] batman_adv: batadv0: Adding interface: batadv_slave_0
[  585.055181][T11439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  585.055209][T11439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  586.056293][T11439] batman_adv: batadv0: Adding interface: batadv_slave_1
[  586.056312][T11439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  586.056340][T11439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  586.868527][ T5615] Bluetooth: hci4: command tx timeout
[  588.043057][T11479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.394031][T11482] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  588.455135][T11482] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  588.465699][T11482] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  588.948578][T11482] Bluetooth: hci4: command tx timeout
[  588.961301][T11479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.964261][T11482] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  589.042090][T11482] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  591.087292][ T5615] Bluetooth: hci4: command tx timeout
[  592.309482][ T5615] Bluetooth: hci10: command tx timeout
[  593.298532][ T5615] Bluetooth: hci4: command tx timeout
[  594.398551][ T5615] Bluetooth: hci10: command tx timeout
[  596.000916][T11479] team0: Port device team_slave_0 added
[  596.471437][ T5615] Bluetooth: hci10: command tx timeout
[  597.320124][T11482] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  597.384130][T11482] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  597.395616][T11482] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  597.412613][T11482] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  597.413450][T11482] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  598.738063][T11482] Bluetooth: hci10: command tx timeout
[  599.518263][T11482] Bluetooth: hci1: command tx timeout
[  601.604792][T11482] Bluetooth: hci1: command tx timeout
[  603.668055][T11482] Bluetooth: hci1: command tx timeout
[  605.772379][T11482] Bluetooth: hci1: command tx timeout
[  616.912754][ T5615] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  616.967857][ T5615] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  616.977144][ T5615] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  617.024603][ T5615] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  617.026613][ T5615] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  619.128108][ T5615] Bluetooth: hci6: command tx timeout
[  621.188175][ T5615] Bluetooth: hci6: command tx timeout
[  623.308032][ T5615] Bluetooth: hci6: command tx timeout
[  624.393696][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  624.393766][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  625.348123][ T5615] Bluetooth: hci6: command tx timeout
[  628.863166][T11482] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  628.903303][T11482] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  628.906014][T11482] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  628.942371][T11482] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  628.976081][T11482] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  631.188329][T11482] Bluetooth: hci7: command tx timeout
[  633.469911][T11482] Bluetooth: hci7: command tx timeout
[  635.698403][T11482] Bluetooth: hci7: command tx timeout
[  637.748430][T11482] Bluetooth: hci7: command tx timeout
[  643.881998][T11566] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR
[  647.306164][ T5615] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  647.638671][ T5615] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  647.652075][ T5615] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  647.653253][ T5615] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  647.653978][ T5615] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  650.300553][ T5615] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  651.015871][ T5615] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  651.079377][ T5615] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  651.127814][ T5615] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  651.136239][ T5615] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  651.511628][T11482] Bluetooth: hci8: command tx timeout
