last executing test programs:

8m19.992758983s ago: executing program 1 (id=804):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xe, 0x1, 'connbytes\x00'}, @NFTA_MATCH_INFO={0x1c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c4639"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000100)=[r7, r8], 0x2)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r9, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

8m17.248325392s ago: executing program 1 (id=813):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x20, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0xc0}, 0x1, 0x0, 0x0, 0x1}, 0x80)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180), 0xfefc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000002000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000262000/0x1000)=nil, &(0x7f0000260000/0x4000)=nil, &(0x7f0000008000/0x3000)=nil, &(0x7f0000947000/0x1000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000663000/0x1000)=nil, &(0x7f000000c000/0x2000)=nil, 0x0}, 0x68)

8m16.993353523s ago: executing program 1 (id=815):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040))

8m16.76755407s ago: executing program 1 (id=817):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1400000010007c0000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000010900020073797a310000000008000a40fffffffc400000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180050001"], 0xa4}}, 0x40)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d900ffff010000000080000055070000090000004ad092c18bd746530ff6340fbb5b23a7d03feb3031f8350f883b7412caa22edd56d7becedd0ba1975102bf92508f086c523596de6fe1e7a294bef0e4c4fd52ef43c3f522fc0e5945d66bdec9f9c65723a6a12c9658e3c81ca77482b6d10973289bebe62bf612b012ebb50625de622cf20ade86fce89d970399925e28bf01f7e949a0460456dcc16674d47b3a193b96969758b2eae60b11f6593d27c4586af21becd8a51191b124b5f3063d3886fa3bde15d1c65205931c13a8d9bdc11f17851e270d9cbe32bd790ca25feaab70914d1c9fa0892da97efcebd9"], 0x1f1)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x0, 0x3, 0x1, 0x8}}]}}]}, 0x44}}, 0x4000010)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
bind(r6, &(0x7f0000000140)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x0, 0x2}}, 0x80)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r7, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0, 0xfffffffffffffe9a})
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x40000108, 0x0, 0x7}]})
r9 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r10, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r11, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000240)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0\x00')
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r9, 0xc2c45513, &(0x7f0000000640)={{0x8, 0x2, 0x5, 0x3, 'syz1\x00', 0x8}, 0x0, [0x2, 0x8, 0x8, 0x80000002, 0x8, 0xffb, 0x4, 0x40, 0x6, 0xffff, 0x2, 0x1, 0x80000000, 0x9, 0x5, 0x3f, 0x51, 0x8, 0x6, 0x5, 0xa7, 0x8a, 0x3, 0x5, 0xff, 0x7fff, 0xffffaca7, 0x401, 0x5, 0x0, 0xd, 0x3, 0x0, 0x3, 0x9, 0xb, 0x0, 0x7fff, 0x7f, 0x5fc, 0x8da95e8, 0x80, 0x0, 0x0, 0x100, 0xda, 0x6d, 0x3b00, 0x80000001, 0x3, 0xfffffff7, 0x0, 0x1, 0xfffffffe, 0x6, 0x5, 0x1000006, 0x80, 0x6, 0xfff, 0x9, 0x7, 0x0, 0xfffffffb, 0x4dd8, 0x10001, 0x4, 0x1, 0x0, 0xc, 0xc, 0x7, 0x3, 0xdbd, 0x6, 0x619, 0xfffffff8, 0x1, 0x400, 0x7, 0xa84, 0x9, 0xeb18, 0x7, 0xb9, 0x10000, 0x9, 0x100000, 0xe8f, 0xa75, 0x6d9, 0x3, 0x8, 0x8000000, 0x800, 0xf242, 0xffff, 0x9, 0x9, 0xffff, 0x8, 0x80, 0x9, 0x9, 0xcb, 0xd, 0x81, 0x80000001, 0x5, 0x6, 0x2, 0x0, 0x6, 0x1, 0x4, 0xba, 0x6, 0x1, 0x7, 0x6, 0x3, 0x5, 0x5, 0x5315, 0x4, 0x4, 0x3, 0x4]})
openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)

8m16.293057737s ago: executing program 1 (id=821):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x6, 0x9, &(0x7f0000000080)={{0x3c, @loopback, 0x4e20, 0x5, 'wlc\x00', 0x0, 0x7ff, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x3, 0xaf, 0x0, 0x42}}, 0x44)
getsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f0000000040))
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x1)
fchdir(r2)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x26a200, 0x4)
lseek(r1, 0x100, 0x0)
rmdir(&(0x7f0000000080)='./file0\x00')
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000900)='.\x00', 0x0, 0x0)
mkdirat(r5, &(0x7f0000000180)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r6 = landlock_create_ruleset(&(0x7f0000000140)={0x6000}, 0x18, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x2148c3, 0x13d)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000340)={0x6000, r7}, 0x0)
landlock_restrict_self(r6, 0x0)
renameat2(r5, &(0x7f0000000380)='./file0\x00', r5, &(0x7f0000000200)='./bus/file0\x00', 0x0)
write(r4, &(0x7f0000000300)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49ef18e2a96e41f206d930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de0000000000000000000000000000f1d3b9821c18", 0x80)

8m15.64538098s ago: executing program 1 (id=823):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, 0x1810, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x84}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}, @IFLA_BR_NF_CALL_ARPTABLES={0x5, 0x26, 0x1}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x4800)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001848128008000100767469000c0002800800050064010100"], 0x38}, 0x1, 0x0, 0x0, 0x58840}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x101, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = dup(r6)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r6, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="80", 0x1}], 0x1}, 0x4048043)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r7, 0x84, 0x23, &(0x7f0000000100)={0x0, 0x3}, 0x8)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, 'lo\x00'}}, 0x1e)
syz_emit_ethernet(0x4e, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd64fde9e200180000fc01000000000000000000000000000000000000000000000000ffffac1414aa3b02010300000000fc010000000000000000000000000001142898878544aeedc06d4d6568398d21e229b6c2c2d092c2489601ddd4dd10527981d07d5b7896f6e65a784c84369f"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

8m15.122925121s ago: executing program 32 (id=823):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, 0x1810, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x84}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}, @IFLA_BR_NF_CALL_ARPTABLES={0x5, 0x26, 0x1}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x4800)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001848128008000100767469000c0002800800050064010100"], 0x38}, 0x1, 0x0, 0x0, 0x58840}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x101, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = dup(r6)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r6, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="80", 0x1}], 0x1}, 0x4048043)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r7, 0x84, 0x23, &(0x7f0000000100)={0x0, 0x3}, 0x8)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, 'lo\x00'}}, 0x1e)
syz_emit_ethernet(0x4e, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd64fde9e200180000fc01000000000000000000000000000000000000000000000000ffffac1414aa3b02010300000000fc010000000000000000000000000001142898878544aeedc06d4d6568398d21e229b6c2c2d092c2489601ddd4dd10527981d07d5b7896f6e65a784c84369f"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6m50.124291085s ago: executing program 3 (id=1200):
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'vlan1\x00'})
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004afa003c0064000007069078ac1414bbac1414bb44140871ac141440000000eae0000002000000024e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0)
write(r1, &(0x7f00000000c0)="822a0a65bd8c2c2b03", 0x9)
lstat(&(0x7f0000000080)='./file2\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r6)
getpgid(r6)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="c002000040000900000000000000000002000000ac0206800400df00a38fb9987793169c0f316af4530f6b21f4d4c4636d5d8e0ceff8825aa599817cf7334e91f0ee0733259e86bd82a1c59cdb0400d68008001400971935b471b3af407ec5a7f2bf805b84fb9f85c358866abc70aef5af3c56f5a82ef256f862b97edb23d9935847fba236dae282191212b2fafd7e9c090ac74cec05b01f439941e1b6a3520b33b58d4b70ea4c0c3ff6a2f3b8768e86792b4d08395782a08cef1b6e2a7dcf4359997ae743790056354bb507480b8f31996a6eaa94a800d26d647c28522744ab0bf453b5e04781f40759f31341d5841dbca873b4e58d6fc2c98d8df7cdf438d4e74ac4916cfd7e7eada78001e7182b4825de16cd77f88665182a64dbad12c42d69ab76e1ab440b60ac23ca012fa81fde68d2a9494d2d28cdcd28c7cb467cbd4fd6c45ffbfaf0", @ANYRES32=r6, @ANYBLOB="1400c800fc0200000000000000000000000000012b23fcdcaf16cf29bafbcd04fada8c4f3aca8fbbecd15cb10d789da6bbf0d672d3b56f1fd29159758f36cdcadb72a97cbdea5e4479bb143245d71e1ea6780ef03a947b1d14500e5f2e9daeed6a09d161e951c2bd934d56b0a5de3c973b667f28ec5eafb944ef12a559dfcdefba1f2aa5d000231ffb3415368a3bbf0878ad171c767ba5145b279d34073efc96656853dac8b66178c5bae59aef2d8a5202748be95debfda293745de08d0e6ea1891fe2aaa719ae1a7c57462091dacdf1d324b3e2c38eb882c6ae1700b600408008007500", @ANYRES32=r5, @ANYBLOB="2386c4d635995117d046107d0cb8cfc45e7c81524c929f2a1096bef5a5ec39cde1a70fc2530ba5a2ba1171d80b7286d23b0e84a9ed656c03c02cf83116940e7293a5efcde948559849d7ac69944d60e86f9da8543078fa38d1c1ecbf9765ad0e27ac09a601933297ff4342c6da5c5246a54600ba0be8eac34880f877e0e163d7deaa9d9fe8235fc3f2043598f3d1a05fd940822806cf0b94970c46955a776f38946264bc2437ac8e8ae10000fe77ea6bea76eff8f83c5e4d60fb8935ffc760a9f2bc21c52ee1acc9fb6d1217ae154132311fbec2f44d732007f6784ff82b6411b92b3b2df20a6aab5d17d954627bbaa4c1754ce7fe76c856365500e56e450d0ae355431a1477a2b0bab5a19e97e97edc78f5bcb652327b018d3c8068457f0254f1bf705cc51fb4787eba331939ad11c26578d8592f9a1eb88e24f2a1f39dccc21b5866b1d22efa7de2997d43882e661b7dee909088346db981011518f644c831f627afba6dc91508003e00", @ANYRES32=r5, @ANYBLOB="0400ae0000"], 0x2c0}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)

6m49.055027309s ago: executing program 3 (id=1204):
syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket(0x2d, 0x2, 0x3)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r3=>0xffffffffffffffff})
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000300)='source', &(0x7f0000000180)='%\xde({^\xfa@:', 0x0)
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000000)={"0300000000000000f2e2ad238e7b448e00", r3, <r5=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
close_range(r0, r5, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

6m46.851375228s ago: executing program 3 (id=1216):
r0 = socket$netlink(0x10, 0x3, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x5)
sendmsg$nl_netfilter(r1, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000000004010125bd70dbdf250a000005"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x48000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="300000001d000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="400010040a001200aaaaaaaaaa0c00000600050001000000b094cc330d2d8f9abb6c364955702453534d8486717106ca8e4a555e100681f66276cfe5ee15f3e26ec868231b8d9f4e2f782bb6591aeb5eec645421f7045ec43867bc1633ca827ad42ad8816e7d820932943d5d74b7cea7b49133d25f3f3bcd7c8e36601d52adf66452fa55a3b9358f99b829603d044d5f7b06dd40fbb93a67edffc33617de8a05e140a281a2068fa7f76fea2507ca68d85e10dc5d3dae2ad7579cff7fffff17b683ff210ac0888dc6c741335bfd4da83ba15fddf2cc63eccac0a5cb5dd39777e60368e0206627e50e8f24c7b826b1148a213a1338052b6e407b3f55ddac2aabf86ef8b00ade4aa202662fc2c3ff082c00fa4b139decfd43b2a2a403450a659b380dcf04141ab79cfdb6e89ea20e42522cb3e5"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000050000000200000007"], 0x50)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0xb7, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000040), 0x1e)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "42b2d50a553bcc17", "bec0d06a628a17f3a6c45e1a5ead32cf", "ff0fb494", "8667886c7eb3a50f"}, 0x28)
sendto$inet6(r7, 0x0, 0x0, 0x8080, 0x0, 0x0)
fchdir(r6)
r8 = openat$vimc0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r8, 0xc02c564a, &(0x7f0000000080)={0x6, 0x48574653, 0x1, @stepwise={0x3, 0x5, 0x4, 0x4, 0x2, 0x8}})
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x803, 0x0)
getdents(r2, &(0x7f00000004c0)=""/3, 0x3)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r5}, 0x38)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180000006a000200000000000000000008004200", @ANYRES32=0x0, @ANYBLOB="66c4025d07c6c4c0e2b4addf06098afb3204c1ea64f8f12d5806109a2e21aa1cfd"], 0x18}], 0x1}, 0x0)
r11 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r11, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%\x00,:', 0x0)