[  653.268263][T11482] Bluetooth: hci9: command tx timeout
[  653.678129][T11482] Bluetooth: hci8: command tx timeout
[  655.348286][T11482] Bluetooth: hci9: command tx timeout
[  655.748670][T11482] Bluetooth: hci8: command tx timeout
[  657.826807][T11482] Bluetooth: hci9: command tx timeout
[  657.865318][T11482] Bluetooth: hci8: command tx timeout
[  660.039096][ T5615] Bluetooth: hci9: command tx timeout
[  660.494971][T11482] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  660.561300][T11482] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  660.584744][T11482] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  660.586377][T11482] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  660.611145][T11482] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  663.918393][ T5615] Bluetooth: hci4: command tx timeout
[  665.988120][T11482] Bluetooth: hci4: command tx timeout
[  668.068302][ T5615] Bluetooth: hci4: command tx timeout
[  670.194167][ T5615] Bluetooth: hci4: command tx timeout
[  681.705460][T11482] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  681.777428][T11482] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  681.796360][T11482] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  682.207417][T11482] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  682.459370][T11482] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  684.684028][ T5615] Bluetooth: hci1: command tx timeout
[  685.966860][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  685.966930][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  686.710693][ T5615] Bluetooth: hci1: command tx timeout
[  687.052229][T11482] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  687.102484][T11482] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  687.105208][T11482] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  687.106565][T11482] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  687.217342][T11482] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  688.788877][T11482] Bluetooth: hci1: command tx timeout
[  689.349776][T11482] Bluetooth: hci2: command tx timeout
[  690.868201][T11482] Bluetooth: hci1: command tx timeout
[  691.428022][T11482] Bluetooth: hci2: command tx timeout
[  693.517476][T11482] Bluetooth: hci2: command tx timeout
[  695.588707][T11482] Bluetooth: hci2: command tx timeout
[  710.047309][ T5615] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  710.114995][ T5615] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  710.143115][ T5615] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  710.246575][ T5615] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  710.265956][ T5615] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  712.398124][T11482] Bluetooth: hci3: command tx timeout
[  714.276719][ T5615] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  714.336595][ T5615] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  714.375253][ T5615] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  714.435362][ T5615] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  714.438562][ T5615] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  714.469532][ T5615] Bluetooth: hci3: command tx timeout
[  716.552312][ T5615] Bluetooth: hci3: command tx timeout
[  718.628150][ T5615] Bluetooth: hci3: command tx timeout
[  718.702307][T11482] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  718.706494][T11482] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  718.730566][T11482] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  718.732145][T11482] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  718.732825][T11482] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  720.328870][ T5615] Bluetooth: hci5: command tx timeout
[  720.975081][ T5615] Bluetooth: hci6: command tx timeout
[  722.388138][ T5615] Bluetooth: hci5: command tx timeout
[  723.250521][ T5615] Bluetooth: hci6: command tx timeout
[  724.478072][ T5615] Bluetooth: hci5: command tx timeout
[  725.278895][ T5615] Bluetooth: hci6: command tx timeout
[  726.558289][ T5615] Bluetooth: hci5: command tx timeout
[  727.358768][ T5615] Bluetooth: hci6: command tx timeout
[  735.748365][   T37] INFO: task syz-executor:5604 blocked for more than 143 seconds.
[  735.748395][   T37]       Tainted: G             L      syzkaller #0
[  735.748407][   T37]       Blocked by coredump.
[  735.748413][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  735.748422][   T37] task:syz-executor    state:D stack:21560 pid:5604  tgid:5604  ppid:1      task_flags:0x40054c flags:0x00080003
[  735.748470][   T37] Call Trace:
[  735.748477][   T37]  <TASK>
[  735.748491][   T37]  __schedule+0x1681/0x54c0
[  735.748556][   T37]  ? __pfx___schedule+0x10/0x10
[  735.748595][   T37]  rt_mutex_schedule+0x76/0xf0
[  735.748617][   T37]  rt_mutex_slowlock_block+0x508/0x680
[  735.748660][   T37]  rt_mutex_slowlock+0x2dc/0x780
[  735.748686][   T37]  ? rt_mutex_slowlock+0x1fd/0x780
[  735.748710][   T37]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  735.748745][   T37]  ? rcu_barrier+0x4c/0x580
[  735.748769][   T37]  ? rcu_barrier+0x4c/0x580
[  735.748794][   T37]  ? rcu_barrier+0x4c/0x580
[  735.748811][   T37]  mutex_lock_nested+0x168/0x1d0
[  735.748832][   T37]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  735.748859][   T37]  rcu_barrier+0x4c/0x580
[  735.748886][   T37]  netdev_run_todo+0x2e0/0xde0
[  735.748916][   T37]  ? __pfx_netdev_run_todo+0x10/0x10
[  735.748938][   T37]  ? kasan_quarantine_put+0xbb/0x1f0
[  735.748958][   T37]  ? lockdep_hardirqs_on+0x7a/0x110
[  735.748991][   T37]  ? netdev_state_change+0x1ca/0x220
[  735.749013][   T37]  ? __pfx_tun_chr_close+0x10/0x10
[  735.749034][   T37]  tun_chr_close+0x13f/0x1c0
[  735.749056][   T37]  __fput+0x461/0xa70
[  735.749093][   T37]  task_work_run+0x1d9/0x270
[  735.749123][   T37]  ? __pfx_task_work_run+0x10/0x10
[  735.749149][   T37]  ? do_exit+0x70a/0x22c0
[  735.749179][   T37]  ? kmem_cache_free+0x187/0x6c0
[  735.749201][   T37]  ? put_net+0x191/0x260
[  735.749220][   T37]  ? do_exit+0x70a/0x22c0
[  735.749248][   T37]  do_exit+0x70f/0x22c0
[  735.749274][   T37]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  735.749305][   T37]  ? __pfx_do_exit+0x10/0x10
[  735.749327][   T37]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  735.749349][   T37]  ? reacquire_held_locks+0x104/0x190
[  735.749375][   T37]  ? rt_spin_lock+0x1e0/0x400
[  735.749410][   T37]  do_group_exit+0x21b/0x2d0
[  735.749435][   T37]  ? rt_spin_unlock+0x160/0x200
[  735.749460][   T37]  get_signal+0x125c/0x1310
[  735.749502][   T37]  arch_do_signal_or_restart+0xbc/0x830
[  735.749531][   T37]  ? __pfx___x64_sys_wait4+0x10/0x10
[  735.749558][   T37]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  735.749602][   T37]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.749624][   T37]  exit_to_user_mode_loop+0x86/0x480
[  735.749646][   T37]  ? rcu_is_watching+0x15/0xb0
[  735.749673][   T37]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.749693][   T37]  do_syscall_64+0x33e/0xf80
[  735.749712][   T37]  ? trace_irq_disable+0x3b/0x140
[  735.749734][   T37]  ? clear_bhb_loop+0x40/0x90
[  735.749758][   T37]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.749777][   T37] RIP: 0033:0x7f049de6d60e
[  735.749795][   T37] RSP: 002b:00007fff465bd638 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[  735.749816][   T37] RAX: fffffffffffffe00 RBX: 0000555562f3e500 RCX: 00007f049de6d60e
[  735.749830][   T37] RDX: 0000000040000000 RSI: 00007fff465bd6dc RDI: ffffffffffffffff
[  735.749844][   T37] RBP: 00007fff465bd6dc R08: 0000000000000000 R09: 0000000000000000
[  735.749857][   T37] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000012a
[  735.749878][   T37] R13: 0000555562f519f0 R14: 00000000000838d8 R15: 00007fff465bd730
[  735.749910][   T37]  </TASK>
[  735.749999][   T37] 
[  735.749999][   T37] Showing all locks held in the system:
[  735.750010][   T37] 5 locks held by ktimers/0/16:
[  735.750027][   T37] 3 locks held by rcuc/0/20:
[  735.750040][   T37] 1 lock held by khungtaskd/37:
[  735.750051][   T37]  #0: ffffffff8dfc8140 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  735.750104][   T37] 8 locks held by kworker/1:1/50:
[  735.750120][   T37] 3 locks held by kworker/u8:6/768:
[  735.750131][   T37]  #0: ffff888032df7138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  735.750185][   T37]  #1: ffffc900053f7c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  735.750232][   T37]  #2: ffffffff8f355e78 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680