6m46.640331847s ago: executing program 3 (id=1220):
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x1, 0x38775951944642b9, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0xf}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="d56cea33946c0eae3241d3604bfce89adddb2eb96960338db7572fa254eb7c69dc0cb526989630e26224c258c8d70ccacc5564d67723f4756c0399174c5460c4995942d24092c36dc820e97344798b5bb45423f853bf50e374323abacf0388cd091016b7a3d7843f4d3ae1658bd34d967e3323a64908442788dbc99c1f4248da53fb5be2c8001236b994ca594e3b3c588beaf3cb1c32c072d768b9e665e7d87044fdfc1fd6452593e6793963153f3850bf85042a5c139799ba8f6cb8d877fc436c4f1601270d6e29d60a4c80d6315e46f4219494ce897127d0b76f5d681e90f4e9282468ef7993cd92076aed266c1db8b81b93adc4969c9b89b32b8768c9f39f2d148e933dbb651746a9364f49986ef73b4c29f647b82b83216bb8179fe5346fdacdc5fda4bd48875cd2f1cf57a0c9a91e059446bac310a6d68948675c35a8e442168fd84d78d9800e5b05bdbce3a6eac65bee7279a3628f2a08931d3d52ce490652c20f8ae529eaf24bf421dad976c68b234ee6f6210c9f9aac3a55c6939d6aa3805b95619546264ff3ff82d0dc690e8ead61b6ed528c3c117cd771a3b7feb214ce8d720640d97f14b399b7f46dc4aad83117e8e642ccb117d13f345536fc3801c124cfaf8aa7aafff6c8df3fdd4469c077eccbd8ddacad80d9113dfde26ae67b226185743b2d53667fb3016fe114f87484ab614ddf0887c4b2c85351ab21a0ece6c066a154b38b4d7c1792d2db2cc5f8ceb42078187949d354b7a08d1529f3d10814757179c860db031dad4a3dc13ca01d1013238ed5f7a9674fcc77f0d34e2118fb851c970d86ecf9de1cfdb8d3ab197480e263c3207c3d7ebe17f9547c7c56b08e83de875294d0fd68df1926ecac24350b2c70bd73e14122ed480c564353d34049e67c26036fc35d04022cd35d6ac00756d3b8550bb22ae80a4bd630a00268d07fa249b0bf545dfbf01bea2f12b30738c6e13156244eb24e6d69ba7c3acdbbefe8bbc06b821aebf836ca07a3cc7b6b24686ed8f3b23085c893e72188b797651c5ab5cceb1465414a325f793a3af6d06eed7eb734ad05bc1f6619e8485259f570a482a67273ee01fe15dd938afce026f1111c7a38ed6d1aba34f009ce1e99140fd0db2de74150541fd48dd2ec5b1d15669de2ffe3a198184b6186ccda31aa64c585ff8cb65b67fe1455753895a88b6ab4c6bf1bb8329739178147e6f15801bfa707bd9ec9da662573ce07af684bb7c880a7d63b0a0a7300881408c44e95c679ea32b0eab845d0b333f245e8d6006258678704aa8cccdaf80cc46138d5b7a0804fdfa34c91d61a0d2fa6c62e7d1a675e5743f845ab40ea5df0182d6eb9781905c94751c75a411699a76f48433142c5f109d5dfddcc0b1dc6254efd5ea50d6ffbc7b9ca031e1a0123844b63c48b964645c6d24707582825e219bcd61677ed4fc45ee1f4be91b4c1b856d65a86acf22b8b0d588bc473248ac040326b1490c2fea24bc0c0a721e2ed63e39973cd4d38df1001dba9b9d995c229655dd26f3cd3d64077ec111e2c370717cb4cd068e0d3a52f1027d3df953e1f1ac768a7215a3695722b1b6714ce43801451a9532212b651d073c780d61712aebadd145c1cd95c1dc0dcf51850046ae5771e365f45858a36e48afe563ec0afee3803ff6a35bc25217b53eda39bb813b8d3d728c21a0b80d014003143666c0d1398cc46a01aaaf97117edda217f984010e7c5cf32535a669d4f11f6b70e3a3b823987ef7c9f878415063bf05205e13bcf7acb287bd0bb0fce77529a711f0ed145ea2ecf2194658dff17c5681cf8c7ad8521d235a705292af4878b3f124be2df661026c091d6c07aae1a74c919f7478d1083f70b3a0fe00c2e220ab998b4595268b6f7cabbfc85e59dfb6ab7a794cd3fd70d5cc4d70ca933a4452df5a345cb31f3267de53519ba39c915d492cd4652843f1d30a5fb311e3b5d868347969f013c5e3b4841b22240abcb61a14ff567186766ce8f6ae64877f672835dbff4fcf19c8230d8a402397630effb698a8b0c9a28ae028d7938ffde488fd64113085bce504cd0551e0eb3730c3f781cbecf0c41d2338766d3f6096661c1f1bec3162b8a0c4099fccd9480e821df8782c2e070530befb62bccd8539fe9dc7d8d3f9bded1bb34db3f2d6050885c8f1d57f5e603f629de7491f5fd9fafcceb565abeaec838b10a763a00a4607d4330bdcedc066d8cf9790d806e03c219866bb8f053a6e602645436d1f469df1d5008f5dcd4bdb7ce5b76ec015a8f4693cb2a63ceb2be00bcf221f0ca32db4efaf8f7022622b335fa8dea4afdd86be10be6c4d66e5f57416add4480509cb98cf31cdda84644eeb782eea041d4bc0e005a20bccc3c4a08cefcdb91cc2c61d9231c4e36e96f6edd2133f9b34e7da90ce20d1c60ff223c6a204bb942766a359b923573bbbaf2a827d79e4f649e79a840216ac4ddb3409c94e71ff08d109bc3f0cf6583219de7d7131a956f835ecf5c131a0b1e056a86d800a0204243f3b695029578c064306a31db53f28a8f0c0302486cd05970904e9b5c53100ac1aabb3110a89820e4d8307c3d46084999d0456c53fec61a9242b486eb41a90f3300fdfd0d8a472e8da7a842588721d1df1f5e4cc425efebc75a904ef4cc881346a4bc23eef4d492e3efccebab86ae4213f42671370579ee7f8341396e9515619e100a8fae2c5cba0139a088579ece7a603c8b8bab9998223fe862dff8480aeaa5970c90b894e5f71c2784e4dfd50ed3e9ed91036e8356c09464de13b4a95227203133b2c2c71cd6323492f083bda58ad7721b6666b9cd93f93f0288482813fd8aade02cca81cd35257e023504ac4f86be1c7a810b67c6d7077f5cdbd305b618a05c03d196894bfb1a6ff511e59ac8ce45d16cee95e1de0797a543728caaa43e5ae42a12b6bb7910d18d4e1ea89d264491287eb23a76095a12a39c46a7c85349e2969edaed3c1fa6a2150494f63f4c98c65fcdd650ac7424ac1ae64421294356ac1e4dbf9d4c817f081f4f7751ebf56788d799bac29dc0bfe83ead7ab3e338b8b84df4cad2b549aaac4e6048a6fa8f8f6f1f7e0e51c8b3c872f18c466e590222b03230f46bc8e9a0171bbd2096c7a480d6a6f29bd74b60105bebda42e59cc830c4b31f6c52687b4ec2ba869149ae363d711d099f94ceade1ada193e931ed9aea0a280ed5f25ad5ab3b4083f140ca17b43e5f6aef2c24a28a0262c80a040187e052ea7d54a528b6fcc176ed3afc07fe6a661d050fb4a3a6abfa3dac5f3230540b45af060781cb5499c2894d6a4a2bf908ddd48d6b34207f56c31229e206c88db3552ceb6e82a0fa2bf7f97baf603d37d6a8b1f2b1f5f95b251129ed05351681908b7cf5cf6cc86dd854174cc19713b4d262b021952b6da5f20f57bbacca62f5b7124409aa625bbea59819baebc1bc2dd188feba48c998d0dbed60d44b8a4f0ac28f6c1c8c9998f7406f1a34e4ce902be2420f7ff51a5ab3b1faa86ab2ec1edbea2493cae090abde43ff27d685c993dedb24eb255772cc56fbd104f4f5275f10d54d7cacb8cbf188ae1a4d29ea880068fb2696b3ba6e8a7c15939e1f7c394ab4bd4c4bef2383121cbeb18646a8e013d570cee3eeecd7fbe84a619f8aa2e34f2e1e9b99d0c7d7d179d9df8d2e2f1cd7ba2c7e60166dc14e5e4ed9c41195935e2884b5bd0057ed0155a5d4c6482e8f554e4cd0d0aef7d6487801ab54d54eb41755d833ab83883b40f47595063ad2a0fee5c661f86b8ab04ad0047d988ad86b3c520eb78dc3d750a57e777f5d766349f1a687e090f744206cb5d048346061b414060f6826d8a884e93f73f1f1f4cb8bd6e8d1215d436d390dbda35b555f550e11e6d8008fce1c429bd9bbd04a1fbb9de28663c1be4d8d7e506bc681ada28a69014b972919b5f70cbb770349324c9af0b7ee7ff4cc8bfe807fb9faa0a69498448b22192d578a1e82582b943051beb543ddca8b643ee6c76ee32278aa8bc92b44a8439a24ed5040545349ab05e831d4511a8da03ca539659585b2267a73775f1cb7c2c5548d3508c896f99a8e5cb55160ab1267e320ac2d7c8f8b57079dd14d301636a1374e24541f8d453978998ed256b381bcf638bb372ce1ebefb341656c02f4092a7667ffec5505e4938dcb03d404654430e244f9f7f7d0fb4189a93f7c2bd7a4fcb3ccff79e41a98adcac3e4c19eebebaec15bd8cea1df0e509cdef62ae10c66734d162caf35a6e511baa717f769c2e449892224fa8ae78de9138cf6ea1d939998a8cb68b0e83cf604e03b99634796d3d495e4617f8fdd9764631e7ed6eafa797deb1159259777bf2915d48b63286f6d6528ad4ca5783609263d9a03aad41ec8ef1e2e1e77734d27229f801192be238468854945c20dab4e1baff9dd593361efda1de95e04561d33cd73a45dff5f85b2e85b0747a49345ac8d38add8ef9c14685eb3d3432f3f994e3ddd4e45b16005870485253afc4f08d8a6d8023b722284d11d56c6ff9209a5bacb7ce1708244bd21878b8cd5c13ab453bd589f6196322de9faede39ce6f94c75d008d2d7ced27a2375cc62c3d5c15c1c4301a01299d8f4c41e5a44e4130e9555a356d6b19728c7d3c86cb9a1ddf906ab63a9447f8233bcd09bd74cf9749f085f0c4689ef40dbc41a7a299f0f891d9d0d3e39409d4d774da53bfb6e8ce668ce50885558e909add2cb9bda2f7e9232541b1a7f742a99740f486ef4f7c98e4052f2da705c56a18d5a8289ae6cbb9dc7de13a8cf420b7a930abaae813b40517d84ae984dfc94cd1021e0e4a7a9e7de841018d474083ca28a829ee03fe625cafcbedadcdef6621ccd679fcd9c9a9ab2136211f8c9a679895aa39facf2d6668e5098b3dd8e0ad78d8caf250dc38f2c9518bccb353ef3418d3906827514c1959d58344ee11a0ef1c1424495cc1a9910187685a47d6dd91f07e5081c5ac3f1b6e363069694dd9072684c5ab0ba56157c10f5fa8409e5bc43b38b31f24a306ca5f7e3de9a392eac1984e877ecb3dfd044f1449b4ae9b586051b1780c0ce462919f4a4b54ad8011d013c3962fc6697d33c2dc6771fec664c82cb16144619b207deb4391866d6c1976b945c5959d19018f15376ce3b05666747743527f22b54171da4dabee2f4e469a5521067de4f92e2bad02e15e812b6cbd27ec88a9eccf600ce7f5643392da9ff6b6412f8e7c68d8c8b9e0006e41777e2a1363a9556befbbb110dff3a84b179da3838acde0b25f53798733a9fb463d76b630aef7c8a43f6219482b34b893fd99cf3a013ecefde7c5c6528e304c1868ff3fd8dd5aba348a05dc950b1c4c281cbb28b800d6d0da180fdee06ec3bad6f97180295ed1d77078156a885b5b0c501ea563e8871adb97dd6052de0ab369bf2d98f434bb2d172d9967bb73d3eba6b52bb8d55d8963bf58d310afedb51c0f94c7814b6da30fd8056ab7be74ac31b1b75c217e3ab93eadcb2d253e5d8bbe47c0f1a411a9e502cf4301d898d905cd5db828e56a722394fa11cca64a03a42e7fc1b3481b71ca0b6a3d9bd1fc8229f7f9d3e6aa0d48051942579fb759201d4715db9a2d399e0745a66dbbd571accf1f2e15573ce832e91bd1f042ab758d9ec13e354f38454cc42668c8d60358916f7e937015f6c38732bcf6131ecde001892cb20fe47153e7e23b1cd2fc4a22662e7bde09f7df10fcbf475783fe23a0fdcb2c3bd8b28453ce523ac19ff77e68c3e9fa0193b796ea68f44132b3a96adebc04181e503f52be4778ef422ce3e6ca38514fa18b500ca518590479e8c73a7942dc2e237d82cda953ae1b296b97ee8ed62e2e755d6ddea7c0334e1b8d76c278bdc454724003106cb6fdc85340d1e784ac8b6551eaabc33c502163ce0d401627bd22ba6be90089372bfa3f91ee745e45844ef8dc0fe3936bef07f9c1d3aadfa4c8e99be6b038bed6beb9597add881da2acc1a3a471f500d68f639cd2bf6f4afab919a2cf747bcbb42b95684e8741b485c3297cf07c7bd98d6653421b61f701a06b82be0fbeecd32eb00feca9c5732bb5e565bccf8c9feb27a50760a785bbb50402768cbd458811e284a604b3374faf3480e1736743665617de9c32fd10e37105ac6dd5303f1a6dc78950bce56215c2a2f9e0ccbc0bf9fe8ccf7647ed29e2aa4948689d681a7a9fe582631338f3eea3df846f28564038ab75aa2a8ee5416b66ceeda9d8f56ecefe07f6a21ace83a2e15ad408d0a480f56708e3d1c96020b124c58f6ff5247f73aff7f77d389167650b8a0b98c97f87a1e5d6c08fa99874ff144bfa905e9da3812f010eeee00f3c9b594450faab5342e1b6e98fed5714a802b67b3e5b1964a62606aacb8222efd4980823f076675ae859e64de7b08f7a0b3d8bc829e1a93eb3b4975b4761cd7fa743e393da537c91f658ea2b23c94244498cdc4bc32c8b9859b9d9792eeabdce635b2d61c311949204826054dba0880505e2b53cc3521fa8b68bbba2ec05050bd3244c02752af1555625ddf50a3656c0043005c43c26a2dc907d5dd67efa831ad974151067b436a75fe99b8c94c9ca9737279fa1aaa09b0108c48c79c7e4ec1eeccfd43aa8e7ab6cacf5a956fc47d4ce77fe719d6eec1730d3e3b3be71d313f644177b6d16df0180848c28b850fbf71168a1ee4e5639bc46f2555b3984dbb91520538dfa6a1905abfb7238ff344d0a7d760f040718a57cfb56634e7de7584097f69f87630693bcf410796266cc3f50302feacfb556bad2506b7191023817527dfe5973101712bda922472076633133a11a76e8bc7d763a2cdaa53fa8d47d442fcc572f791d66d10d8d6a9058ecbbcd6d3dbe45d67b75e1091dd0368bea33ef0f56ba68885630429c24800922062e1066f2d4c4b795332ab03239548df4e6e01c432fe5eb29e8e63f6c7ba4f2edefa208c69e781786e4717c2f71dc2032a98cf1e6d66c10831e17ee776edc6b060ae20d025dc570a88e17da771acd32b7b93d46e43a917b8e2ba8232ad2707324b9b04dd8ee50c3c5a4372c0b1461ab2b7424faf00c7162bd8e8ffc7fadcb055403b0fa7087226ba4330e746af97a3f915f0b9e105759e81fe94a0df0cd6c324fb0b871491b5516c2fbc82c77b07159e3f4c0b7952b74cb4e203a69f241485191e1afc76d12a56db065b0513a41582f655340603c73cb39b728c97d1e919ecf963b91ec2282d25dc426db873394055beb0f9ba20545e2465ce2d0d962f42e1e4c79bdea4cd2829269ff7ef650bbeb5083d39dc7aad668af0b01c521192c548857473b29991f7bb917b5814fe945f4c3ed9bbe0563f4004b391b76860e9fd6b7c0baae82e4ac033f62a2c6ce6a2311b8700b06b5215e604a9b99d37e00450fc7790e893176e9fecda220f838a078a8ef7da7d499b1fe0eb8780c4b9705a6a10674e61b5c228fae1c13488f98c10c1792fa40229dba44b1cb534f9fab6a14407687761d738c91f4b8d4371a1de1a47bde0563a6fc88c4886be5d48c4cb89078c255eb1639598379daf50a672cbf4d8add2d4af6c02aeb1d0f86b611abd363409c7c7fc0b66f307ad3df24241fe06d0f7617d6c3987bb9e5d8f1712aebf095fad19b3b4fcb9cc4fb39012f333c4b040666259ee7bc43cff299a527a8914d71324e91c774b84e9392e615453e9fc648c539059b66f780c888892fe8b30eba799ed18fab08ebc3b9da8bc12a249456351bc0ebafc9f54d5d24697fb53eeb5e734527d690620989f605f57dc65a15a754d304be592acc616cd528b6986064b4457b96cf1fb0ab383a0585acf9887b18e1d6d3aff1e7f2328ea0313a2b36f6f79d671d9ddc4d34fb8fb55a596b2a16c63757083fb4bd01be2e1d82e47c5a44e052279097c5a18feae9884e102cf087611a3b94467ad61635dae6275974f6e6ca7a42ded0ee4577574d56b142853a8c955d92d1eb780de11dc9289acd193214ed4c9f5f26d0481cb3c0c0b8d4c9ad929c61ffeed66bf2e4f7018049593b99358d93559847d55654cee93da30f6578d2e295909791d227a12c09cd4a0edec25d3155086b64a787997a53265cbffb7fe6a2bfd589e12b4d0e21a600276e920397888443584aa99a06d7cfef8e68eeab8fa739c3d8fb74581ceff295110742e763320bed3a4be982b3ebed15ecde37e849aaa91959327d25149f38854ea1137f870aff99979e5e74cc9e45be12e3f0f9912a0955e718a4917e835bca50f43ce92a6bc60ed006b8f623fbacebbfb3dcb4fabd9941a5487c6f637de9a2005a6bc4062e1210a08a51d6f8a5e3f6f97fe90dc7e2e21d4d2f038c0fbc1918aa00e230a4a0e5c41a4808fb9a731271fcc1e73713c9592aa4b2ddccd0d13c3cb68d51166623153445c9ec955c6870dc8543c0684883186082e34ea5714febf8b46921015c3623220d17529896e1a6edac6e32fea2ba30db203238300353602c17dddad7608cad8170b520f6d9d32cdf0156a1de4e9b9eea78f73255ddc6da6994a6018ff900d9886590602ca6a072d8aa5645e2adac0744e2d5b2e1038c746635d5814692c3498aa9043b68f8ce79c44678c5a7d5bc26c085475853b229b2af3dc822ec58047f313c778aae2b64995148174e42908f3ecacd3921855790c0c5a25814416930293010b4f917979d837f4ef9d2d6dce804f5c0926244097746252124a6e0055559ffab197c38778f717362152af8f6dbf7ee03df050ab9b8909556691c2c2775f0f9c26a545db7ba698a4ce37de877705ea97ac0a002db274ea8360a4aa732c2d5e7417138c60cbea69d3b4993ada6a9d8f51d851543a6500a31bac5a057dbef498001f08a44e3c4141900e18b6d73c28c8c67dca805edeb5376384cefe75be1f127225e4d9724b7047d68fa2ed4629e91711a37c80158a07dbce78918931402b472a98a5d5c6b66a2d116314577e94298c37bc441499a9ecea132d87c5d305a0f8f0b3ed16f3b820941082c73b28391d8482ca0cfa78e1e09aa588b0eb1849c6c7916a6bbe56134a6bd93ea306dec125982628dea1db6d022d210627959e1dc819c841f173ed25f356909222e481a1ebb31185fbaeacbd359d2779efe4554ccdac7f4bcc528f656a45049331e16e9c0c796423ec9c7cba15c69d4a8a7741699910f33cc9798a8bf1e48182f08029a14d0131654fd388225d7509e1d7a484e9c7df34d1680bfc6b8d1f6f3920cc4113509fe42dfbd6b261000da9651f7e18088f6c2564472046e5eb7e8c9f8b5286a7452741a7103ced710bfb8e699fb8b1a85c0ae887cc06ef2ff9e2a2b1a77bb4d44ddd4a4e1ba60afcb92baaef108b60486d409889cbb2b1cc77ddff7e4b6caf8cf3488764d84bf3605eb9df709ac6cb36d1a3de89cdd6657f0e6b4009e6dac5d9be14f4ed997cf61e5aaec932520c321359cf286adf6e2dc3094794ae61a4f16089d06e3dc62c958950e73213c1e865c894fe7b8a30de65f5534a1e9c5d19ed49397980126322cb9c72c46a86d7487571300d85b3b5661555f20ab63a78f846c1b8f51a19610a11ffee44f7ccf0f1d67f4148b2c828d74c7f3993965c9067114467a71d242113a68574e28601fce343a023ecc68a72d75259f9a5dce144a7f61ef327192f6474d2bbd06fde3049fe7fb306ba3f54337008d7dbdeaf28a37a224e38ade23adb076cefd3148efcb62539a96d4dfc53f369e34c3d493ac3a5e8c8881133be630a2a906703da62ce7cc02ace9f666d6c3d4b9763a83548825ee1efb54ee3475b09e2616c5bdde3d193181bf020e8ac9ac25f32604b6c11de8ad1a15b9f908c6d7e79181aad1d741b7434aa92597a835c53b9e4b61d6069fa4ee921824d17c98784a8c04590f8d2cf877662b410cae4ebd1ba3616074c020d8cb6099a095735635490d318821310ddd016150edb80370b8d4e2f05557fd619b17192c13353cdae76d495821c610c8641e5b3dff1e7f2ea77b17810ca7975b8e36b7f501a8710b326ef92672096ef66598510902fe663e2a9ef00c3a052f1cfb1739fccb4371f8f28bb92654de5bf87cc2863e92e6d7e4b45d773f90f434eafc8f8398a48527af829a6cae359e7af5941bef158f53798058351107ce58f79ed21036770f6e10e7da92bbca25f369ee83a0f894bbf366a1361f8125b4ffd8e8b4d47ec68cd6b37c840cc5beb8cf65b2269ea1a0e9c371a571f30458ff8ad9bbf8723c19ddae1de5ca7461a436ffcd103c01a20f3252ba0965ee928cfb0d002b9aa4d4f20c805b77e67c8d991c4d07e5419bec9626a32c115d28253dd5f16c17182c1779edf49bdfe3823d87fec88929801163a27bfaeddfd8cdccae8cc3bfd6a9f2e2fec5971fa560c434debd434ff4d0058dcb05d9f3ac5193c458472d6d1685f9f46c8864900c5edbaeeee08971ee1c087f2e11467ff4766743bccf9e3414feedd6dcb904b92a05eec5de8db95444b920c995c770edcedcf7bffc48836c8f30037dde47f0e66fd79550de0ebc3c0c3eba0b66e2a353542eeb20397800e5f41635c5ec2f9a271461bcee8e570ddf945b186f15ab5cabe2a3123189935c6b9010b31732c425a9b2582b097486a5a7b1880b2f16104484e1ca83fa9c278b87e30e4b0cf6ed66c87a979c05683ac94a295d1c53e6f0975a079dd9a2825fdd6ae0926ba1a69f3f69f408eea9d00fbd43235a52c53d11963a611b81dd9f5e05582e1822398873e883662a64c225be19e0b85e102e23fb73d5dcb11435a5437d7418b0409f2e60793038f55ed54c79882b3a17e74ae2148bd558d131dbf446edeb0d05353492534e216761cfcf6582d066a8235a2bd5eb383350a52d7fc2761514e27b6125cb3e387c103dd62e31f5b789c217811c80ccbe3f10fec7a19ad32dc9271368b6d6ba549c45dfd8018507c40962b6ac6468c3078edb71d8ec7f728be8cc23dea1139ac30c2e8d0fc077280e420fbbffc896863db5f1e76922d7dd8e4479c1be822e74212c6f74765e108f916a1b83f6efc8ea54080e9a28b1ba5813a1fefddbe2d0cda413ee1463985b51b59f818f440c9b6a10e4ebf71d37995ae9694ba5867ca2eb2f7bf4e58d26149f2b25943fba216beb3de1f954bcf1bd32ce358b5d23023ab456ebbc493ead41e25b62b5b4ace6c5c18c9a8d512a9cbb4dd59f33663f6138d6b06bc8eb1ec9caccc0077b2e68e7a09d412dfa352e7e5c3942b710ab1648e16d0adda424d9fc2d15c619f4e8093c2b9521e4cdb3f22e655f52ce0fcc1bfd94e56cba8decadb68214451be53f9286c82d2a4912bd2394d1133be908409d791d6d8c2194ca37a76a38d6d0a1fced6478848891d9264cfc08fa849d720339ce00977cad8d9738372184098a7333dd1564d1d7754b4aa4afd6217585804159d31f53017869cb78b718c837b7fd176ce19e3d6996b6f055ed3ba7cd55b0349676c0c113c33d070081ce4ef29af156c4ac8ce760013688d0295d90271e23ef3ca10ec2b3b889855a153c867ce79297a10a02d21e5e8995fbc10d2f4d4bf521565376053b80937bfafaac688108f9962b7c72cf0111874ac8ae27d024ee2f9d57f15b9910a7486ef7542c6629fb0520c93a445542d", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0)
dup3(r2, r0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x300000000000000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x10, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300", [0x80000001]}})

6m46.408311494s ago: executing program 3 (id=1224):
r0 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100))
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fdinfo/4\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x24, &(0x7f0000000000)={0x0, 0x3, 0xfffffffffffefffc})
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
getdents(r1, &(0x7f0000000f40)=""/243, 0xf3)
splice(r0, &(0x7f0000000000)=0xd, 0xffffffffffffffff, &(0x7f0000000080)=0x9, 0xfffff364, 0x1)
r3 = gettid()
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffffc284edc4, 0x0, 0x5, 0x0, 0x2000004, 0x0, 0x0, 0x9}}, 0x50)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[], 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x405c801)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080), 0x1, 0x0, 0x3a}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_create(0x2, &(0x7f00000002c0)={0x0, 0x13, 0x4, @tid=r3}, &(0x7f0000000300)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000040), 0x0)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200000, 0x100)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f0000000000)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r3, 0x7, r4, &(0x7f0000000140)={r6, 0xffffffffffffffff, 0x1})
ioctl$RTC_VL_CLR(r6, 0x7014)

6m45.664472005s ago: executing program 3 (id=1227):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x282, 0x0, 0x1}]})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040))

6m44.654753173s ago: executing program 33 (id=1227):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x282, 0x0, 0x1}]})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040))