[  735.750232][   T37]  #2: ffffffff8f355e78 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680
[  735.750279][   T37] 2 locks held by kworker/u8:8/1058:
[  735.750290][   T37]  #0: ffff88801a074938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  735.750339][   T37]  #1: ffffc900061efc40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  735.750397][   T37] 2 locks held by kworker/u8:12/2932:
[  735.750408][   T37]  #0: ffff88801a074938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  735.750461][   T37]  #1: ffffc90007b7fc40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  735.750508][   T37] 6 locks held by kworker/u8:13/3055:
[  735.750522][   T37] 2 locks held by getty/5352:
[  735.750533][   T37]  #0: ffff8880376fb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  735.750578][   T37]  #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[  735.750629][   T37] 1 lock held by syz-executor/5604:
[  735.750640][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.750688][   T37] 2 locks held by kworker/0:8/5854:
[  735.750699][   T37] 2 locks held by kworker/0:9/6115:
[  735.750711][   T37] 4 locks held by kworker/u8:20/7009:
[  735.750721][   T37]  #0: ffff88801b290938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  735.750767][   T37]  #1: ffffc90006adfc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  735.750811][   T37]  #2: ffffffff8f347140 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
[  735.750854][   T37]  #3: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.750900][   T37] 1 lock held by syz.3.1827/11338:
[  735.750911][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.750955][   T37] 1 lock held by syz.2.1839/11380:
[  735.750966][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751009][   T37] 1 lock held by syz.1.1850/11419:
[  735.751020][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751063][   T37] 1 lock held by syz-executor/11430:
[  735.751074][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751118][   T37] 1 lock held by syz-executor/11439:
[  735.751129][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751179][   T37] 1 lock held by syz-executor/11479:
[  735.751190][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751233][   T37] 1 lock held by syz.0.1871/11513:
[  735.751245][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751288][   T37] 1 lock held by syz-executor/11527:
[  735.751299][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751343][   T37] 1 lock held by syz-executor/11548:
[  735.751354][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751398][   T37] 1 lock held by syz-executor/11566:
[  735.751409][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751451][   T37] 1 lock held by syz-executor/11573:
[  735.751461][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751504][   T37] 1 lock held by syz-executor/11584:
[  735.751515][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751558][   T37] 1 lock held by syz-executor/11608:
[  735.751569][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751612][   T37] 1 lock held by syz-executor/11630:
[  735.751622][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751665][   T37] 1 lock held by syz-executor/11657:
[  735.751676][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751724][   T37] 1 lock held by syz-executor/11674:
[  735.751735][   T37]  #0: ffffffff8dfce2f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  735.751779][   T37] 2 locks held by syz-executor/11705:
[  735.751790][   T37]  #0: ffffffff8f8a7e30 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  735.751839][   T37]  #1: ffffffff8f355e78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0
[  735.751881][   T37] 3 locks held by syz-executor/11710:
[  735.751893][   T37] 1 lock held by syz-executor/11740:
[  735.751904][   T37]  #0: ffffffff8f355e78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0
[  735.751947][   T37] 2 locks held by modprobe/11772:
[  735.751958][   T37] 6 locks held by modprobe/11774:
[  735.751970][   T37] 
[  735.751975][   T37] =============================================
[  735.751975][   T37] 
[  735.751992][   T37] NMI backtrace for cpu 1
[  735.752009][   T37] CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  735.752035][   T37] Tainted: [L]=SOFTLOCKUP
[  735.752042][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  735.752053][   T37] Call Trace:
[  735.752061][   T37]  <TASK>
[  735.752068][   T37]  dump_stack_lvl+0xe8/0x150
[  735.752092][   T37]  nmi_cpu_backtrace+0x274/0x2d0
[  735.752115][   T37]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  735.752138][   T37]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  735.752170][   T37]  sys_info+0x135/0x170
[  735.752190][   T37]  watchdog+0xfd3/0x1030
[  735.752218][   T37]  ? watchdog+0x1c9/0x1030
[  735.752245][   T37]  kthread+0x388/0x470
[  735.752269][   T37]  ? __pfx_watchdog+0x10/0x10
[  735.752287][   T37]  ? __pfx_kthread+0x10/0x10
[  735.752312][   T37]  ret_from_fork+0x514/0xb70
[  735.752336][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  735.752356][   T37]  ? __switch_to+0xc79/0x1410
[  735.752384][   T37]  ? __pfx_kthread+0x10/0x10
[  735.752409][   T37]  ret_from_fork_asm+0x1a/0x30
[  735.752446][   T37]  </TASK>
[  735.752453][   T37] Sending NMI from CPU 1 to CPUs 0:
[  735.752485][    C0] NMI backtrace for cpu 0
[  735.752501][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  735.752523][    C0] Tainted: [L]=SOFTLOCKUP
[  735.752529][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  735.752539][    C0] RIP: 0010:memset_orig+0x25/0xb0
[  735.752558][    C0] Code: 90 90 90 90 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01 48 0f af c1 41 89 f9 41 83 e1 07 75 74 48 89 d1 48 c1 e9 06 <74> 39 66 0f 1f 84 00 00 00 00 00 48 ff c9 48 89 07 48 89 47 08 48
[  735.752571][    C0] RSP: 0018:ffffc90000156550 EFLAGS: 00000246
[  735.752585][    C0] RAX: 0000000000000000 RBX: ffffc900001566d8 RCX: 0000000000000000
[  735.752596][    C0] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc900001566d8
[  735.752607][    C0] RBP: dffffc0000000000 R08: ffffc900001566e7 R09: 0000000000000000
[  735.752618][    C0] R10: ffffc900001566d8 R11: fffff5200002acdd R12: ffffc90000156688
[  735.752629][    C0] R13: 1ffff9200002acd3 R14: ffffc90000156688 R15: ffffc900001566d0
[  735.752641][    C0] FS:  0000000000000000(0000) GS:ffff88812617d000(0000) knlGS:0000000000000000
[  735.752654][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  735.752666][    C0] CR2: 00007f8adc1aee9c CR3: 000000000ddb6000 CR4: 00000000003526f0
[  735.752680][    C0] Call Trace:
[  735.752686][    C0]  <TASK>
[  735.752692][    C0]  unwind_next_frame+0xf33/0x2550
[  735.752715][    C0]  ? unwind_next_frame+0xa6/0x2550
[  735.752733][    C0]  ? __unwind_start+0xf7/0x760
[  735.752754][    C0]  __unwind_start+0x5b8/0x760
[  735.752774][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  735.752792][    C0]  arch_stack_walk+0xe3/0x150
[  735.752813][    C0]  ? arch_stack_walk+0xe3/0x150
[  735.752833][    C0]  stack_trace_save+0xa9/0x100
[  735.752849][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  735.752868][    C0]  ? unwind_next_frame+0xa6/0x2550
[  735.752887][    C0]  kasan_save_track+0x3e/0x80
[  735.752930][    C0]  __kasan_kmalloc+0x93/0xb0
[  735.752946][    C0]  __kmalloc_cache_noprof+0x3a6/0x690
[  735.752964][    C0]  ? ref_tracker_alloc+0x15e/0x4a0
[  735.752982][    C0]  ref_tracker_alloc+0x15e/0x4a0
[  735.752998][    C0]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  735.753020][    C0]  ? rcu_is_watching+0x15/0xb0
[  735.753039][    C0]  ? trace_kmem_cache_alloc+0x29/0xe0
[  735.753057][    C0]  dst_init+0xd9/0x480
[  735.753077][    C0]  dst_alloc+0x12a/0x170
[  735.753095][    C0]  ip_route_output_key_hash_rcu+0x14d0/0x25d0
[  735.753118][    C0]  ? ip_route_output_key_hash+0xd8/0x2a0
[  735.753135][    C0]  ip_route_output_key_hash+0x18d/0x2a0
[  735.753150][    C0]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  735.753175][    C0]  ip_route_output_flow+0x2a/0x150
[  735.753195][    C0]  ? ip_route_me_harder+0x730/0xf90
[  735.753212][    C0]  ip_route_me_harder+0x742/0xf90
[  735.753232][    C0]  ? __pfx_ip_route_me_harder+0x10/0x10
[  735.753255][    C0]  ? __cookie_v4_init_sequence+0x25d/0x500
[  735.753279][    C0]  synproxy_send_tcp+0x34c/0x670
[  735.753299][    C0]  synproxy_send_client_synack+0x8c1/0xe30
[  735.753325][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  735.753342][    C0]  ? nft_tunnel_opts_dump+0x408/0xde0