42.444747371s ago: executing program 5 (id=2742):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_emit_ethernet(0x9df, &(0x7f0000000800)={@random="ff2000", @link_local={0x17, 0x80, 0xc2, 0x2, 0x9, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "001958", 0x9a9, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x1a}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, [{0x3, 0xa, "a78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41d5af1802"}, {0x0, 0x1, "ffffffffffffff8026000400"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d036397a0acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x6, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x1f, 0xb, "17dcea46805df3c75dc2d227a83b89483b1084743474671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f306001a9f51a948b5b303f4f02500"/87}, {0x21, 0x7, "fcc1876d4ec1876d4e6fa3ce2dfdb43a6f021659ff5c2d6b3d9363ed09bd9281c9fe68a3000000006f0000044e43e740e077e1d16212fb"}, {0x5, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c000000000000000000"}, {0x1f, 0x5, "090000000900000036da018dff16a70b8b1400001600e18e88605aa6be1a02a326a6bce65f81ed"}, {0x0, 0xc5, "fca06311b404bf722cf06364ee49d1d33a69558cc4936aebf2f1a80d6cdb1d0cc17701e6152374fdc4bb7a24209117725839d0ee30d0041ab3b6cf4f16ab09546170b32b4ab35c624c848255416456abe7162b45ec1e8b42d7bba878ec610a8a03778931b49f53519887ee05795451ac3c3ca2d222e1a6fea611cd9f08adbb777e0cd67de188d27c0ee5e8bd2c76cff7ff14a4e249588ab5acd79044c61daf71fb88560d7fb1237c98a0707d84197b5b0605962c7a08f76b5a6f8ca28404a7a23f69aebcbb7ce8a992b52aee42756ba453856d6d187af7f62d4efbea4d1afccd1137e7f445233158ead8173baf8df610197656743854ffd52fa1aab3c5977422aca53d8ce83529638a997d9a9cca7402d939c39dec79ed274a586b69d798fb8649bb92dd78ed08c6518afcb196511b3e111826d4f1ef8e92d1e1c033160160a0dedea1baaed7eaa86adb4cb6c509116d66c5bde183defc33a4f907084ad89b92fea3cf60cce9aefceaa8a251fa5dc57ea1e648bf0a7a5b943f73291001790ccb1397d1b3e526ef30cbcc3204678063ffb9c4c07978b880a44e75a3be56f2029912631a1bc9d2e4f72127292dee3a98b1ebc03941a46475e8cacb75afa0e7d159bf83d925d1ea1849623eb3bc52acbf3f1be85c56ad2ae1c600b0e1124eaad8c21ba91878f9ceb9454352b0fe93856bb52bde7e08d14e5ac49e20e5af020c61de8fa2ca182bb1aa8049747e067011a553ce3bf7bd82c14cb4c90404c9b0451b590966c424918e0d582573c12a1c65aea5987350df5995fd38343be3a227f03f905a3c36102bbca9ccafb331e5f674b773e8f833919afbc0f8250da29a53dc260e0dcad772e542502924075ef5511cacd6fc533093f337d5a1ed93b50f2c186a86f6a2cd5ee37e77204fb99749a219ec6405e3860283ea41a2e69a1c48af70d4c56f6df00a2dd51acd29d1cae523ac9eeaaf3ea806395515bbb2c9a0168ff8c59c2975f2eee1f7b60e6fb9d0ef04f2940d956155fb0777e8be5a30debb690e243d4cf2663ddf7fa6f0ace86d0d881da1d8d7c08c62d08483661cd496771c42f7663d82ebfdb9f4caf2650f9d69c87e6867e426ce4521231d04efd516020b17b4e4bd7df8b33a6a6bdf6af4f2463f1ce96ede77d4dc9f89843ba7205e0e451933c0dc806896028beee7104b7792301e005806b0b06f652b91d96d5966f67d6a97631825851bc6c45f4a91a2a83e65c7df0048d167c4ecd3699b828f71358e4ca3f6918f30a981fcfe262bea444c6148577c9f1c76bf4d7111490110edae4b02b9cb43a79e34d96e93ac7d3351e151c1de3a8b2d4e73e92a08bec730d915bebe3f9c8d7f9e75f0e851ff63551b9b73547766827135fc683d8bf68199cad26910bea7a466153b22f6a7b48b8c34453ccc0ddd010d6cdff56023f5654fa6c3008bb7b33bf1db5634b47ca58e460285b1b4f4e32777c38f622fdd95bedabf3d5199d727ebbd4b9f2f396c7f43a29269afca56cfcd19d3a5dd1b316b8f4b0640f118df0518f6efceaa58cec88d581ff294b0cf5e9e5b8839e45d508c07f5fa7a9f91fd90fad1c9dc2110abda4eec60d60822be669f10e307dd1379284e956c59838020e8660cf5f852f92b8e0f43b98e9b3df23c69e16e8a3e7e3432620e8d6c3ca0d9b1b8d62da27bf73ec0fc32f6e3230375a2c4773838309966b8ba20cda4be78cfeb05629f34b539532cc625252b326b953cf0bd1292adc5893f93196548b3dedb6d0850cf187be05ddbaf19e36ceb5575c38b2b68992564988e4fa7d5e4b610917d4af1179ab4102d4dc73035ca709e7566f2e4f815ab4a702f6e2f5c917d77511d591965a587193e4d4e8ec9c330e5a76c8940b9521718f7c6af215efb77d308a3c23357b325840cdd53fc598e5e93f1b6c5a558c0522dbfeb9d23cf3b348c170ce18a58422eaf4fb59ba55fc3f808f9e1b6c817ea003e159ab064ee6beebc067be398c31d7248f2e31d41dcab766deffe603be89481d734d3af6e51ffa8cefdcfbcd27871162c66447edaa1bd8b3df8e061694592cd0cd1ac1a6329734ebb678ec84993fefd90e3f85a625e326b9d7817bd6c268b071fd5d5bb385bb478d56126cb2166948eabecb529d766c6900a5a7a897f0f1d898d295eeb9dc72e6fa521b86b2a604208b91016c1a08927a5944b1daa996500c4bccff47da146f389b03b02e6905ae8fdfc49"}]}}}}}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
close(0x3)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x3, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x1, 0x0, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x85, 0x50, 0x8}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x0, 0xa, 0x0, 0x20, 0xd}, 0x1d, &(0x7f00000000c0)={0x5, 0xf, 0x1d, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x8, 0xb}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0xc, 0x8, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x5, 0x22, 0x4}]}, 0x4, [{0x39, &(0x7f0000000100)=@string={0x39, 0x3, "d42796ef8e3da8eeec806ab70e7201ef352fb25dd3b1977b3ca851c4720d0cc1f455314e613cc59875d9f166296bce185dc8218487b309"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x446}}, {0x54, &(0x7f0000000180)=@string={0x54, 0x3, "d83cada7d6c8cf6e0a12910b7e98074302c182c440c4a477c8b7c9376aa85af864401d45a2c18706b6231bf338ec7f41a93cd6a4d41f4749f93d079aab3007f1e9e05def90188b0e7c8abbdb23853b09566a"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x827}}]})
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})

41.602334323s ago: executing program 2 (id=2746):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0x10)
setsockopt(r2, 0x84, 0x7f, &(0x7f0000000140)="010000000980ffff", 0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r3, 0x1}, &(0x7f00000000c0)=0x8)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b19a3640d219751284070102030109022b0002070000ac18563dd8399550bba2ef9521593300090400010079319c0009040000000202ff"], 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x4020940d, &(0x7f0000000080)={0x0, 0x0, 0xa294})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x24, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x24}}, 0x0)

39.741037866s ago: executing program 5 (id=2756):
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000})

39.625958572s ago: executing program 5 (id=2758):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xe, 0x1, 'connbytes\x00'}, @NFTA_MATCH_INFO={0x1c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c4639"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
write$UHID_CREATE2(r5, 0x0, 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000100)=[r7, r8], 0x2)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r9, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

38.360301003s ago: executing program 2 (id=2763):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x3000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000045)
socket$netlink(0x10, 0x3, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8907, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r10=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000140)={r10, 0x5}, &(0x7f0000000280)=0x8)
r11 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = dup(r12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r13, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r11, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="21000bbd5000fc0586a70c99e135084f03101202ec5a5200e9d600000000080040000300cc7116c4d60e80595b8a0a82efa79092fc47710d13d23efaad39adc0261f02e443d6727891de41a0b12f67408b1bda89bc8d142d648fb9ca8b498c904283d0f7dde021ec0a77cf8fd03feb27917b07b8330c9d7f36f8fe819f465102ebdcf7b398cc4ca36ab25f283086f560634def6ec93e1e643a77179a384dc6b29e6c08a7cb43f646858c75e6a8184b52bbabae5ddde7758929fe3d69ea1ae5bf372cc4d4ff358189ed9a7d7251f1f3d66390f3d97136eba9ea8d892c13fe4c2a033105e8e7d23ab2bfd9ac067bd2c847573b947a14b3ba2a5914da86032ecfc3b1fd15b15c0f5bf9e67533122d70d783f2f20c8792e3959ec9bda1126eac260837", @ANYRES32=r1, @ANYBLOB="0400cd00fafe3300409c6300ffffffffffffffffffffffff33f03cbb977f910004004dc000060101010101010301ab720603030303030300"], 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x8800)

37.120104628s ago: executing program 5 (id=2767):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8)
connect$qrtr(r1, &(0x7f0000000140)={0x2a, 0x1, 0x2}, 0xc)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0x1}, @IFLA_BR_MCAST_QUERIER_INTVL={0xc, 0x20, 0x800}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
r4 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r2, &(0x7f0000000080)={0x100000008})
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="cb000000150081054e81f782db44b904021f08010a000000040000a118000200ac141414ffff0d1208000f0100810401880016ea1f0006ea7f400303000803600cfab94dcf5c046181d67f6f94007134cf6ee080005c4ab0f45312b3429fa0e408f456211bef32d4760000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd60100730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee", 0xcb}], 0x1, 0x0, 0x0, 0x7400}, 0x44804)

36.605047432s ago: executing program 0 (id=2768):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000})

36.44839798s ago: executing program 2 (id=2769):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000100)=[r7, r8], 0x2)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r9, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

36.259745433s ago: executing program 0 (id=2771):
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"])
syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

35.553718473s ago: executing program 6 (id=2773):
unshare(0x20000400) (async)
unshare(0x20000400)
syz_open_dev$loop(0x0, 0xdf6, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001) (async)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001)
unshare(0xa000400)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@cgroup, 0xffffffffffffffff, 0x2f, 0x10, 0x4}, 0x20)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
unshare(0x60000200)
r0 = syz_open_dev$usbfs(0x0, 0x76, 0x101301)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000e9090400000103000000092105000001220500090581030002"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, 0x0, 0x2, 0x70bd25, 0x8, {}, [@L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xdd}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x1c}, @L2TP_ATTR_PW_TYPE={0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x804)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x2, &(0x7f0000000280)="10b1") (async)
syz_usb_ep_write(r1, 0x81, 0x2, &(0x7f0000000280)="10b1")
kcmp(0xffffffffffffffff, 0x0, 0x0, r0, r0) (async)
kcmp(0xffffffffffffffff, 0x0, 0x0, r0, r0)
pipe(&(0x7f0000000600)) (async)
pipe(&(0x7f0000000600)={<r3=>0xffffffffffffffff})
read$FUSE(r3, &(0x7f0000001740)={0x2020}, 0x2020)
ioctl$FIOCLEX(r3, 0x5451)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000000)=0x7a38045d, 0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000000)=0x9) (async)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000000)=0x9)

35.077044416s ago: executing program 4 (id=2775):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000340)=0x152, 0x4)
setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r1, &(0x7f00000002c0)=[{{&(0x7f0000000b00)={0xa, 0x4e33, 0x7, @mcast2}, 0x1c, 0x0}}], 0x1, 0x24000000)
recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/129, 0x81}, 0xdb31}], 0x1, 0x40002042, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={<r2=>0x0, 0x3, 0x30, 0x9, 0x627}, &(0x7f0000000100)=0x18)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={r2, 0x8000}, &(0x7f0000000180)=0x8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001100010001000000feffff0707000000", @ANYRES32=r3, @ANYBLOB="100201001132000014001a80100004800c000a8008"], 0x34}}, 0x0)

35.049569905s ago: executing program 5 (id=2776):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0xe, 0x1, 'connbytes\x00'}, @NFTA_MATCH_INFO={0x1c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c4639"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000100)=[r7, r8], 0x2)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r9, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

35.022811339s ago: executing program 4 (id=2777):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xe, 0x1, 'connbytes\x00'}, @NFTA_MATCH_INFO={0x1c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c4639"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
write$UHID_CREATE2(r5, 0x0, 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000100)=[r7, r8], 0x2)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r9, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

34.933099716s ago: executing program 0 (id=2778):
mremap(&(0x7f000000e000/0x7000)=nil, 0x7000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffe, 0x0, &(0x7f0000000040))
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x3, 0x40]}, 0x8, 0x0)
mmap(&(0x7f00004be000/0x2000)=nil, 0x2000, 0x7, 0x1010, r0, 0xeb5b1000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000000400)=0x401, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2842, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
splice(r2, 0x0, r3, 0x0, 0x7c1d, 0x8)
sched_getscheduler(0x0)

34.736551201s ago: executing program 0 (id=2779):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x80, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000001d80)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x7f, 0x2, 0x7, 0x5, 0x392, 0x94, 0x7}, 0x9c)
shutdown(r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000140), 0xffffff00, 0x210100)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000380)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x2, 0x18, 0x0, 0xe, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, @in6={0xa, 0x4e24, 0x5, @private1, 0x6}}]}, 0x70}}, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r7 = creat(&(0x7f0000000000)='./file0\x00', 0x181)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=@newsa={0x154, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@empty, @in6=@private1, 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20, 0x3b}, {@in=@private=0xa010102, 0x0, 0x32}, @in=@broadcast, {0x3ff, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x80000, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0x2a2, 0x80020}, 0x0, 0x0, 0xa, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}, @encap={0x1c, 0x4, {0x3, 0x4e24, 0x4e21, @in6=@mcast2}}]}, 0x154}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x40a0ae49, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x9, 0x0, 0xa})

33.529250582s ago: executing program 6 (id=2780):
r0 = gettid()
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x3)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0x2}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6, 0x19, 0x8100}, @TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0xffffffff}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000850}, 0x20084084)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x0, 0x5000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x1000, 0x2000, &(0x7f0000fa2000/0x2000)=nil})

33.248230606s ago: executing program 2 (id=2781):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000})

33.004360574s ago: executing program 2 (id=2782):
r0 = socket(0x2b, 0x80801, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_FALLOCATE={0x11, 0x1d, 0x0, @fd_index=0x2, 0xffffffffffffb9bb, 0x0, 0x7, 0x0, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @pic={0x8, 0x9, 0x4, 0x3, 0x1, 0x28, 0x6, 0x9, 0x9, 0x5, 0x7, 0x7, 0x7, 0x31, 0x1, 0x7f}})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x80000, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc008640a, &(0x7f0000000040))
setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x29, 0x489, 0x0, 0x0)

32.873526983s ago: executing program 6 (id=2783):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x4000080)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x2, {0x2, @dev={0xac, 0x14, 0x14, 0x3f}}}, 0x1e)

32.731631489s ago: executing program 4 (id=2784):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYBLOB="3dd50a8778c9197e68351c86cd562e3bdc2bfab224a766eee6935328e8fbdecb576c778e9159b6b34592ddbbf582f7f962ed7643557511dd6ba6f5b1ae0685dc47344e10a855bd739d66001f707de14e46e125febc7df3ee7d754d82515bc1bd3462f218010d8ba2c637d28b1ba8eccbecacf15094e0e8ce42850455fbf8fcd8842add1c202a1ce764f48dcade576de43606af2cdca54982984b09c9569dc0ef368997a1ed526c2811f6ac5e7674f7248219a3d0d03083bddd6a966d00e84ad0c1c5a846819a233dd95ca97b9ee22e174cc05d68fd698757b5440876dff234544518"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0)

32.51265152s ago: executing program 6 (id=2785):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000080}, 0x240008d4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
dup(r0)
sendto(r0, &(0x7f0000000100)='\b', 0x1, 0x0, 0x0, 0x0)

32.463115651s ago: executing program 4 (id=2786):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x80, @empty, 0xfffffffd}, 0x1c)
recvmmsg(r0, &(0x7f0000000700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=""/238, 0xee}, 0xfffffff9}], 0x1, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

32.451475892s ago: executing program 2 (id=2787):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket(0x1, 0x803, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmmsg(r4, &(0x7f00000094c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)="eb", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x80)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0700000000000000000002f1ff00140001800600015e1d000200000408000300ac14"], 0x28}}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
creat(&(0x7f0000000000)='./file0\x00', 0x6a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r6, 0x29, 0xd3, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_opts(r6, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="00020401"], 0x18)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000001840), 0x3b, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r0)
write$UHID_INPUT(r7, &(0x7f0000000000)={0xf, {"a2e3ad21e08eeb661b5e060987f70e06d038e7ff7fc6e5539b0d650e8b089b3f373b68090890e0878f0e1ac6e7049b3646959b429a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07440936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc9d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6089ae6899d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec2c0911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8de7f4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c2715500b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017eef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f48451ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x35)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="60dc73f0ec23dd86374e91d2e462d7", 0xf, 0x0, 0x0, 0x22)

32.341735015s ago: executing program 6 (id=2788):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000100)={0x0, 0x2000, &(0x7f0000000140)={&(0x7f0000000380)={0x138, 0xa, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_EXPR={0x118, 0x11, 0x0, 0x1, @range={{0xa}, @val={0x108, 0x2, 0x0, 0x1, [@NFTA_RANGE_FROM_DATA={0xf4, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xf0, 0x1, "70f34064009b41f81c3405b829978933191a592c42b3028ec651d01fbc91b5f928b0bb3069d8d687d44aaa889a3d8850374ac7569e0e5fc447881c0f5a974efe912571c17a9115b61166c896479c3008ee23562ed6c5562648ded94a98d360666293cd783541765f1287df4233540c6c17a9a73dc1fa15eadcd4ab37c23e583c1e6139d3303b677f9e0171113ffc3d86ca7f83951b41ae0ae7733bf2a6cc5640ecb00ef9f1e4763f2a342e18f8f37e3cf8053680cfceacb78881aaa74584103cf33254c48d69479492e425e3271c6dbbca7a5166204b910623421c7997ac808be45efb54b8ed504d0277406a"}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)

32.297994691s ago: executing program 0 (id=2789):
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"])
syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b702000000"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

32.295667326s ago: executing program 5 (id=2790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x48040}, 0x10)

32.103987687s ago: executing program 6 (id=2791):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
socket(0x2, 0xa, 0x300)
socket$packet(0x11, 0x2, 0x300)
socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r5, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
ioctl(r1, 0x1ff, &(0x7f0000000300)="4a9fdc81098d36316b7320d0bacc28288ff231234648b38911f8c648e2933b6c030abb0cd91b9acc66d2eca84dbfae6b3baabc79ba76e338087bb85378f16ab265c442779bfde798cc8856ed9c8c4e")
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={0x34, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x6c}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x35}]}]}, 0x34}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r8=>0x0})
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg0\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCDELRT(r9, 0x890c, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @private0, 0x4, 0x3, 0x727a, 0x100, 0xd, 0xd0020, r10})
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xb4, 0x0, 0x3a, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x800}, @IPVS_CMD_ATTR_SERVICE={0x70, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0x42}}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x20}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffff3523}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9f9}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @loopback}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4004844}, 0x5)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x28, r7, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x45}, 0x0)

16.567011329s ago: executing program 34 (id=2790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x48040}, 0x10)

16.441860504s ago: executing program 35 (id=2787):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket(0x1, 0x803, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmmsg(r4, &(0x7f00000094c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)="eb", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x80)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0700000000000000000002f1ff00140001800600015e1d000200000408000300ac14"], 0x28}}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
creat(&(0x7f0000000000)='./file0\x00', 0x6a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r6, 0x29, 0xd3, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_opts(r6, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="00020401"], 0x18)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000001840), 0x3b, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r0)
write$UHID_INPUT(r7, &(0x7f0000000000)={0xf, {"a2e3ad21e08eeb661b5e060987f70e06d038e7ff7fc6e5539b0d650e8b089b3f373b68090890e0878f0e1ac6e7049b3646959b429a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07440936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc9d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6089ae6899d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec2c0911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8de7f4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c2715500b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017eef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f48451ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x35)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="60dc73f0ec23dd86374e91d2e462d7", 0xf, 0x0, 0x0, 0x22)

16.371372247s ago: executing program 36 (id=2791):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
socket(0x2, 0xa, 0x300)
socket$packet(0x11, 0x2, 0x300)
socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r5, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
ioctl(r1, 0x1ff, &(0x7f0000000300)="4a9fdc81098d36316b7320d0bacc28288ff231234648b38911f8c648e2933b6c030abb0cd91b9acc66d2eca84dbfae6b3baabc79ba76e338087bb85378f16ab265c442779bfde798cc8856ed9c8c4e")
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={0x34, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x6c}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x35}]}]}, 0x34}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r8=>0x0})
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg0\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCDELRT(r9, 0x890c, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @private0, 0x4, 0x3, 0x727a, 0x100, 0xd, 0xd0020, r10})
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xb4, 0x0, 0x3a, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x800}, @IPVS_CMD_ATTR_SERVICE={0x70, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0x42}}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x20}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffff3523}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9f9}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @loopback}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4004844}, 0x5)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x28, r7, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x45}, 0x0)

16.365339443s ago: executing program 4 (id=2795):
r0 = socket(0xa, 0x3, 0xff)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x1, 0x12, r4, 0x0)
write$binfmt_misc(r3, &(0x7f0000000480)="dc", 0x1)
splice(r2, 0x0, r4, 0x0, 0xf8, 0x5)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r1, 0x0, 0x0)
fchdir(r6)
setsockopt$inet6_int(r6, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
r7 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(r7, 0x5409, 0x7)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r8, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3d8, 0x0, 0x0, 0xe0, 0x2f8, 0x2f8, 0x2f8, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0x2f8}}, {{@arp={@multicast2, @rand_addr=0x64010100, 0xff, 0xff000000, 0x10, 0xf, {@empty, {[0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0xff, 0xff, 0xff]}}, 0x5, 0x6, 0x6, 0x40d, 0xf01, 0x5592, 'bridge0\x00', 'team_slave_0\x00', {}, {0xff}, 0x0, 0x302}, 0xbc, 0x10c, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @loopback, @empty, 0x7}}}, {{@arp={@rand_addr=0x64010100, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, {}, 0xe, 0x1, 0xfff8, 0x0, 0x0, 0x9, 'ip6_vti0\x00', 'netpci0\x00', {}, {}, 0x0, 0x84}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @empty, @multicast1, 0x1, 0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424)
recvmmsg(r0, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/14, 0xe}, 0x3}], 0x1, 0x40010002, 0x0)

16.351587932s ago: executing program 0 (id=2802):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f00000001c0)={0x1d, r2, 0x2, {0x0, 0xff, 0x2}, 0x1}, 0x18)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000002140)=""/4110, &(0x7f00000000c0)=0x100e)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x3b0, 0x3}, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020)
lseek(r3, 0xfffffffffffffffa, 0x1)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240)=0x3)
syz_open_dev$tty20(0xc, 0x4, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000003180)=ANY=[@ANYBLOB="f8ffffff7f00000000bd70000000000000000000000000000000002000000001ac1414aa0000000000000000000000000000e4ffffff00000a000000160000001686b4e3f09b390a139beb247db79bf64d16950db5ebd28b14124aede5e756", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000b000000000000000000000000000000000a000000000000feffffffff7f4000020000000000000800000000000000000100000044000500fe8000000000000000000000000000aaffffffff3c00000000000000ac1414aa00000000000000000000000006000000040100"/176], 0xf8}}, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r6, 0x0, 0xfffffffffffffeb3, 0x4fffd, &(0x7f0000000240)={0xa, 0x4e20, 0x3, @remote}, 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000032c0)=ANY=[@ANYBLOB="140000002e000900fefffffffddbdf2504000000d9e76e53a12367a07310916f3451d8a0237ecba9c05f3e2e51ea40e7a21937ae61e6162702ec19260238a9a42406f015ed08c867e57dedd16085d5480d334334104f271bfb75ad1c59cae7418d24fb3c1b767253161d196c4b90d213cba0920b95ed4d7a7b8528ee3056c0ee83d73232909a0435ba039f571a889c73d8cce55ac2f49e28567d28d424bdc366b5a9af575cc843b62efea882e15fba571ea45b35901a4a6906bec9ccd7491c0358f727571d21c1f88a1e3ed4"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

15.39228652s ago: executing program 4 (id=2796):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@ipv4_newroute={0x24, 0x18, 0x1, 0x70bd2b, 0x0, {0x2, 0x20, 0x0, 0x4, 0x0, 0x0, 0xff, 0x6, 0x1100}, [@RTA_GATEWAY={0x8, 0x5, @multicast2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x29, 0x7, 0xf, 0x6, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x8, 0x40, 0x8000, 0x4e}})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180), &(0x7f0000000000))
fcntl$lock(r2, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0xfffffffb, 0x0, 0xffffffffffffffff})
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

520.090614ms ago: executing program 37 (id=2802):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f00000001c0)={0x1d, r2, 0x2, {0x0, 0xff, 0x2}, 0x1}, 0x18)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000002140)=""/4110, &(0x7f00000000c0)=0x100e)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x3b0, 0x3}, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020)
lseek(r3, 0xfffffffffffffffa, 0x1)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240)=0x3)
syz_open_dev$tty20(0xc, 0x4, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000003180)=ANY=[@ANYBLOB="f8ffffff7f00000000bd70000000000000000000000000000000002000000001ac1414aa0000000000000000000000000000e4ffffff00000a000000160000001686b4e3f09b390a139beb247db79bf64d16950db5ebd28b14124aede5e756", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000b000000000000000000000000000000000a000000000000feffffffff7f4000020000000000000800000000000000000100000044000500fe8000000000000000000000000000aaffffffff3c00000000000000ac1414aa00000000000000000000000006000000040100"/176], 0xf8}}, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r6, 0x0, 0xfffffffffffffeb3, 0x4fffd, &(0x7f0000000240)={0xa, 0x4e20, 0x3, @remote}, 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000032c0)=ANY=[@ANYBLOB="140000002e000900fefffffffddbdf2504000000d9e76e53a12367a07310916f3451d8a0237ecba9c05f3e2e51ea40e7a21937ae61e6162702ec19260238a9a42406f015ed08c867e57dedd16085d5480d334334104f271bfb75ad1c59cae7418d24fb3c1b767253161d196c4b90d213cba0920b95ed4d7a7b8528ee3056c0ee83d73232909a0435ba039f571a889c73d8cce55ac2f49e28567d28d424bdc366b5a9af575cc843b62efea882e15fba571ea45b35901a4a6906bec9ccd7491c0358f727571d21c1f88a1e3ed4"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

0s ago: executing program 38 (id=2796):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@ipv4_newroute={0x24, 0x18, 0x1, 0x70bd2b, 0x0, {0x2, 0x20, 0x0, 0x4, 0x0, 0x0, 0xff, 0x6, 0x1100}, [@RTA_GATEWAY={0x8, 0x5, @multicast2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x29, 0x7, 0xf, 0x6, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x8, 0x40, 0x8000, 0x4e}})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180), &(0x7f0000000000))
fcntl$lock(r2, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0xfffffffb, 0x0, 0xffffffffffffffff})
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

kernel console output (not intermixed with test programs):