[  735.753357][    C0]  ? synproxy_pernet+0x45/0x270
[  735.753378][    C0]  nft_synproxy_eval_v4+0x34a/0x4e0
[  735.753399][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  735.753426][    C0]  ? nf_ip_checksum+0x13c/0x510
[  735.753448][    C0]  nft_synproxy_do_eval+0x305/0x580
[  735.753465][    C0]  ? reacquire_held_locks+0x104/0x190
[  735.753493][    C0]  ? rt_spin_lock+0x1e0/0x400
[  735.753512][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  735.753540][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[  735.753571][    C0]  nft_do_chain+0x467/0x19f0
[  735.753598][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  735.753631][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  735.753653][    C0]  nft_do_chain_inet+0x360/0x4b0
[  735.753674][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  735.753697][    C0]  ? NF_HOOK+0x9e/0x3c0
[  735.753715][    C0]  ? NF_HOOK+0x9e/0x3c0
[  735.753733][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  735.753752][    C0]  nf_hook_slow+0xc5/0x220
[  735.753771][    C0]  NF_HOOK+0x21f/0x3c0
[  735.753790][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  735.753809][    C0]  ? NF_HOOK+0x9e/0x3c0
[  735.753826][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  735.753843][    C0]  ? ip_rcv_finish_core+0xda3/0x1c00
[  735.753863][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  735.753885][    C0]  ? ip_local_deliver+0x12a/0x1b0
[  735.753905][    C0]  NF_HOOK+0x336/0x3c0
[  735.753922][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  735.753944][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  735.753962][    C0]  ? NF_HOOK+0x9e/0x3c0
[  735.753980][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  735.753999][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  735.754020][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  735.754038][    C0]  ? process_backlog+0x271/0xc60
[  735.754057][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  735.754075][    C0]  process_backlog+0x569/0xc60
[  735.754105][    C0]  __napi_poll+0xab/0x550
[  735.754125][    C0]  net_rx_action+0x696/0xe00
[  735.754144][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  735.754171][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  735.754207][    C0]  handle_softirqs+0x1de/0x6d0
[  735.754227][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  735.754244][    C0]  run_ktimerd+0x69/0x100
[  735.754261][    C0]  smpboot_thread_fn+0x541/0xa50
[  735.754279][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  735.754301][    C0]  kthread+0x388/0x470
[  735.754319][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  735.754336][    C0]  ? __pfx_kthread+0x10/0x10
[  735.754355][    C0]  ret_from_fork+0x514/0xb70
[  735.754373][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  735.754389][    C0]  ? __switch_to+0xc79/0x1410
[  735.754410][    C0]  ? __pfx_kthread+0x10/0x10
[  735.754434][    C0]  ret_from_fork_asm+0x1a/0x30
[  735.754460][    C0]  </TASK>
[  736.244912][   T37] Kernel panic - not syncing: hung_task: blocked tasks
[  736.244943][   T37] CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  736.244975][   T37] Tainted: [L]=SOFTLOCKUP
[  736.244982][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  736.244993][   T37] Call Trace:
[  736.245002][   T37]  <TASK>
[  736.245012][   T37]  vpanic+0x56c/0xa60
[  736.245039][   T37]  ? __pfx___schedule+0x10/0x10
[  736.245066][   T37]  ? __pfx_vpanic+0x10/0x10
[  736.245097][   T37]  panic+0xc5/0xd0
[  736.245118][   T37]  ? __pfx_panic+0x10/0x10
[  736.245141][   T37]  ? preempt_schedule_thunk+0x16/0x30
[  736.245173][   T37]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  736.245200][   T37]  watchdog+0x102c/0x1030
[  736.245230][   T37]  ? watchdog+0x1c9/0x1030
[  736.245256][   T37]  kthread+0x388/0x470
[  736.245281][   T37]  ? __pfx_watchdog+0x10/0x10
[  736.245299][   T37]  ? __pfx_kthread+0x10/0x10
[  736.245324][   T37]  ret_from_fork+0x514/0xb70
[  736.245348][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  736.245369][   T37]  ? __switch_to+0xc79/0x1410
[  736.245404][   T37]  ? __pfx_kthread+0x10/0x10
[  736.245430][   T37]  ret_from_fork_asm+0x1a/0x30
[  736.245468][   T37]  </TASK>
[  736.245884][   T37] Kernel Offset: disabled