0x840
[  683.201849][T14596]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  683.201872][T14596]  ? __fget_files+0x3a0/0x420
[  683.201929][T14596]  ? fput+0xa0/0xd0
[  683.201957][T14596]  ? ksys_write+0x22a/0x250
[  683.201984][T14596]  ? exc_page_fault+0x82/0x100
[  683.202007][T14596]  ? __pfx_ksys_write+0x10/0x10
[  683.202032][T14596]  ? __do_fast_syscall_32+0xbe/0x590
[  683.202061][T14596]  __do_fast_syscall_32+0x1f7/0x590
[  683.202086][T14596]  ? rcu_is_watching+0x15/0xb0
[  683.202110][T14596]  ? do_fast_syscall_32+0x34/0x80
[  683.202139][T14596]  do_fast_syscall_32+0x34/0x80
[  683.202163][T14596]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.202191][T14596] RIP: 0023:0xf7f34539
[  683.202210][T14596] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  683.202229][T14596] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  683.202252][T14596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089fb
[  683.202267][T14596] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[  683.202280][T14596] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  683.202293][T14596] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.202306][T14596] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.202339][T14596]  </TASK>
[  683.202349][T14596] ERROR: Out of memory at tomoyo_realpath_from_path.
[  683.245093][  T106] as10x_usb: error during firmware upload part1
[  683.245980][  T106] Registered device nBox DVB-T Dongle
[  683.318678][   T44] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  683.338723][ T5961] usbhid 1-1:0.0: can't add hid device: -71
[  683.519712][  T106] usb 5-1: USB disconnect, device number 65
[  683.546597][T14587] tipc: Started in network mode
[  683.554863][T14587] tipc: Node identity , cluster identity 4711
[  683.570570][T14587] tipc: Failed to set node id, please configure manually
[  683.577794][  T106] Unregistered device nBox DVB-T Dongle
[  683.579748][  T106] as10x_usb: device has been disconnected
[  683.593563][T14587] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  683.615663][ T5961] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  683.633745][   T44] usb 6-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  683.666562][   T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.683575][ T5961] usb 1-1: USB disconnect, device number 53
[  683.683764][   T44] usb 6-1: Product: syz
[  683.709709][   T44] usb 6-1: Manufacturer: syz
[  683.714385][   T44] usb 6-1: SerialNumber: syz
[  684.059318][   T44] usb 6-1: config 0 descriptor??
[  684.694440][   T44] mos7840 6-1:0.0: required endpoints missing
[  685.097384][  T106] usb 6-1: USB disconnect, device number 42
[  688.036919][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2479'.
[  688.988643][ T5971] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  689.309426][T14673] loop2: detected capacity change from 0 to 7
[  689.317318][ T5960] Dev loop2: unable to read RDB block 7
[  689.339548][ T5960]  loop2: unable to read partition table
[  689.348628][ T5971] usb 7-1: Using ep0 maxpacket: 32
[  689.361142][ T5971] usb 7-1: config 0 interface 0 has no altsetting 0
[  689.375090][ T5960] loop2: partition table beyond EOD, truncated
[  689.383255][ T5971] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  689.404479][T14673] Dev loop2: unable to read RDB block 7
[  689.406388][ T5971] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.451853][ T5971] usb 7-1: config 0 descriptor??
[  689.458734][T14673]  loop2: unable to read partition table
[  689.480550][T14673] loop2: partition table beyond EOD, truncated
[  689.533506][T14673] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  689.953235][ T5971] corsair-psu 0003:1B1C:1C09.0021: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.6-1/input0
[  690.841587][T14668] netlink: 9 bytes leftover after parsing attributes in process `syz.6.2483'.
[  690.858301][T14668] netlink: 9 bytes leftover after parsing attributes in process `syz.6.2483'.
[  691.034320][ T5971] corsair-psu 0003:1B1C:1C09.0021: unable to initialize device (-71)
[  691.051408][ T5971] corsair-psu 0003:1B1C:1C09.0021: probe with driver corsair-psu failed with error -71
[  691.099620][ T5971] usb 7-1: USB disconnect, device number 39
[  691.164065][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  691.174443][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  691.452179][T14709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.462393][T14709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.488813][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  691.488834][   T30] audit: type=1326 audit(1765906670.424:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14708 comm="syz.2.2495" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ed539 code=0x0
[  691.567914][ T5961] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  691.728661][ T5961] usb 6-1: Using ep0 maxpacket: 16
[  691.736911][ T5961] usb 6-1: config 0 has an invalid interface number: 4 but max is 0
[  691.745250][ T5961] usb 6-1: config 0 has no interface number 0
[  691.800879][ T5961] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  691.810359][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  691.819208][ T5961] usb 6-1: Product: syz
[  691.823582][ T5961] usb 6-1: Manufacturer: syz
[  691.828275][ T5961] usb 6-1: SerialNumber: syz
[  691.949474][ T5961] usb 6-1: config 0 descriptor??
[  694.010740][T14733] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  694.157900][T14736] loop2: detected capacity change from 0 to 7
[  694.164750][T14736] Dev loop2: unable to read RDB block 7
[  694.170594][T14736]  loop2: unable to read partition table
[  694.177182][T14736] loop2: partition table beyond EOD, truncated
[  694.183589][T14736] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  694.226361][ T5961] usb 6-1: USB disconnect, device number 43
[  694.500224][T14738] tipc: Started in network mode
[  694.508687][T14738] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  694.554168][T14738] tipc: Enabled bearer <udp:syz0>, priority 10
[  694.978041][T14744] FAULT_INJECTION: forcing a failure.
[  694.978041][T14744] name failslab, interval 1, probability 0, space 0, times 0
[  695.032708][T14744] CPU: 0 UID: 0 PID: 14744 Comm: syz.5.2502 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  695.032742][T14744] Tainted: [L]=SOFTLOCKUP
[  695.032751][T14744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  695.032774][T14744] Call Trace:
[  695.032783][T14744]  <TASK>
[  695.032794][T14744]  dump_stack_lvl+0x189/0x250
[  695.032826][T14744]  ? __pfx____ratelimit+0x10/0x10
[  695.032862][T14744]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.032889][T14744]  ? __pfx__printk+0x10/0x10
[  695.032937][T14744]  should_fail_ex+0x414/0x560
[  695.032975][T14744]  should_failslab+0xa8/0x100
[  695.033004][T14744]  __kmalloc_cache_noprof+0x84/0x700
[  695.033025][T14744]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  695.033057][T14744]  ? sctp_add_bind_addr+0x8c/0x370
[  695.033092][T14744]  sctp_add_bind_addr+0x8c/0x370
[  695.033126][T14744]  sctp_copy_local_addr_list+0x30b/0x4e0
[  695.033161][T14744]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  695.033191][T14744]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  695.033222][T14744]  ? sctp_v6_is_any+0x64/0x80
[  695.033249][T14744]  ? sctp_copy_one_addr+0x93/0x360
[  695.033272][T14744]  sctp_bind_addr_copy+0xb3/0x3c0
[  695.033294][T14744]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  695.033316][T14744]  sctp_connect_new_asoc+0x2e0/0x690
[  695.033334][T14744]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  695.033350][T14744]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  695.033366][T14744]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  695.033380][T14744]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  695.033395][T14744]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  695.033412][T14744]  ? security_sctp_bind_connect+0x7e/0x2e0
[  695.033429][T14744]  sctp_sendmsg+0x155c/0x2840
[  695.033453][T14744]  ? __pfx_sctp_sendmsg+0x10/0x10
[  695.033466][T14744]  ? aa_sk_perm+0x15f/0x920
[  695.033486][T14744]  ? aa_sk_perm+0x7ee/0x920
[  695.033519][T14744]  ? __pfx_aa_sk_perm+0x10/0x10
[  695.033541][T14744]  ? sock_rps_record_flow+0x19/0x410
[  695.033566][T14744]  ? inet_sendmsg+0x2f4/0x370
[  695.033584][T14744]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  695.033601][T14744]  __sock_sendmsg+0x19c/0x270
[  695.033626][T14744]  ____sys_sendmsg+0x505/0x820
[  695.033654][T14744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  695.033676][T14744]  ? kstrtouint+0x6e/0xe0
[  695.033705][T14744]  ___sys_sendmsg+0x21f/0x2a0
[  695.033726][T14744]  ? __pfx____sys_sendmsg+0x10/0x10
[  695.033750][T14744]  ? rcu_read_lock_any_held+0xb3/0x120
[  695.033796][T14744]  ? __fget_files+0x2a/0x420
[  695.033816][T14744]  ? __fget_files+0x3a0/0x420
[  695.033843][T14744]  __sys_sendmsg+0x164/0x220
[  695.033863][T14744]  ? __pfx___sys_sendmsg+0x10/0x10
[  695.033889][T14744]  ? __pfx_ksys_write+0x10/0x10
[  695.033907][T14744]  ? __do_fast_syscall_32+0xbe/0x590
[  695.033928][T14744]  __do_fast_syscall_32+0x1f7/0x590
[  695.033947][T14744]  ? rcu_is_watching+0x15/0xb0
[  695.033964][T14744]  ? do_fast_syscall_32+0x34/0x80
[  695.033985][T14744]  do_fast_syscall_32+0x34/0x80
[  695.034002][T14744]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  695.034021][T14744] RIP: 0023:0xf6ffd539
[  695.034035][T14744] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  695.034049][T14744] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  695.034065][T14744] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[  695.034076][T14744] RDX: 0000000000008050 RSI: 0000000000000000 RDI: 0000000000000000
[  695.034086][T14744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  695.034095][T14744] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  695.034104][T14744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  695.034126][T14744]  </TASK>
[  695.404593][   T30] audit: type=1800 audit(1765906673.984:1336): pid=14747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2505" name="file1" dev="tmpfs" ino=2615 res=0 errno=0
[  695.558827][  T106] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  695.678682][ T5968] tipc: Node number set to 4269801488
[  695.718613][  T106] usb 7-1: Using ep0 maxpacket: 32
[  695.740184][  T106] usb 7-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  695.749612][  T106] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.760887][  T106] usb 7-1: config 0 descriptor??
[  695.776043][  T106] as10x_usb: device has been detected
[  695.782346][  T106] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  695.811226][  T106] usb 7-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  695.843543][  T106] as10x_usb: error during firmware upload part1
[  695.854251][  T106] Registered device nBox DVB-T Dongle
[  696.067986][  T106] usb 7-1: USB disconnect, device number 40
[  696.122842][  T106] Unregistered device nBox DVB-T Dongle
[  696.143785][  T106] as10x_usb: device has been disconnected
[  696.290788][T14743] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  696.405529][T14770] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2507'.
[  696.708909][T14772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2509'.
[  697.109208][  T106] usb 1-1: new full-speed USB device number 55 using dummy_hcd
[  697.283430][  T106] usb 1-1: not running at top speed; connect to a high speed hub
[  697.300814][  T106] usb 1-1: config 243 has an invalid interface number: 137 but max is 2
[  697.315123][  T106] usb 1-1: config 243 has an invalid interface number: 75 but max is 2
[  697.327498][  T106] usb 1-1: config 243 has an invalid interface number: 27 but max is 2
[  697.337791][T14783] binder: 14782:14783 ioctl c0306201 80000080 returned -14
[  697.346376][  T106] usb 1-1: config 243 has an invalid interface number: 15 but max is 2
[  697.355743][  T106] usb 1-1: config 243 has an invalid descriptor of length 254, skipping remainder of the config
[  697.367682][  T106] usb 1-1: config 243 has 4 interfaces, different from the descriptor's value: 3
[  697.377446][  T106] usb 1-1: config 243 has no interface number 0
[  697.383977][  T106] usb 1-1: config 243 has no interface number 1
[  697.390889][  T106] usb 1-1: config 243 has no interface number 2
[  697.397248][  T106] usb 1-1: config 243 has no interface number 3
[  697.475967][  T106] usb 1-1: config 243 interface 75 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  697.512641][  T106] usb 1-1: config 243 interface 75 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  697.545467][  T106] usb 1-1: config 243 interface 75 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  697.571340][T14795] FAULT_INJECTION: forcing a failure.
[  697.571340][T14795] name failslab, interval 1, probability 0, space 0, times 0
[  697.585661][  T106] usb 1-1: config 243 interface 75 altsetting 1 has 6 endpoint descriptors, different from the interface descriptor's value: 9
[  697.601229][T14795] CPU: 0 UID: 0 PID: 14795 Comm: syz.6.2515 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  697.601259][T14795] Tainted: [L]=SOFTLOCKUP
[  697.601268][T14795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  697.601282][T14795] Call Trace:
[  697.601291][T14795]  <TASK>
[  697.601301][T14795]  dump_stack_lvl+0x189/0x250
[  697.601342][T14795]  ? __pfx____ratelimit+0x10/0x10
[  697.601377][T14795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.601397][T14795]  ? __pfx__printk+0x10/0x10
[  697.601422][T14795]  ? __pfx___might_resched+0x10/0x10
[  697.601439][T14795]  ? fs_reclaim_acquire+0x7d/0x100
[  697.601460][T14795]  should_fail_ex+0x414/0x560
[  697.601487][T14795]  should_failslab+0xa8/0x100
[  697.601508][T14795]  __kmalloc_cache_noprof+0x84/0x700
[  697.601524][T14795]  ? rtnl_newlink+0xfb/0x1c90
[  697.601551][T14795]  ? stack_depot_save_flags+0x40/0x850
[  697.601579][T14795]  rtnl_newlink+0xfb/0x1c90
[  697.601596][T14795]  ? kasan_save_track+0x4f/0x80
[  697.601610][T14795]  ? kasan_save_track+0x3e/0x80
[  697.601623][T14795]  ? kasan_save_free_info+0x46/0x50
[  697.601643][T14795]  ? __kasan_slab_free+0x5c/0x80
[  697.601658][T14795]  ? kmem_cache_free+0x197/0x620
[  697.601672][T14795]  ? nlmon_xmit+0xb0/0x100
[  697.601689][T14795]  ? dev_hard_start_xmit+0x2cd/0x800
[  697.601708][T14795]  ? __dev_queue_xmit+0x1493/0x3140
[  697.601727][T14795]  ? __netlink_deliver_tap+0x5ad/0x850
[  697.601745][T14795]  ? netlink_deliver_tap+0x19c/0x1b0
[  697.601762][T14795]  ? netlink_unicast+0x7fa/0x9e0
[  697.601777][T14795]  ? netlink_sendmsg+0x805/0xb30
[  697.601796][T14795]  ? __pfx_rtnl_newlink+0x10/0x10
[  697.601810][T14795]  ? __do_fast_syscall_32+0x1f7/0x590
[  697.601827][T14795]  ? do_fast_syscall_32+0x34/0x80
[  697.601842][T14795]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.601883][T14795]  ? kasan_quarantine_put+0xdd/0x220
[  697.601898][T14795]  ? lockdep_hardirqs_on+0x98/0x140
[  697.601918][T14795]  ? kmem_cache_free+0x197/0x620
[  697.601931][T14795]  ? nlmon_xmit+0xb0/0x100
[  697.601956][T14795]  ? __lock_acquire+0x6b6/0x2cf0
[  697.601975][T14795]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  697.601994][T14795]  ? __dev_queue_xmit+0x289/0x3140
[  697.602014][T14795]  ? __dev_queue_xmit+0x289/0x3140
[  697.602032][T14795]  ? __dev_queue_xmit+0x289/0x3140
[  697.602071][T14795]  ? __pfx_rtnl_newlink+0x10/0x10
[  697.602086][T14795]  rtnetlink_rcv_msg+0x7cf/0xb70
[  697.602105][T14795]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  697.602120][T14795]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  697.602134][T14795]  ? ref_tracker_free+0x63a/0x7d0
[  697.602169][T14795]  ? __asan_memcpy+0x40/0x70
[  697.602182][T14795]  ? __pfx_ref_tracker_free+0x10/0x10
[  697.602204][T14795]  netlink_rcv_skb+0x208/0x470
[  697.602225][T14795]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  697.602248][T14795]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  697.602276][T14795]  ? netlink_deliver_tap+0x2e/0x1b0
[  697.602301][T14795]  netlink_unicast+0x82f/0x9e0
[  697.602324][T14795]  ? __pfx_netlink_unicast+0x10/0x10
[  697.602349][T14795]  ? netlink_sendmsg+0x642/0xb30
[  697.602367][T14795]  ? skb_put+0x11b/0x210
[  697.602392][T14795]  netlink_sendmsg+0x805/0xb30
[  697.602431][T14795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.602461][T14795]  ? __import_iovec+0x5d4/0x7f0
[  697.602485][T14795]  ? aa_sock_msg_perm+0xf1/0x1b0
[  697.602512][T14795]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  697.602531][T14795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.602559][T14795]  __sock_sendmsg+0x21c/0x270
[  697.602598][T14795]  ____sys_sendmsg+0x505/0x820
[  697.602627][T14795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  697.602657][T14795]  ? kstrtouint+0x6e/0xe0
[  697.602694][T14795]  ___sys_sendmsg+0x21f/0x2a0
[  697.602722][T14795]  ? __pfx____sys_sendmsg+0x10/0x10
[  697.602754][T14795]  ? rcu_read_lock_any_held+0xb3/0x120
[  697.602807][T14795]  ? __fget_files+0x2a/0x420
[  697.602833][T14795]  ? __fget_files+0x3a0/0x420
[  697.602872][T14795]  __sys_sendmsg+0x164/0x220
[  697.602901][T14795]  ? __pfx___sys_sendmsg+0x10/0x10
[  697.602938][T14795]  ? __pfx_ksys_write+0x10/0x10
[  697.602965][T14795]  ? __do_fast_syscall_32+0xbe/0x590
[  697.602995][T14795]  __do_fast_syscall_32+0x1f7/0x590
[  697.603021][T14795]  ? rcu_is_watching+0x15/0xb0
[  697.603047][T14795]  ? do_fast_syscall_32+0x34/0x80
[  697.603078][T14795]  do_fast_syscall_32+0x34/0x80
[  697.603104][T14795]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.603131][T14795] RIP: 0023:0xf7f34539
[  697.603151][T14795] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  697.603171][T14795] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  697.603195][T14795] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800002c0
[  697.603219][T14795] RDX: 0000000000040800 RSI: 0000000000000000 RDI: 0000000000000000
[  697.603233][T14795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  697.603247][T14795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  697.603261][T14795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.603292][T14795]  </TASK>
[  697.603551][  T106] usb 1-1: too many endpoints for config 243 interface 27 altsetting 2: 249, using maximum allowed: 30
[  698.119237][   T30] audit: type=1326 audit(1765906677.064:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14776 comm="syz.2.2510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed539 code=0x7fc00000
[  698.409984][  T106] usb 1-1: config 243 interface 27 altsetting 2 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  698.421537][  T106] usb 1-1: config 243 interface 27 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 249
[  698.600063][  T106] usb 1-1: config 243 interface 15 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 6
[  698.644922][  T106] usb 1-1: config 243 interface 137 has no altsetting 0
[  698.662880][  T106] usb 1-1: config 243 interface 75 has no altsetting 0
[  698.933488][  T106] usb 1-1: config 243 interface 27 has no altsetting 0
[  698.965419][  T106] usb 1-1: config 243 interface 15 has no altsetting 0
[  698.980228][  T106] usb 1-1: string descriptor 0 read error: -71
[  698.989313][  T106] usb 1-1: New USB device found, idVendor=0499, idProduct=104f, bcdDevice=e2.e8
[  699.167509][  T106] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.185624][  T106] usb 1-1: can't set config #243, error -71
[  699.303048][  T106] usb 1-1: USB disconnect, device number 55
[  699.848958][  T106] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  700.042051][  T106] usb 7-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 102, changing to 10
[  700.055456][  T106] usb 7-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid maxpacket 24624, setting to 1024
[  700.086836][  T106] usb 7-1: config 0 interface 0 has no altsetting 0
[  700.119003][  T106] usb 7-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[  700.129359][  T106] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.381596][  T106] usb 7-1: Product: syz
[  700.386041][  T106] usb 7-1: Manufacturer: syz
[  700.391021][  T106] usb 7-1: SerialNumber: syz
[  700.399090][  T106] usb 7-1: config 0 descriptor??
[  700.418797][  T106] keyspan 7-1:0.0: Keyspan 2 port adapter converter detected
[  700.426640][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 7
[  700.444664][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 81
[  700.486788][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 1
[  700.496956][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 2
[  700.537723][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 85
[  700.593757][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 5
[  700.638996][  T106] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  700.678153][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 83
[  700.698707][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 3
[  700.748794][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 4
[  700.772231][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 86
[  700.809356][  T106] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 6
[  700.855844][  T106] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  700.886761][  T106] usb 7-1: USB disconnect, device number 41
[  700.939691][  T106] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  701.006705][  T106] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  701.039369][  T106] keyspan 7-1:0.0: device disconnected
[  701.501837][ T5826] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  701.528132][ T5971] IPVS: starting estimator thread 0...
[  701.650570][T14840] IPVS: using max 24 ests per chain, 57600 per kthread
[  701.678576][ T5826] usb 1-1: Using ep0 maxpacket: 32
[  701.686030][ T5826] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  701.696026][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.720667][ T5826] usb 1-1: config 0 descriptor??
[  701.929391][ T5826] as10x_usb: device has been detected
[  701.936194][ T5826] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  701.979833][ T5826] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  702.048452][ T5826] as10x_usb: error during firmware upload part1
[  702.076462][ T5826] Registered device nBox DVB-T Dongle
[  702.097460][ T5826] usb 1-1: USB disconnect, device number 56
[  702.163937][ T5826] Unregistered device nBox DVB-T Dongle
[  702.167343][ T5826] as10x_usb: device has been disconnected
[  702.658954][T14829] tipc: Started in network mode
[  702.663928][T14829] tipc: Node identity , cluster identity 4711
[  702.701548][T14829] tipc: Failed to set node id, please configure manually
[  702.709117][T14829] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  702.935071][ T5826] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  703.100595][ T5826] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  703.119139][ T5826] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  703.148229][ T5826] usb 6-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  703.157531][ T5826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.171558][ T5826] usb 6-1: config 0 descriptor??
[  703.872400][T14848] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2530'.
[  703.890098][ T5826] usbhid 6-1:0.0: can't add hid device: -71
[  703.896264][ T5826] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  703.950492][ T5826] usb 6-1: USB disconnect, device number 44
[  705.194642][T14881] program syz.0.2536 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  705.553734][T14888] netlink: 'syz.4.2539': attribute type 9 has an invalid length.
[  705.589748][T14888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2539'.
[  705.618739][T14888] macvlan0: entered promiscuous mode
[  705.627130][T14888] hsr0: entered promiscuous mode
[  705.640010][T14888] macvlan0: entered allmulticast mode
[  705.702986][T14888] hsr0: entered allmulticast mode
[  705.715014][T14888] hsr_slave_0: entered allmulticast mode
[  705.733403][T14888] hsr_slave_1: entered allmulticast mode
[  705.930468][T14896] netlink: 'syz.4.2543': attribute type 9 has an invalid length.
[  705.938261][T14896] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2543'.
[  705.986939][T14896] macvlan1: entered promiscuous mode
[  706.012905][T14896] macvlan1: entered allmulticast mode
[  706.528711][  T106] usb 7-1: new low-speed USB device number 42 using dummy_hcd
[  706.668706][  T106] usb 7-1: device descriptor read/64, error -71
[  706.988782][  T106] usb 7-1: new low-speed USB device number 43 using dummy_hcd
[  707.178676][  T106] usb 7-1: device descriptor read/64, error -71
[  707.309114][  T106] usb usb7-port1: attempt power cycle
[  707.659542][  T106] usb 7-1: new low-speed USB device number 44 using dummy_hcd
[  707.700290][  T106] usb 7-1: device descriptor read/8, error -71
[  707.825384][T14911] FAULT_INJECTION: forcing a failure.
[  707.825384][T14911] name failslab, interval 1, probability 0, space 0, times 0
[  707.862361][T14911] CPU: 0 UID: 0 PID: 14911 Comm: syz.5.2545 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  707.862397][T14911] Tainted: [L]=SOFTLOCKUP
[  707.862405][T14911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  707.862418][T14911] Call Trace:
[  707.862427][T14911]  <TASK>
[  707.862436][T14911]  dump_stack_lvl+0x189/0x250
[  707.862468][T14911]  ? __pfx____ratelimit+0x10/0x10
[  707.862503][T14911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  707.862531][T14911]  ? __pfx__printk+0x10/0x10
[  707.862569][T14911]  ? __pfx___might_resched+0x10/0x10
[  707.862598][T14911]  should_fail_ex+0x414/0x560
[  707.862638][T14911]  should_failslab+0xa8/0x100
[  707.862733][T14911]  kmem_cache_alloc_lru_noprof+0x8d/0x6e0
[  707.862769][T14911]  ? __d_alloc+0x37/0x6f0
[  707.862803][T14911]  __d_alloc+0x37/0x6f0
[  707.862840][T14911]  d_alloc+0x4b/0x190
[  707.862867][T14911]  ? lookup_one_qstr_excl+0xc8/0x360
[  707.862898][T14911]  lookup_one_qstr_excl+0xdc/0x360
[  707.862928][T14911]  ? lookup_noperm_common+0x245/0x430
[  707.862961][T14911]  start_dirop+0x5c/0x90
[  707.862991][T14911]  simple_start_creating+0xc4/0x100
[  707.863022][T14911]  ? __pfx_simple_start_creating+0x10/0x10
[  707.863053][T14911]  ? do_raw_spin_unlock+0x122/0x240
[  707.863085][T14911]  ? mntput+0x65/0xc0
[  707.863112][T14911]  debugfs_start_creating+0xdb/0x1a0
[  707.863137][T14911]  __debugfs_create_file+0x6f/0x400
[  707.863176][T14911]  debugfs_create_file_full+0x3f/0x60
[  707.863203][T14911]  ref_tracker_dir_debugfs+0x14e/0x2d0
[  707.863228][T14911]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  707.863281][T14911]  ? trace_kmalloc+0x1f/0xb0
[  707.863299][T14911]  ? __kvmalloc_node_noprof+0x5f5/0x920
[  707.863327][T14911]  ? __raw_spin_lock_init+0x45/0x100
[  707.863360][T14911]  alloc_netdev_mqs+0x272/0x11b0
[  707.863391][T14911]  ? __pfx_ipip6_tunnel_setup+0x10/0x10
[  707.863429][T14911]  rtnl_create_link+0x31f/0xcf0
[  707.863468][T14911]  rtnl_newlink_create+0x25c/0xb00
[  707.863507][T14911]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  707.863538][T14911]  ? __pfx___mutex_lock+0x10/0x10
[  707.863574][T14911]  ? ns_capable+0x8a/0xf0
[  707.863602][T14911]  rtnl_newlink+0x16e7/0x1c90
[  707.863718][T14911]  ? __pfx_rtnl_newlink+0x10/0x10
[  707.863743][T14911]  ? __lock_acquire+0x6b6/0x2cf0
[  707.863769][T14911]  ? __lock_acquire+0x6b6/0x2cf0
[  707.863836][T14911]  ? is_bpf_text_address+0x26/0x2b0
[  707.863877][T14911]  ? is_bpf_text_address+0x292/0x2b0
[  707.863911][T14911]  ? is_bpf_text_address+0x26/0x2b0
[  707.863949][T14911]  ? __lock_acquire+0x6b6/0x2cf0
[  707.863976][T14911]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  707.864011][T14911]  ? arch_stack_walk+0xfc/0x150
[  707.864075][T14911]  ? __pfx_rtnl_newlink+0x10/0x10
[  707.864098][T14911]  rtnetlink_rcv_msg+0x7cf/0xb70
[  707.864127][T14911]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  707.864150][T14911]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  707.864174][T14911]  ? __lock_acquire+0x6b6/0x2cf0
[  707.864213][T14911]  netlink_rcv_skb+0x208/0x470
[  707.864243][T14911]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  707.864270][T14911]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  707.864312][T14911]  ? netlink_deliver_tap+0x2e/0x1b0
[  707.864350][T14911]  netlink_unicast+0x82f/0x9e0
[  707.864385][T14911]  ? __pfx_netlink_unicast+0x10/0x10
[  707.864413][T14911]  ? netlink_sendmsg+0x642/0xb30
[  707.864439][T14911]  ? skb_put+0x11b/0x210
[  707.864469][T14911]  netlink_sendmsg+0x805/0xb30
[  707.864509][T14911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  707.864546][T14911]  ? __import_iovec+0x5d4/0x7f0
[  707.864572][T14911]  ? aa_sock_msg_perm+0xf1/0x1b0
[  707.864603][T14911]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  707.864631][T14911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  707.864662][T14911]  __sock_sendmsg+0x21c/0x270
[  707.864698][T14911]  ____sys_sendmsg+0x505/0x820
[  707.864729][T14911]  ? __pfx_____sys_sendmsg+0x10/0x10
[  707.864760][T14911]  ? kstrtouint+0x6e/0xe0
[  707.864801][T14911]  ___sys_sendmsg+0x21f/0x2a0
[  707.864830][T14911]  ? __pfx____sys_sendmsg+0x10/0x10
[  707.864864][T14911]  ? rcu_read_lock_any_held+0xb3/0x120
[  707.864924][T14911]  ? __fget_files+0x2a/0x420
[  707.864956][T14911]  ? __fget_files+0x3a0/0x420
[  707.864995][T14911]  __sys_sendmsg+0x164/0x220
[  707.865024][T14911]  ? __pfx___sys_sendmsg+0x10/0x10
[  707.865060][T14911]  ? __pfx_ksys_write+0x10/0x10
[  707.865085][T14911]  ? __do_fast_syscall_32+0xbe/0x590
[  707.865114][T14911]  __do_fast_syscall_32+0x1f7/0x590
[  707.865140][T14911]  ? rcu_is_watching+0x15/0xb0
[  707.865165][T14911]  ? do_fast_syscall_32+0x34/0x80
[  707.865196][T14911]  do_fast_syscall_32+0x34/0x80
[  707.865221][T14911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  707.865247][T14911] RIP: 0023:0xf6ffd539
[  707.865266][T14911] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  707.865284][T14911] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  707.865308][T14911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  707.865323][T14911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  707.865335][T14911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  707.865348][T14911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  707.865361][T14911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  707.865395][T14911]  </TASK>
[  708.482318][   T30] audit: type=1326 audit(1765906687.424:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2549" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd539 code=0x0
[  708.541466][  T106] usb 7-1: new low-speed USB device number 45 using dummy_hcd
[  708.585481][  T106] usb 7-1: device descriptor read/8, error -71
[  708.700919][  T106] usb usb7-port1: unable to enumerate USB device
[  708.933269][ T5971] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  708.976617][T14944] loop2: detected capacity change from 0 to 7
[  708.986706][ T5960] Dev loop2: unable to read RDB block 7
[  708.992575][ T5960]  loop2: unable to read partition table
[  709.015174][ T5960] loop2: partition table beyond EOD, truncated
[  709.023151][T14944] Dev loop2: unable to read RDB block 7
[  709.035841][T14944]  loop2: unable to read partition table
[  709.042770][T14944] loop2: partition table beyond EOD, truncated
[  709.105184][T14944] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  709.119234][ T5971] usb 6-1: Using ep0 maxpacket: 8
[  709.128307][ T5971] usb 6-1: config 8 has an invalid interface number: 188 but max is 0
[  709.138450][ T5971] usb 6-1: config 8 has no interface number 0
[  709.156048][ T5971] usb 6-1: config 8 interface 188 altsetting 0 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  709.186352][ T5971] usb 6-1: config 8 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  709.208221][ T5971] usb 6-1: config 8 interface 188 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  709.275468][ T5971] usb 6-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=8f.67
[  709.294220][ T5971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.318796][ T5971] usb 6-1: Product: syz
[  709.330606][ T5971] usb 6-1: Manufacturer: syz
[  709.336110][ T5971] usb 6-1: SerialNumber: syz
[  709.824667][ T5971] vmk80xx 6-1:8.188: driver 'vmk80xx' failed to auto-configure device.
[  709.836604][ T5971] vmk80xx 6-1:8.188: probe with driver vmk80xx failed with error -22
[  709.857590][ T5971] usb 6-1: USB disconnect, device number 45
[  710.097243][T14951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  710.133353][T14951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  710.269142][T14957] FAULT_INJECTION: forcing a failure.
[  710.269142][T14957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.293706][T14957] CPU: 1 UID: 0 PID: 14957 Comm: syz.0.2558 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  710.293741][T14957] Tainted: [L]=SOFTLOCKUP
[  710.293750][T14957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  710.293763][T14957] Call Trace:
[  710.293772][T14957]  <TASK>
[  710.293781][T14957]  dump_stack_lvl+0x189/0x250
[  710.293812][T14957]  ? __pfx____ratelimit+0x10/0x10
[  710.293845][T14957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.293871][T14957]  ? __pfx__printk+0x10/0x10
[  710.293903][T14957]  ? __might_fault+0xb0/0x130
[  710.293949][T14957]  should_fail_ex+0x414/0x560
[  710.293988][T14957]  _copy_from_user+0x2d/0xb0
[  710.294017][T14957]  get_compat_msghdr+0xad/0x4a0
[  710.294052][T14957]  ? __pfx_get_compat_msghdr+0x10/0x10
[  710.294083][T14957]  ? kstrtouint+0x6e/0xe0
[  710.294121][T14957]  ___sys_sendmsg+0x193/0x2a0
[  710.294150][T14957]  ? __pfx____sys_sendmsg+0x10/0x10
[  710.294177][T14957]  ? rcu_read_lock_any_held+0xb3/0x120
[  710.294223][T14957]  ? __fget_files+0x2a/0x420
[  710.294245][T14957]  ? __fget_files+0x3a0/0x420
[  710.294275][T14957]  __sys_sendmsg+0x164/0x220
[  710.294298][T14957]  ? __pfx___sys_sendmsg+0x10/0x10
[  710.294327][T14957]  ? __pfx_ksys_write+0x10/0x10
[  710.294348][T14957]  ? __do_fast_syscall_32+0xbe/0x590
[  710.294371][T14957]  __do_fast_syscall_32+0x1f7/0x590
[  710.294392][T14957]  ? rcu_is_watching+0x15/0xb0
[  710.294413][T14957]  ? do_fast_syscall_32+0x34/0x80
[  710.294437][T14957]  do_fast_syscall_32+0x34/0x80
[  710.294457][T14957]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  710.294479][T14957] RIP: 0023:0xf70cd539
[  710.294508][T14957] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  710.294524][T14957] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  710.294544][T14957] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800007c0
[  710.294558][T14957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  710.294568][T14957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  710.294579][T14957] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  710.294590][T14957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  710.294615][T14957]  </TASK>
[  710.635597][T14959] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2559'.
[  711.003775][T14975] netlink: 'syz.5.2564': attribute type 1 has an invalid length.
[  711.114812][T14975] bond1: entered promiscuous mode
[  711.181706][T14975] 8021q: adding VLAN 0 to HW filter on device bond1
[  711.251873][T14980] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  711.289107][T14980] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  711.315138][T14980] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  711.381438][T14975] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  711.394316][T14975] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  712.017124][T14993] usb usb8: usbfs: process 14993 (syz.6.2567) did not claim interface 0 before use
[  712.169451][  T106] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  712.177830][T14996] loop2: detected capacity change from 0 to 7
[  712.190575][ T5960] Dev loop2: unable to read RDB block 7
[  712.201987][ T5960]  loop2: AHDI p1 p2 p3
[  712.206220][ T5960] loop2: partition table partially beyond EOD, truncated
[  712.228773][ T5960] loop2: p1 start 1601398130 is beyond EOD, truncated
[  712.235605][ T5960] loop2: p2 start 1702059890 is beyond EOD, truncated
[  712.328233][T14996] Dev loop2: unable to read RDB block 7
[  712.459274][T14996]  loop2: AHDI p1 p2 p3
[  712.463553][T14996] loop2: partition table partially beyond EOD, truncated
[  712.505292][T14996] loop2: p1 start 1601398130 is beyond EOD, truncated
[  712.523054][T14996] loop2: p2 start 1702059890 is beyond EOD, truncated
[  712.728467][T15004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.757869][T15004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.756826][T15010] FAULT_INJECTION: forcing a failure.
[  713.756826][T15010] name failslab, interval 1, probability 0, space 0, times 0
[  713.808791][T15010] CPU: 0 UID: 0 PID: 15010 Comm: syz.2.2572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  713.808828][T15010] Tainted: [L]=SOFTLOCKUP
[  713.808836][T15010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  713.808851][T15010] Call Trace:
[  713.808864][T15010]  <TASK>
[  713.808874][T15010]  dump_stack_lvl+0x189/0x250
[  713.808909][T15010]  ? __pfx____ratelimit+0x10/0x10
[  713.808945][T15010]  ? __pfx_dump_stack_lvl+0x10/0x10
[  713.808974][T15010]  ? __pfx__printk+0x10/0x10
[  713.809016][T15010]  ? __pfx___might_resched+0x10/0x10
[  713.809047][T15010]  should_fail_ex+0x414/0x560
[  713.809087][T15010]  should_failslab+0xa8/0x100
[  713.809118][T15010]  kmem_cache_alloc_noprof+0x88/0x710
[  713.809155][T15010]  ? __kernfs_new_node+0xdc/0x880
[  713.809195][T15010]  __kernfs_new_node+0xdc/0x880
[  713.809229][T15010]  ? __pfx___kernfs_new_node+0x10/0x10
[  713.809255][T15010]  ? kernfs_root+0x1c/0x230
[  713.809288][T15010]  ? kernfs_root+0x1c/0x230
[  713.809311][T15010]  ? kernfs_root+0x1c/0x230
[  713.809332][T15010]  ? kernfs_root+0x1c/0x230
[  713.809361][T15010]  kernfs_new_node+0x102/0x210
[  713.809394][T15010]  __kernfs_create_file+0x4b/0x2e0
[  713.809429][T15010]  sysfs_add_file_mode_ns+0x238/0x300
[  713.809474][T15010]  internal_create_group+0x667/0x1170
[  713.809518][T15010]  ? __pfx_internal_create_group+0x10/0x10
[  713.809545][T15010]  ? kernfs_add_one+0x46f/0x5c0
[  713.809580][T15010]  sysfs_create_groups+0x59/0x120
[  713.809609][T15010]  device_add_attrs+0x13f/0x5a0
[  713.809634][T15010]  ? kernfs_put+0x40e/0x470
[  713.809660][T15010]  ? __pfx_device_add_attrs+0x10/0x10
[  713.809680][T15010]  ? kobject_put+0x52a/0x570
[  713.809712][T15010]  ? device_add_class_symlinks+0x21f/0x240
[  713.809739][T15010]  device_add+0x496/0xb80
[  713.809765][T15010]  input_register_device+0x9d3/0x1170
[  713.809805][T15010]  ? input_ff_create+0x235/0x300
[  713.809839][T15010]  uinput_create_device+0x422/0x670
[  713.809878][T15010]  uinput_ioctl_handler+0x3f0/0x1570
[  713.809909][T15010]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[  713.809954][T15010]  ? __fget_files+0x2a/0x420
[  713.809994][T15010]  __ia32_compat_sys_ioctl+0x543/0x840
[  713.810022][T15010]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  713.810046][T15010]  ? __fget_files+0x3a0/0x420
[  713.810083][T15010]  ? fput+0xa0/0xd0
[  713.810114][T15010]  ? ksys_write+0x22a/0x250
[  713.810135][T15010]  ? exc_page_fault+0x82/0x100
[  713.810159][T15010]  ? __pfx_ksys_write+0x10/0x10
[  713.810193][T15010]  ? __do_fast_syscall_32+0xbe/0x590
[  713.810224][T15010]  __do_fast_syscall_32+0x1f7/0x590
[  713.810252][T15010]  ? rcu_is_watching+0x15/0xb0
[  713.810279][T15010]  ? do_fast_syscall_32+0x34/0x80
[  713.810311][T15010]  do_fast_syscall_32+0x34/0x80
[  713.810337][T15010]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  713.810365][T15010] RIP: 0023:0xf70ed539
[  713.810384][T15010] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  713.810405][T15010] RSP: 002b:00000000f54dd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  713.810429][T15010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501
[  713.810445][T15010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  713.810460][T15010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  713.810473][T15010] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  713.810487][T15010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  713.810522][T15010]  </TASK>
[  714.536284][T15014] FAULT_INJECTION: forcing a failure.
[  714.536284][T15014] name failslab, interval 1, probability 0, space 0, times 0
[  714.614923][T15014] CPU: 0 UID: 0 PID: 15014 Comm: syz.6.2573 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  714.614961][T15014] Tainted: [L]=SOFTLOCKUP
[  714.614971][T15014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  714.614985][T15014] Call Trace:
[  714.614995][T15014]  <TASK>
[  714.615006][T15014]  dump_stack_lvl+0x189/0x250
[  714.615043][T15014]  ? __pfx____ratelimit+0x10/0x10
[  714.615080][T15014]  ? __pfx_dump_stack_lvl+0x10/0x10
[  714.615108][T15014]  ? __pfx__printk+0x10/0x10
[  714.615148][T15014]  ? __pfx___might_resched+0x10/0x10
[  714.615173][T15014]  ? fs_reclaim_acquire+0x7d/0x100
[  714.615204][T15014]  should_fail_ex+0x414/0x560
[  714.615246][T15014]  should_failslab+0xa8/0x100
[  714.615276][T15014]  __kmalloc_noprof+0xdf/0x800
[  714.615298][T15014]  ? tomoyo_encode+0x28b/0x550
[  714.615334][T15014]  tomoyo_encode+0x28b/0x550
[  714.615385][T15014]  tomoyo_realpath_from_path+0x58d/0x5d0
[  714.615429][T15014]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  714.615455][T15014]  tomoyo_path_number_perm+0x1e8/0x5a0
[  714.615485][T15014]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  714.615510][T15014]  ? __lock_acquire+0x6b6/0x2cf0
[  714.615577][T15014]  ? __fget_files+0x2a/0x420
[  714.615613][T15014]  ? __fget_files+0x3a0/0x420
[  714.615640][T15014]  ? __fget_files+0x2a/0x420
[  714.615673][T15014]  security_file_ioctl_compat+0xcb/0x2d0
[  714.615700][T15014]  __ia32_compat_sys_ioctl+0x128/0x840
[  714.615727][T15014]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  714.615751][T15014]  ? __fget_files+0x3a0/0x420
[  714.615787][T15014]  ? fput+0xa0/0xd0
[  714.615817][T15014]  ? ksys_write+0x22a/0x250
[  714.615837][T15014]  ? exc_page_fault+0x82/0x100
[  714.615861][T15014]  ? __pfx_ksys_write+0x10/0x10
[  714.615887][T15014]  ? __do_fast_syscall_32+0xbe/0x590
[  714.615919][T15014]  __do_fast_syscall_32+0x1f7/0x590
[  714.615945][T15014]  ? rcu_is_watching+0x15/0xb0
[  714.615972][T15014]  ? do_fast_syscall_32+0x34/0x80
[  714.616003][T15014]  do_fast_syscall_32+0x34/0x80
[  714.616029][T15014]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  714.616057][T15014] RIP: 0023:0xf7f34539
[  714.616077][T15014] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  714.616096][T15014] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  714.616119][T15014] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008008551d
[  714.616135][T15014] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  714.616149][T15014] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  714.616162][T15014] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  714.616176][T15014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  714.616210][T15014]  </TASK>
[  714.616263][T15014] ERROR: Out of memory at tomoyo_realpath_from_path.
[  714.821603][T14997] fuse: Bad value for 'fd'
[  714.898687][T15014] usb usb8: usbfs: process 15014 (syz.6.2573) did not claim interface 0 before use
[  715.035417][T15021] trusted_key: encrypted_key: master key parameter is missing
[  715.188970][T15024] veth1_to_bond: entered allmulticast mode
[  715.232564][T15027] netlink: 'syz.6.2577': attribute type 1 has an invalid length.
[  715.341200][T15030] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2576'.
[  715.458372][T15027] bond1: entered promiscuous mode
[  715.485335][T15027] 8021q: adding VLAN 0 to HW filter on device bond1
[  716.149219][T15040] fuse: Bad value for 'fd'
[  716.335614][T15042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.443662][T15042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.575369][T15031] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  716.587979][T15031] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  716.599833][T15031] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  716.653406][T15027] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  716.700031][T15027] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  716.952916][T15050] loop2: detected capacity change from 0 to 7
[  716.963198][ T5960] Dev loop2: unable to read RDB block 7
[  716.977721][ T5960]  loop2: AHDI p1 p2 p3
[  716.987584][ T5960] loop2: partition table partially beyond EOD, truncated
[  717.002947][ T5960] loop2: p1 start 1601398130 is beyond EOD, truncated
[  717.016234][ T5960] loop2: p2 start 1702059890 is beyond EOD, truncated
[  717.040415][T15050] Dev loop2: unable to read RDB block 7
[  717.066423][T15050]  loop2: AHDI p1 p2 p3
[  717.075151][T15050] loop2: partition table partially beyond EOD, truncated
[  717.101858][   T30] audit: type=1800 audit(1765906696.044:1339): pid=15057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2584" name="file0" dev="tmpfs" ino=1439 res=0 errno=0
[  717.284191][T15050] loop2: p1 start 1601398130 is beyond EOD, truncated
[  717.292982][T15050] loop2: p2 start 1702059890 is beyond EOD, truncated
[  717.303015][   T30] audit: type=1804 audit(1765906696.044:1340): pid=15057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2584" name="/newroot/270/file0" dev="tmpfs" ino=1439 res=1 errno=0
[  717.711442][T15061] FAULT_INJECTION: forcing a failure.
[  717.711442][T15061] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  717.725826][T15061] CPU: 1 UID: 0 PID: 15061 Comm: syz.2.2585 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  717.725861][T15061] Tainted: [L]=SOFTLOCKUP
[  717.725870][T15061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  717.725883][T15061] Call Trace:
[  717.725892][T15061]  <TASK>
[  717.725902][T15061]  dump_stack_lvl+0x189/0x250
[  717.725942][T15061]  ? __pfx____ratelimit+0x10/0x10
[  717.725967][T15061]  ? __pfx_dump_stack_lvl+0x10/0x10
[  717.725986][T15061]  ? __pfx__printk+0x10/0x10
[  717.726010][T15061]  ? fs_reclaim_acquire+0x7d/0x100
[  717.726034][T15061]  should_fail_ex+0x414/0x560
[  717.726062][T15061]  prepare_alloc_pages+0x22b/0x650
[  717.726085][T15061]  __alloc_frozen_pages_noprof+0x123/0x370
[  717.726107][T15061]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  717.726131][T15061]  ? policy_nodemask+0x27c/0x720
[  717.726154][T15061]  alloc_pages_mpol+0x232/0x4a0
[  717.726177][T15061]  folio_alloc_mpol_noprof+0x39/0x70
[  717.726209][T15061]  shmem_alloc_and_add_folio+0x423/0xf40
[  717.726252][T15061]  ? filemap_get_entry+0xad/0x2f0
[  717.726267][T15061]  ? filemap_get_entry+0xad/0x2f0
[  717.726281][T15061]  ? filemap_get_entry+0x28f/0x2f0
[  717.726297][T15061]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  717.726323][T15061]  ? shmem_allowable_huge_orders+0x1d4/0x4e0
[  717.726349][T15061]  shmem_get_folio_gfp+0x59d/0x1660
[  717.726388][T15061]  shmem_write_begin+0x16c/0x330
[  717.726416][T15061]  generic_perform_write+0x2c5/0x900
[  717.726444][T15061]  ? __pfx_generic_perform_write+0x10/0x10
[  717.726461][T15061]  ? preempt_schedule_thunk+0x16/0x30
[  717.726478][T15061]  ? mnt_put_write_access_file+0xc0/0x100
[  717.726505][T15061]  ? file_update_time_flags+0x448/0x4e0
[  717.726531][T15061]  shmem_file_write_iter+0xf8/0x120
[  717.726557][T15061]  iter_file_splice_write+0x972/0x10b0
[  717.726596][T15061]  ? __pfx_iter_file_splice_write+0x10/0x10
[  717.726620][T15061]  ? rcu_read_lock_any_held+0xb3/0x120
[  717.726656][T15061]  ? __pfx_iter_file_splice_write+0x10/0x10
[  717.726685][T15061]  do_splice+0xc79/0x1660
[  717.726740][T15061]  ? __pfx_do_splice+0x10/0x10
[  717.726777][T15061]  __se_sys_splice+0x2e1/0x460
[  717.726803][T15061]  ? __pfx___se_sys_splice+0x10/0x10
[  717.726827][T15061]  ? __ia32_sys_splice+0x21/0xf0
[  717.726850][T15061]  __do_fast_syscall_32+0x1f7/0x590
[  717.726869][T15061]  ? rcu_is_watching+0x15/0xb0
[  717.726888][T15061]  ? do_fast_syscall_32+0x34/0x80
[  717.726909][T15061]  do_fast_syscall_32+0x34/0x80
[  717.726932][T15061]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  717.726952][T15061] RIP: 0023:0xf70ed539
[  717.726966][T15061] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  717.726980][T15061] RSP: 002b:00000000f54dd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[  717.726997][T15061] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000
[  717.727008][T15061] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 00000000088000cb
[  717.727018][T15061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  717.727027][T15061] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  717.727036][T15061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  717.727059][T15061]  </TASK>
[  718.321925][T15064] netlink: 'syz.6.2586': attribute type 16 has an invalid length.
[  718.331764][T15064] netlink: 'syz.6.2586': attribute type 17 has an invalid length.
[  718.354128][T15064] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.361332][T15064] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.368936][T15064] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.376125][T15064] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.455034][T15064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  718.481937][T15019] veth1_to_bond: left allmulticast mode
[  718.710728][T15072] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2589'.
[  718.723785][T15072] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2589'.
[  719.127411][T15079] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2591'.
[  720.072807][T15090] batman_adv: batadv0: Adding interface: vxlan0
[  720.083943][T15090] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  720.135993][T15090] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active
[  720.218124][T15092] netlink: 'syz.2.2594': attribute type 1 has an invalid length.
[  720.316697][T15092] bond4: entered promiscuous mode
[  720.382578][T15092] 8021q: adding VLAN 0 to HW filter on device bond4
[  720.765975][T15105] loop2: detected capacity change from 0 to 7
[  720.772878][T15105] Dev loop2: unable to read RDB block 7
[  720.778492][T15105]  loop2: AHDI p1 p2 p3
[  720.798794][T15105] loop2: partition table partially beyond EOD, truncated
[  720.816506][T15105] loop2: p1 start 1601398130 is beyond EOD, truncated
[  720.845969][T15105] loop2: p2 start 1702059890 is beyond EOD, truncated
[  721.009576][ T5921] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  721.158652][ T5921] usb 6-1: device descriptor read/64, error -71
[  721.578661][ T5921] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  721.738683][ T5921] usb 6-1: device descriptor read/64, error -71
[  721.849121][ T5921] usb usb6-port1: attempt power cycle
[  721.879127][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  721.976145][T15118] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2603'.
[  722.189675][ T5921] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  722.245168][ T5921] usb 6-1: device descriptor read/8, error -71
[  722.498583][ T5921] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  722.529929][ T5921] usb 6-1: device descriptor read/8, error -71
[  722.663191][ T5921] usb usb6-port1: unable to enumerate USB device
[  722.685865][T15129] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  723.357045][T15136] FAULT_INJECTION: forcing a failure.
[  723.357045][T15136] name failslab, interval 1, probability 0, space 0, times 0
[  723.388678][T15136] CPU: 1 UID: 0 PID: 15136 Comm: syz.2.2609 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  723.388720][T15136] Tainted: [L]=SOFTLOCKUP
[  723.388729][T15136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  723.388742][T15136] Call Trace:
[  723.388752][T15136]  <TASK>
[  723.388762][T15136]  dump_stack_lvl+0x189/0x250
[  723.388801][T15136]  ? __pfx____ratelimit+0x10/0x10
[  723.388837][T15136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  723.388863][T15136]  ? __pfx__printk+0x10/0x10
[  723.388909][T15136]  should_fail_ex+0x414/0x560
[  723.388949][T15136]  should_failslab+0xa8/0x100
[  723.388978][T15136]  kmem_cache_alloc_noprof+0x88/0x710
[  723.389014][T15136]  ? skb_clone+0x212/0x3a0
[  723.389048][T15136]  skb_clone+0x212/0x3a0
[  723.389080][T15136]  __netlink_deliver_tap+0x404/0x850
[  723.389123][T15136]  ? netlink_deliver_tap+0x2e/0x1b0
[  723.389153][T15136]  netlink_deliver_tap+0x19c/0x1b0
[  723.389183][T15136]  netlink_sendskb+0x68/0x140
[  723.389211][T15136]  netlink_unicast+0x397/0x9e0
[  723.389234][T15136]  ? __asan_memcpy+0x40/0x70
[  723.389263][T15136]  ? __pfx_netlink_unicast+0x10/0x10
[  723.389299][T15136]  netlink_rcv_skb+0x28c/0x470
[  723.389328][T15136]  ? __pfx_genl_rcv_msg+0x10/0x10
[  723.389351][T15136]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  723.389400][T15136]  ? down_read+0x274/0x2e0
[  723.389423][T15136]  ? genl_rcv+0xd/0x40
[  723.389458][T15136]  genl_rcv+0x28/0x40
[  723.389488][T15136]  netlink_unicast+0x82f/0x9e0
[  723.389523][T15136]  ? __pfx_netlink_unicast+0x10/0x10
[  723.389551][T15136]  ? netlink_sendmsg+0x642/0xb30
[  723.389577][T15136]  ? skb_put+0x11b/0x210
[  723.389604][T15136]  netlink_sendmsg+0x805/0xb30
[  723.389644][T15136]  ? __pfx_netlink_sendmsg+0x10/0x10
[  723.389675][T15136]  ? __import_iovec+0x5d4/0x7f0
[  723.389700][T15136]  ? aa_sock_msg_perm+0xf1/0x1b0
[  723.389736][T15136]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  723.389758][T15136]  ? __pfx_netlink_sendmsg+0x10/0x10
[  723.389796][T15136]  __sock_sendmsg+0x21c/0x270
[  723.389834][T15136]  ____sys_sendmsg+0x505/0x820
[  723.389867][T15136]  ? __pfx_____sys_sendmsg+0x10/0x10
[  723.389900][T15136]  ? kstrtouint+0x6e/0xe0
[  723.389941][T15136]  ___sys_sendmsg+0x21f/0x2a0
[  723.389971][T15136]  ? __pfx____sys_sendmsg+0x10/0x10
[  723.390005][T15136]  ? rcu_read_lock_any_held+0xb3/0x120
[  723.390065][T15136]  ? __fget_files+0x2a/0x420
[  723.390092][T15136]  ? __fget_files+0x3a0/0x420
[  723.390132][T15136]  __sys_sendmsg+0x164/0x220
[  723.390161][T15136]  ? __pfx___sys_sendmsg+0x10/0x10
[  723.390198][T15136]  ? __pfx_ksys_write+0x10/0x10
[  723.390224][T15136]  ? __do_fast_syscall_32+0xbe/0x590
[  723.390254][T15136]  __do_fast_syscall_32+0x1f7/0x590
[  723.390279][T15136]  ? rcu_is_watching+0x15/0xb0
[  723.390305][T15136]  ? do_fast_syscall_32+0x34/0x80
[  723.390335][T15136]  do_fast_syscall_32+0x34/0x80
[  723.390361][T15136]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  723.390387][T15136] RIP: 0023:0xf70ed539
[  723.390407][T15136] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  723.390426][T15136] RSP: 002b:00000000f54dd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  723.390450][T15136] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0
[  723.390465][T15136] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  723.390479][T15136] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  723.390493][T15136] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  723.390506][T15136] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  723.390540][T15136]  </TASK>
[  724.349503][T15138] netlink: 'syz.2.2610': attribute type 5 has an invalid length.
[  724.628794][  T106] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  724.755058][T15146] loop2: detected capacity change from 0 to 7
[  724.768024][T15146] Dev loop2: unable to read RDB block 7
[  724.775555][T15146]  loop2: AHDI p1 p2 p3
[  724.781288][T15146] loop2: partition table partially beyond EOD, truncated
[  724.794942][T15146] loop2: p1 start 1601398130 is beyond EOD, truncated
[  724.797859][  T106] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  724.815226][T15146] loop2: p2 start 1702059890 is beyond EOD, truncated
[  724.820470][  T106] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.832464][ T5198] Dev loop2: unable to read RDB block 7
[  724.845207][ T5198]  loop2: AHDI p1 p2 p3
[  724.853204][ T5198] loop2: partition table partially beyond EOD, truncated
[  724.855164][  T106] usb 1-1: Product: syz
[  724.878705][  T106] usb 1-1: Manufacturer: syz
[  724.887737][ T5198] loop2: p1 start 1601398130 is beyond EOD, truncated
[  724.898665][  T106] usb 1-1: SerialNumber: syz
[  724.910448][ T5198] loop2: p2 start 1702059890 is beyond EOD, truncated
[  725.043066][T15148] netlink: 'syz.5.2615': attribute type 16 has an invalid length.
[  725.066715][T15148] netlink: 'syz.5.2615': attribute type 17 has an invalid length.
[  725.173211][T15148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  725.247697][  T106] rtl8150 1-1:1.0: couldn't reset the device
[  725.254783][  T106] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5
[  725.300478][  T106] usb 1-1: USB disconnect, device number 57
[  725.939382][  T106] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  726.200864][  T106] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  726.217515][  T106] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  726.261801][  T106] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  726.342347][  T106] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  726.360400][  T106] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.385380][  T106] usb 5-1: config 0 descriptor??
[  726.428663][T13947] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  726.688895][T13947] usb 1-1: Using ep0 maxpacket: 16
[  726.699478][T13947] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  726.724384][T13947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  726.754964][T13947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  726.776160][T13947] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  726.804688][T13947] usb 1-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[  726.870364][T13947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.909966][T13947] usb 1-1: config 0 descriptor??
[  727.004655][  T106] plantronics 0003:047F:FFFF.0022: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  727.024289][  T106] usb 5-1: USB disconnect, device number 66
[  727.200439][T15170] fido_id[15170]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  727.344065][T13947] hid_parser_main: 4 callbacks suppressed
[  727.344090][T13947] nintendo 0003:057E:2019.0023: unknown main item tag 0x0
[  727.368605][T13947] nintendo 0003:057E:2019.0023: unknown main item tag 0x0
[  727.382393][T13947] nintendo 0003:057E:2019.0023: unknown main item tag 0x0
[  727.400051][T15175] FAULT_INJECTION: forcing a failure.
[  727.400051][T15175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  727.418803][T15175] CPU: 1 UID: 0 PID: 15175 Comm: syz.2.2625 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  727.418837][T15175] Tainted: [L]=SOFTLOCKUP
[  727.418846][T15175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  727.418859][T15175] Call Trace:
[  727.418867][T15175]  <TASK>
[  727.418877][T15175]  dump_stack_lvl+0x189/0x250
[  727.418908][T15175]  ? __pfx____ratelimit+0x10/0x10
[  727.418951][T15175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  727.418976][T15175]  ? __pfx__printk+0x10/0x10
[  727.419008][T15175]  ? __might_fault+0xb0/0x130
[  727.419052][T15175]  should_fail_ex+0x414/0x560
[  727.419107][T15175]  _copy_from_user+0x2d/0xb0
[  727.419135][T15175]  copy_uabi_to_xstate+0x120/0x970
[  727.419175][T15175]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  727.419207][T15175]  ? __local_bh_enable_ip+0x12d/0x1c0
[  727.419238][T15175]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  727.419266][T15175]  ? x86_task_fpu+0x4c/0x90
[  727.419294][T15175]  fpu__restore_sig+0xf54/0x10d0
[  727.419326][T15175]  ? fpu__restore_sig+0xa48/0x10d0
[  727.419364][T15175]  ? __pfx_fpu__restore_sig+0x10/0x10
[  727.419419][T15175]  ia32_restore_sigcontext+0x449/0x5b0
[  727.419431][T13947] nintendo 0003:057E:2019.0023: unknown main item tag 0x0
[  727.419452][T15175]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  727.419482][T15175]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  727.419526][T15175]  ? _raw_spin_unlock_irq+0x23/0x50
[  727.419565][T15175]  ? lockdep_hardirqs_on+0x98/0x140
[  727.419595][T15175]  __ia32_compat_sys_rt_sigreturn+0x1a9/0x260
[  727.419621][T15175]  ? __task_pid_nr_ns+0x28/0x490
[  727.419657][T15175]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  727.419693][T15175]  ? do_int80_emulation+0xec/0x430
[  727.419722][T15175]  ? asm_int80_emulation+0x1a/0x20
[  727.419746][T15175]  do_int80_emulation+0x126/0x430
[  727.419774][T15175]  ? clear_bhb_loop+0x60/0xb0
[  727.419797][T15175]  ? clear_bhb_loop+0x60/0xb0
[  727.419832][T15175]  asm_int80_emulation+0x1a/0x20
[  727.419855][T15175] RIP: 0023:0xf70ed537
[  727.419877][T15175] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  727.419898][T15175] RSP: 002b:00000000f54dd55c EFLAGS: 00000206
[  727.419921][T15175] RAX: 000000000000014d RBX: 0000000000000003 RCX: 00000000800007c0
[  727.419939][T15175] RDX: 0000000000000001 RSI: 0000000000000007 RDI: 0000000000000000
[  727.419953][T15175] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  727.419969][T15175] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  727.419984][T15175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  727.420020][T15175]  </TASK>
[  727.604907][T15177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  727.699881][T13947] nintendo 0003:057E:2019.0023: unknown main item tag 0x0
[  727.714812][T13947] nintendo 0003:057E:2019.0023: hidraw0: USB HID v80.05 Device [HID 057e:2019] on usb-dummy_hcd.0-1/input0
[  727.761639][T15177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  727.789231][T13947] nintendo 0003:057E:2019.0023: Failed to get joycon info; ret=-38
[  727.797596][T13947] nintendo 0003:057E:2019.0023: Failed to retrieve controller info; ret=-38
[  727.817038][T13947] nintendo 0003:057E:2019.0023: Failed to initialize controller; ret=-38
[  727.860482][T13947] nintendo 0003:057E:2019.0023: probe - fail = -38
[  727.871716][T15185] loop2: detected capacity change from 0 to 7
[  727.884717][T15185] Dev loop2: unable to read RDB block 7
[  727.904674][T15185]  loop2: AHDI p1 p2 p3
[  727.923434][T15185] loop2: partition table partially beyond EOD, truncated
[  727.924805][T13947] nintendo 0003:057E:2019.0023: probe with driver nintendo failed with error -38
[  727.964091][T15185] loop2: p1 start 1601398130 is beyond EOD, truncated
[  727.972781][T13947] usb 1-1: USB disconnect, device number 58
[  728.018820][T15185] loop2: p2 start 1702059890 is beyond EOD, truncated
[  729.051724][T15204] loop9: detected capacity change from 0 to 7
[  729.201070][T15204] buffer_io_error: 14 callbacks suppressed
[  729.201092][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.322500][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.388458][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.396856][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.406967][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.427234][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.446483][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.466828][T15204] ldm_validate_partition_table(): Disk read failed.
[  729.473935][  T106] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  729.518791][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.548401][T15211] veth1_to_bond: entered allmulticast mode
[  729.565396][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.574618][T15204] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.584862][T15211] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2632'.
[  729.598771][T15204] Dev loop9: unable to read RDB block 0
[  729.640719][T15204]  loop9: unable to read partition table
[  729.657018][T15204] loop9: partition table beyond EOD, truncated
[  729.666816][T15204] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  729.666816][T15204] 
) failed (rc=-5)
[  729.668624][  T106] usb 5-1: Using ep0 maxpacket: 32
[  729.729482][  T106] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  729.785469][  T106] usb 5-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.40
[  729.812860][  T106] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.830631][  T106] usb 5-1: Product: syz
[  729.843892][  T106] usb 5-1: Manufacturer: syz
[  729.858577][  T106] usb 5-1: SerialNumber: syz
[  729.945724][  T106] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input48
[  730.410859][T15223] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2635'.
[  730.812482][T15197] pim6reg: entered allmulticast mode
[  730.818026][T15220] pim6reg: left allmulticast mode
[  731.838686][T13947] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  732.258143][T13947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  732.298639][T13947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  732.326680][T13947] usb 1-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00
[  732.332103][ T5183] bcm5974 5-1:1.0: could not read from device
[  732.367999][ T5183] bcm5974 5-1:1.0: could not read from device
[  732.404542][T13947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.405629][ T5183] bcm5974 5-1:1.0: could not read from device
[  732.435132][  T106] usb 5-1: USB disconnect, device number 67
[  732.472855][T13947] usb 1-1: config 0 descriptor??
[  732.669077][T15239] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2638'.
[  732.736007][T15245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  732.750568][T15238] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2639'.
[  732.777554][T15245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.991749][T15211] veth1_to_bond: left allmulticast mode
[  733.028609][  T106] usb 5-1: new full-speed USB device number 68 using dummy_hcd
[  733.052321][T13947] logitech-djreceiver 0003:046D:C532.0024: item fetching failed at offset 5/7
[  733.112679][T13947] logitech-djreceiver 0003:046D:C532.0024: logi_dj_probe: parse failed
[  733.133342][T13947] logitech-djreceiver 0003:046D:C532.0024: probe with driver logitech-djreceiver failed with error -22
[  733.211463][  T106] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  733.226847][  T106] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  733.239262][T13947] usb 1-1: USB disconnect, device number 59
[  733.245332][  T106] usb 5-1: config 0 interface 0 has no altsetting 0
[  733.297230][  T106] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  733.327423][  T106] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.364870][  T106] usb 5-1: config 0 descriptor??
[  733.375645][T15248] loop2: detected capacity change from 0 to 7
[  733.396578][ T5960] Dev loop2: unable to read RDB block 7
[  733.403554][ T5960]  loop2: AHDI p1 p2 p3
[  733.410161][ T5960] loop2: partition table partially beyond EOD, truncated
[  733.424151][ T5960] loop2: p1 start 1601398130 is beyond EOD, truncated
[  733.437692][ T5960] loop2: p2 start 1702059890 is beyond EOD, truncated
[  733.455386][T15248] Dev loop2: unable to read RDB block 7
[  733.463310][T15248]  loop2: AHDI p1 p2 p3
[  733.467785][T15248] loop2: partition table partially beyond EOD, truncated
[  733.476844][T15248] loop2: p1 start 1601398130 is beyond EOD, truncated
[  733.487001][T15248] loop2: p2 start 1702059890 is beyond EOD, truncated
[  733.804742][  T106] hid-steam 0003:28DE:1102.0025: unknown main item tag 0x0
[  733.812647][  T106] hid-steam 0003:28DE:1102.0025: unknown main item tag 0x0
[  733.821570][  T106] hid-steam 0003:28DE:1102.0025: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  733.838919][ T5921] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  733.888633][  T106] hid-steam 0003:28DE:1102.0025: Steam Controller 'XXXXXXXXXX' connected
[  733.915253][  T106] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0025/input/input50
[  733.941218][  T106] hid-steam 0003:28DE:1102.0026: unknown main item tag 0x0
[  733.951060][  T106] hid-steam 0003:28DE:1102.0026: unknown main item tag 0x0
[  733.973292][  T106] hid-steam 0003:28DE:1102.0026: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  733.992021][ T5921] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  734.036154][ T5921] usb 6-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00
[  734.055395][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.081520][ T5921] usb 6-1: config 0 descriptor??
[  734.087227][  T106] usb 5-1: USB disconnect, device number 68
[  734.182854][T15252] fido_id[15252]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  734.213183][  T106] hid-steam 0003:28DE:1102.0025: Steam Controller 'XXXXXXXXXX' disconnected
[  734.298655][ T5971] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  734.321245][ T5921] wacom 0003:056A:5000.0027: item fetching failed at offset 1/5
[  734.340399][ T5921] wacom 0003:056A:5000.0027: parse failed
[  734.346237][ T5921] wacom 0003:056A:5000.0027: probe with driver wacom failed with error -22
[  734.468770][ T5971] usb 1-1: Using ep0 maxpacket: 16
[  734.481751][ T5971] usb 1-1: unable to get BOS descriptor or descriptor too short
[  734.492058][ T5971] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  734.505289][ T5971] usb 1-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  734.519406][ T5921] usb 6-1: USB disconnect, device number 51
[  734.531389][ T5971] usb 1-1: New USB device found, idVendor=0cf3, idProduct=0003, bcdDevice=b2.cc
[  734.549888][ T5971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.608738][ T5971] usb 1-1: Product: syz
[  734.613174][ T5971] usb 1-1: Manufacturer: syz
[  734.617857][ T5971] usb 1-1: SerialNumber: syz
[  734.844151][ T5971] usb 1-1: USB disconnect, device number 60
[  735.231369][T15279] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2652'.
[  735.379213][  T106] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  735.587333][  T106] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  735.600414][  T106] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.620961][  T106] usb 5-1: Product: syz
[  735.627667][  T106] usb 5-1: Manufacturer: syz
[  735.658049][  T106] usb 5-1: SerialNumber: syz
[  736.209667][  T106] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  736.276944][  T106] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  736.280187][   T30] audit: type=1326 audit(1765906715.214:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15280 comm="syz.0.2653" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd539 code=0x0
[  736.310850][T15289] loop2: detected capacity change from 0 to 7
[  736.332039][T15289] Dev loop2: unable to read RDB block 7
[  736.333706][T15291] FAULT_INJECTION: forcing a failure.
[  736.333706][T15291] name failslab, interval 1, probability 0, space 0, times 0
[  736.337696][T15289]  loop2: AHDI p1 p2 p3
[  736.391726][T15289] loop2: partition table partially beyond EOD, truncated
[  736.403502][T15291] CPU: 0 UID: 0 PID: 15291 Comm: syz.5.2656 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  736.403526][T15291] Tainted: [L]=SOFTLOCKUP
[  736.403532][T15291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  736.403542][T15291] Call Trace:
[  736.403549][T15291]  <TASK>
[  736.403556][T15291]  dump_stack_lvl+0x189/0x250
[  736.403580][T15291]  ? __pfx____ratelimit+0x10/0x10
[  736.403608][T15291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.403630][T15291]  ? __pfx__printk+0x10/0x10
[  736.403657][T15291]  ? __pfx___might_resched+0x10/0x10
[  736.403674][T15291]  ? fs_reclaim_acquire+0x7d/0x100
[  736.403694][T15291]  should_fail_ex+0x414/0x560
[  736.403721][T15291]  should_failslab+0xa8/0x100
[  736.403748][T15291]  __kmalloc_noprof+0xdf/0x800
[  736.403762][T15291]  ? __pfx___mutex_trylock_common+0x10/0x10
[  736.403781][T15291]  ? ieee80211_key_alloc+0x52/0x24a0
[  736.403807][T15291]  ieee80211_key_alloc+0x52/0x24a0
[  736.403835][T15291]  ieee80211_add_key+0x347/0xbd0
[  736.403870][T15291]  rdev_add_key+0x134/0x2e0
[  736.403895][T15291]  nl80211_new_key+0x754/0x890
[  736.403920][T15291]  ? __pfx_nl80211_new_key+0x10/0x10
[  736.403951][T15291]  ? nl80211_pre_doit+0x4f1/0x930
[  736.403974][T15291]  genl_family_rcv_msg_doit+0x215/0x300
[  736.403995][T15291]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  736.404019][T15291]  ? bpf_lsm_capable+0x9/0x20
[  736.404038][T15291]  ? security_capable+0x7e/0x2e0
[  736.404060][T15291]  genl_rcv_msg+0x60e/0x790
[  736.404080][T15291]  ? __pfx_genl_rcv_msg+0x10/0x10
[  736.404093][T15291]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  736.404109][T15291]  ? __pfx_nl80211_new_key+0x10/0x10
[  736.404126][T15291]  ? __pfx_nl80211_post_doit+0x10/0x10
[  736.404154][T15291]  netlink_rcv_skb+0x208/0x470
[  736.404175][T15291]  ? __pfx_genl_rcv_msg+0x10/0x10
[  736.404190][T15291]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  736.404223][T15291]  ? down_read+0x274/0x2e0
[  736.404240][T15291]  ? genl_rcv+0xd/0x40
[  736.404265][T15291]  genl_rcv+0x28/0x40
[  736.404291][T15291]  netlink_unicast+0x82f/0x9e0
[  736.404315][T15291]  ? __pfx_netlink_unicast+0x10/0x10
[  736.404334][T15291]  ? netlink_sendmsg+0x642/0xb30
[  736.404353][T15291]  ? skb_put+0x11b/0x210
[  736.404373][T15291]  netlink_sendmsg+0x805/0xb30
[  736.404413][T15291]  ? __pfx_netlink_sendmsg+0x10/0x10
[  736.404435][T15291]  ? __import_iovec+0x5d4/0x7f0
[  736.404452][T15291]  ? aa_sock_msg_perm+0xf1/0x1b0
[  736.404473][T15291]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  736.404487][T15291]  ? __pfx_netlink_sendmsg+0x10/0x10
[  736.404508][T15291]  __sock_sendmsg+0x21c/0x270
[  736.404534][T15291]  ____sys_sendmsg+0x505/0x820
[  736.404556][T15291]  ? __pfx_____sys_sendmsg+0x10/0x10
[  736.404578][T15291]  ? kstrtouint+0x6e/0xe0
[  736.404606][T15291]  ___sys_sendmsg+0x21f/0x2a0
[  736.404626][T15291]  ? __pfx____sys_sendmsg+0x10/0x10
[  736.404649][T15291]  ? rcu_read_lock_any_held+0xb3/0x120
[  736.404690][T15291]  ? __fget_files+0x2a/0x420
[  736.404709][T15291]  ? __fget_files+0x3a0/0x420
[  736.404736][T15291]  __sys_sendmsg+0x164/0x220
[  736.404755][T15291]  ? __pfx___sys_sendmsg+0x10/0x10
[  736.404780][T15291]  ? __pfx_ksys_write+0x10/0x10
[  736.404798][T15291]  ? __do_fast_syscall_32+0xbe/0x590
[  736.404818][T15291]  __do_fast_syscall_32+0x1f7/0x590
[  736.404834][T15291]  ? lockdep_hardirqs_on+0x98/0x140
[  736.404856][T15291]  ? do_fast_syscall_32+0x34/0x80
[  736.404872][T15291]  ? asm_int80_emulation+0x1a/0x20
[  736.404886][T15291]  ? do_int80_emulation+0x221/0x430
[  736.404906][T15291]  do_fast_syscall_32+0x34/0x80
[  736.404924][T15291]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  736.404942][T15291] RIP: 0023:0xf6ffd539
[  736.404955][T15291] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  736.404968][T15291] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  736.404984][T15291] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800006c0
[  736.404995][T15291] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  736.405005][T15291] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  736.405014][T15291] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  736.405023][T15291] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  736.405046][T15291]  </TASK>
[  736.407188][T15289] loop2: p1 start 1601398130 is beyond EOD, truncated
[  736.938848][T15289] loop2: p2 start 1702059890 is beyond EOD, truncated
[  737.179478][ T5961] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  737.222304][T15298] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2658'.
[  737.378689][ T5961] usb 6-1: Using ep0 maxpacket: 32
[  737.395923][ T5961] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  737.414361][ T5961] usb 6-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.40
[  737.429110][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.437843][ T5961] usb 6-1: Product: syz
[  737.448783][ T5961] usb 6-1: Manufacturer: syz
[  737.454913][ T5961] usb 6-1: SerialNumber: syz
[  737.611142][ T5961] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input51
[  737.812272][T15294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  737.827357][T15294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.040460][ T5183] bcm5974 6-1:1.0: could not read from device
[  738.167441][ T5961] usb 6-1: USB disconnect, device number 52
[  738.174282][ T5183] bcm5974 6-1:1.0: could not read from device
[  738.245684][  T106] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  738.280414][  T106] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  738.320558][  T106] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  738.474994][T15319] FAULT_INJECTION: forcing a failure.
[  738.474994][T15319] name failslab, interval 1, probability 0, space 0, times 0
[  738.491630][T15319] CPU: 0 UID: 0 PID: 15319 Comm: syz.6.2663 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  738.491664][T15319] Tainted: [L]=SOFTLOCKUP
[  738.491682][T15319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  738.491696][T15319] Call Trace:
[  738.491705][T15319]  <TASK>
[  738.491714][T15319]  dump_stack_lvl+0x189/0x250
[  738.491747][T15319]  ? __pfx____ratelimit+0x10/0x10
[  738.491784][T15319]  ? __pfx_dump_stack_lvl+0x10/0x10
[  738.491811][T15319]  ? __pfx__printk+0x10/0x10
[  738.491850][T15319]  ? __pfx___might_resched+0x10/0x10
[  738.491880][T15319]  should_fail_ex+0x414/0x560
[  738.491920][T15319]  should_failslab+0xa8/0x100
[  738.491949][T15319]  __kmalloc_cache_node_noprof+0x88/0x700
[  738.491974][T15319]  ? __alloc_workqueue+0x6ac/0x1b80
[  738.492010][T15319]  __alloc_workqueue+0x6ac/0x1b80
[  738.492057][T15319]  alloc_workqueue_noprof+0xd4/0x210
[  738.492089][T15319]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  738.492128][T15319]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  738.492157][T15319]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  738.492205][T15319]  nci_register_device+0x220/0x9d0
[  738.492241][T15319]  ? __pfx_nci_register_device+0x10/0x10
[  738.492272][T15319]  ? __raw_spin_lock_init+0x45/0x100
[  738.492305][T15319]  ? __init_waitqueue_head+0xa9/0x150
[  738.492341][T15319]  virtual_ncidev_open+0x129/0x1a0
[  738.492370][T15319]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  738.492393][T15319]  misc_open+0x2d5/0x350
[  738.492425][T15319]  chrdev_open+0x4cc/0x5e0
[  738.492454][T15319]  ? __pfx_chrdev_open+0x10/0x10
[  738.492479][T15319]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  738.492517][T15319]  ? __pfx_chrdev_open+0x10/0x10
[  738.492540][T15319]  do_dentry_open+0x7ce/0x1420
[  738.492584][T15319]  vfs_open+0x3b/0x340
[  738.492610][T15319]  ? path_openat+0x33f3/0x3dd0
[  738.492633][T15319]  path_openat+0x340e/0x3dd0
[  738.492667][T15319]  ? __pfx_stack_trace_save+0x10/0x10
[  738.492713][T15319]  ? stack_depot_save_flags+0x40/0x850
[  738.492757][T15319]  ? kmem_cache_alloc_noprof+0x37d/0x710
[  738.492789][T15319]  ? getname_flags+0xb8/0x540
[  738.492817][T15319]  ? __pfx_path_openat+0x10/0x10
[  738.492839][T15319]  ? __lock_acquire+0x6b6/0x2cf0
[  738.492879][T15319]  do_filp_open+0x1fa/0x410
[  738.492903][T15319]  ? __pfx_do_filp_open+0x10/0x10
[  738.492946][T15319]  ? _raw_spin_unlock+0x28/0x50
[  738.492978][T15319]  ? alloc_fd+0x64c/0x6c0
[  738.493016][T15319]  do_sys_openat2+0x121/0x200
[  738.493050][T15319]  ? __pfx_do_sys_openat2+0x10/0x10
[  738.493084][T15319]  ? ksys_write+0x22a/0x250
[  738.493104][T15319]  ? exc_page_fault+0x82/0x100
[  738.493127][T15319]  ? __pfx_ksys_write+0x10/0x10
[  738.493151][T15319]  __ia32_compat_sys_openat+0x131/0x160
[  738.493189][T15319]  __do_fast_syscall_32+0x1f7/0x590
[  738.493217][T15319]  ? rcu_is_watching+0x15/0xb0
[  738.493242][T15319]  ? do_fast_syscall_32+0x34/0x80
[  738.493271][T15319]  do_fast_syscall_32+0x34/0x80
[  738.493295][T15319]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  738.493322][T15319] RIP: 0023:0xf7f34539
[  738.493341][T15319] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  738.493362][T15319] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000127
[  738.493384][T15319] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080
[  738.493399][T15319] RDX: 0000000000005400 RSI: 0000000000000000 RDI: 0000000000000000
[  738.493413][T15319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  738.493425][T15319] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  738.493438][T15319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  738.493469][T15319]  </TASK>
[  739.015743][  T106] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  739.071758][  T106] usb 5-1: USB disconnect, device number 69
[  739.552280][  T106] usb 5-1: new full-speed USB device number 70 using dummy_hcd
[  739.786047][  T106] usb 5-1: config 4 has an invalid interface number: 247 but max is 0
[  739.817815][  T106] usb 5-1: config 4 has no interface number 0
[  739.870486][  T106] usb 5-1: config 4 interface 247 altsetting 119 has an invalid endpoint descriptor of length 5, skipping
[  739.895112][  T106] usb 5-1: config 4 interface 247 altsetting 119 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  739.912171][  T106] usb 5-1: config 4 interface 247 has no altsetting 0
[  739.933256][  T106] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=69.5d
[  740.012279][  T106] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.022452][  T106] usb 5-1: Product: syz
[  740.028137][  T106] usb 5-1: Manufacturer: syz
[  740.034635][  T106] usb 5-1: SerialNumber: syz
[  740.053963][T15327] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  740.090159][  T106] comedi comedi5: Wrong number of endpoints
[  740.109092][  T106] ni6501 5-1:4.247: driver 'ni6501' failed to auto-configure device.
[  740.303295][  T106] usb 5-1: USB disconnect, device number 70
[  741.025183][T15352] fuse: Unknown parameter 'æÞü0x0000000000000004'
[  741.237701][T15356] loop2: detected capacity change from 0 to 7
[  741.265379][T15356] Dev loop2: unable to read RDB block 7
[  741.274888][T15356]  loop2: AHDI p1 p2 p3
[  741.324922][T15356] loop2: partition table partially beyond EOD, truncated
[  741.364745][T15356] loop2: p1 start 1601398130 is beyond EOD, truncated
[  741.410284][T15356] loop2: p2 start 1702059890 is beyond EOD, truncated
[  741.709457][ T5971] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  741.921205][ T5971] usb 1-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  741.950251][ T5971] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  741.985069][ T5971] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  742.008767][ T5971] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  742.035806][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.055998][T15358] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  742.271171][T15365] FAULT_INJECTION: forcing a failure.
[  742.271171][T15365] name failslab, interval 1, probability 0, space 0, times 0
[  742.292761][T15365] CPU: 0 UID: 0 PID: 15365 Comm: syz.4.2676 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  742.292798][T15365] Tainted: [L]=SOFTLOCKUP
[  742.292807][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  742.292821][T15365] Call Trace:
[  742.292830][T15365]  <TASK>
[  742.292840][T15365]  dump_stack_lvl+0x189/0x250
[  742.292873][T15365]  ? __pfx____ratelimit+0x10/0x10
[  742.292908][T15365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.292936][T15365]  ? __pfx__printk+0x10/0x10
[  742.292975][T15365]  ? __pfx___might_resched+0x10/0x10
[  742.293005][T15365]  should_fail_ex+0x414/0x560
[  742.293045][T15365]  should_failslab+0xa8/0x100
[  742.293074][T15365]  kmem_cache_alloc_noprof+0x88/0x710
[  742.293116][T15365]  ? __percpu_counter_compare+0xae/0x2e0
[  742.293147][T15365]  ? ep_insert+0x272/0x19e0
[  742.293181][T15365]  ep_insert+0x272/0x19e0
[  742.293228][T15365]  ? __pfx_ep_insert+0x10/0x10
[  742.293257][T15365]  ? __pfx___mutex_lock+0x10/0x10
[  742.293281][T15365]  ? __fget_files+0x2a/0x420
[  742.293314][T15365]  ? __fget_files+0x2a/0x420
[  742.293341][T15365]  ? __fget_files+0x3a0/0x420
[  742.293367][T15365]  ? __fget_files+0x2a/0x420
[  742.293405][T15365]  do_epoll_ctl+0x7f4/0xe80
[  742.293444][T15365]  __ia32_sys_epoll_ctl+0x15d/0x1a0
[  742.293475][T15365]  ? exc_page_fault+0x82/0x100
[  742.293498][T15365]  ? __pfx___ia32_sys_epoll_ctl+0x10/0x10
[  742.293534][T15365]  ? __do_fast_syscall_32+0xbe/0x590
[  742.293563][T15365]  __do_fast_syscall_32+0x1f7/0x590
[  742.293589][T15365]  ? rcu_is_watching+0x15/0xb0
[  742.293615][T15365]  ? do_fast_syscall_32+0x34/0x80
[  742.293646][T15365]  do_fast_syscall_32+0x34/0x80
[  742.293671][T15365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  742.293698][T15365] RIP: 0023:0xf70bd539
[  742.293717][T15365] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  742.293737][T15365] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 00000000000000ff
[  742.293761][T15365] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  742.293777][T15365] RDX: 0000000000000003 RSI: 0000000080000100 RDI: 0000000000000000
[  742.293790][T15365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  742.293803][T15365] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  742.293817][T15365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  742.293852][T15365]  </TASK>
[  742.871106][T15377] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2680'.
[  743.076001][ T5971] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  743.089832][ T5971] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input52
[  743.106779][T15386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.118972][ T5921] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  743.123071][T15386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.199161][ T5971] usb 1-1: USB disconnect, device number 61
[  743.205161][    C1] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  743.220332][T15386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.269522][T15386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.302207][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  743.319194][ T5921] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  743.341386][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.354249][ T5921] usb 5-1: config 0 descriptor??
[  743.678392][ T5921] usbhid 5-1:0.0: can't add hid device: -71
[  743.721004][ T5921] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  743.737289][ T5921] usb 5-1: USB disconnect, device number 71
[  744.078603][ T5921] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  744.495094][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  744.519906][ T5921] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  744.533501][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.555364][ T5921] usb 5-1: config 0 descriptor??
[  744.572545][ T5921] hub 5-1:0.0: USB hub found
[  744.627166][T15406] loop2: detected capacity change from 0 to 7
[  744.651386][T15406] Dev loop2: unable to read RDB block 7
[  744.667111][T15406]  loop2: AHDI p1 p2 p3
[  744.679462][T15406] loop2: partition table partially beyond EOD, truncated
[  744.704320][T15406] loop2: p1 start 1601398130 is beyond EOD, truncated
[  744.718743][T15406] loop2: p2 start 1702059890 is beyond EOD, truncated
[  744.869403][ T5921] hub 5-1:0.0: 1 port detected
[  744.912000][ T5921] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  744.928215][ T5921] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  744.976593][ T5921] usbhid 5-1:0.0: can't add hid device: -71
[  744.994629][ T5921] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  745.060838][ T5921] usb 5-1: USB disconnect, device number 72
[  745.291991][T15416] netlink: 'syz.4.2689': attribute type 10 has an invalid length.
[  745.522662][T15408] delete_channel: no stack
[  745.609341][ T5921] usb 5-1: new low-speed USB device number 73 using dummy_hcd
[  745.886875][ T5921] usb 5-1: unable to get BOS descriptor or descriptor too short
[  745.903880][ T5921] usb 5-1: config 9 has an invalid interface number: 81 but max is 0
[  745.979058][T15424] fuse: Unknown parameter 'æÞü0x0000000000000004'
[  746.498979][ T5921] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  746.682762][ T5921] usb 5-1: config 9 has no interface number 0
[  746.706200][ T5921] usb 5-1: config 9 interface 81 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  746.738067][ T5921] usb 5-1: string descriptor 0 read error: -22
[  746.800709][ T5921] usb 5-1: New USB device found, idVendor=05ac, idProduct=2245, bcdDevice=1b.cd
[  746.876002][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.349102][T15434] usb usb8: usbfs: process 15434 (syz.5.2692) did not claim interface 0 before use
[  747.466618][ T5921] usb 5-1: bad CDC descriptors
[  748.344771][T15437] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2693'.
[  748.468105][T15434] syz.5.2692 (15434): drop_caches: 2
[  749.156366][ T5961] usb 5-1: USB disconnect, device number 73
[  751.342743][T15476] dlm: no locking on control device
[  752.604294][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  752.612572][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  753.202436][T15493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.226053][T15493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.601810][  T106] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  755.343597][T15535] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2721'.
[  756.569913][T15552] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2727'.
[  756.590121][T15552] FAULT_INJECTION: forcing a failure.
[  756.590121][T15552] name failslab, interval 1, probability 0, space 0, times 0
[  756.668782][T15552] CPU: 1 UID: 0 PID: 15552 Comm: syz.4.2727 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  756.668816][T15552] Tainted: [L]=SOFTLOCKUP
[  756.668822][T15552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  756.668832][T15552] Call Trace:
[  756.668838][T15552]  <TASK>
[  756.668845][T15552]  dump_stack_lvl+0x189/0x250
[  756.668868][T15552]  ? __pfx____ratelimit+0x10/0x10
[  756.668893][T15552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.668911][T15552]  ? __pfx__printk+0x10/0x10
[  756.668938][T15552]  ? __pfx___might_resched+0x10/0x10
[  756.668954][T15552]  ? fs_reclaim_acquire+0x7d/0x100
[  756.668974][T15552]  should_fail_ex+0x414/0x560
[  756.669001][T15552]  should_failslab+0xa8/0x100
[  756.669021][T15552]  __kmalloc_cache_noprof+0x84/0x700
[  756.669036][T15552]  ? kvfree_call_rcu+0x3df/0x480
[  756.669060][T15552]  ? ovs_ct_limit_cmd_set+0x2f7/0xb00
[  756.669082][T15552]  ovs_ct_limit_cmd_set+0x2f7/0xb00
[  756.669120][T15552]  genl_family_rcv_msg_doit+0x215/0x300
[  756.669141][T15552]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  756.669165][T15552]  ? bpf_lsm_capable+0x9/0x20
[  756.669184][T15552]  ? security_capable+0x7e/0x2e0
[  756.669207][T15552]  genl_rcv_msg+0x60e/0x790
[  756.669226][T15552]  ? __pfx_genl_rcv_msg+0x10/0x10
[  756.669240][T15552]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  756.669270][T15552]  netlink_rcv_skb+0x208/0x470
[  756.669291][T15552]  ? __pfx_genl_rcv_msg+0x10/0x10
[  756.669306][T15552]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  756.669339][T15552]  ? down_read+0x274/0x2e0
[  756.669357][T15552]  ? genl_rcv+0xd/0x40
[  756.669383][T15552]  genl_rcv+0x28/0x40
[  756.669405][T15552]  netlink_unicast+0x82f/0x9e0
[  756.669429][T15552]  ? __pfx_netlink_unicast+0x10/0x10
[  756.669448][T15552]  ? netlink_sendmsg+0x642/0xb30
[  756.669467][T15552]  ? skb_put+0x11b/0x210
[  756.669489][T15552]  netlink_sendmsg+0x805/0xb30
[  756.669516][T15552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.669538][T15552]  ? __import_iovec+0x5d4/0x7f0
[  756.669555][T15552]  ? aa_sock_msg_perm+0xf1/0x1b0
[  756.669576][T15552]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  756.669591][T15552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.669612][T15552]  __sock_sendmsg+0x21c/0x270
[  756.669638][T15552]  ____sys_sendmsg+0x505/0x820
[  756.669661][T15552]  ? __pfx_____sys_sendmsg+0x10/0x10
[  756.669684][T15552]  ? kstrtouint+0x6e/0xe0
[  756.669712][T15552]  ___sys_sendmsg+0x21f/0x2a0
[  756.669737][T15552]  ? __pfx____sys_sendmsg+0x10/0x10
[  756.669761][T15552]  ? rcu_read_lock_any_held+0xb3/0x120
[  756.669801][T15552]  ? __fget_files+0x2a/0x420
[  756.669823][T15552]  ? __fget_files+0x3a0/0x420
[  756.669851][T15552]  __sys_sendmsg+0x164/0x220
[  756.669871][T15552]  ? __pfx___sys_sendmsg+0x10/0x10
[  756.669897][T15552]  ? __pfx_ksys_write+0x10/0x10
[  756.669915][T15552]  ? __do_fast_syscall_32+0xbe/0x590
[  756.669936][T15552]  __do_fast_syscall_32+0x1f7/0x590
[  756.669954][T15552]  ? rcu_is_watching+0x15/0xb0
[  756.669972][T15552]  ? do_fast_syscall_32+0x34/0x80
[  756.669993][T15552]  do_fast_syscall_32+0x34/0x80
[  756.670010][T15552]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  756.670035][T15552] RIP: 0023:0xf70bd539
[  756.670055][T15552] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  756.670075][T15552] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  756.670097][T15552] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[  756.670120][T15552] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[  756.670134][T15552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  756.670147][T15552] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  756.670156][T15552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  756.670180][T15552]  </TASK>
[  757.634660][T15552] netlink: 'syz.4.2727': attribute type 2 has an invalid length.
[  757.698615][ T5971] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  757.866582][ T5971] usb 7-1: device descriptor read/64, error -71
[  757.964346][  T106] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  758.128826][ T5971] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  758.149313][  T106] usb 5-1: Using ep0 maxpacket: 16
[  758.157583][  T106] usb 5-1: unable to get BOS descriptor or descriptor too short
[  758.176511][  T106] usb 5-1: config 2 has an invalid interface number: 251 but max is 0
[  758.192577][  T106] usb 5-1: config 2 has no interface number 0
[  758.239447][  T106] usb 5-1: config 2 interface 251 altsetting 156 bulk endpoint 0xA has invalid maxpacket 8
[  758.258746][  T106] usb 5-1: config 2 interface 251 altsetting 156 endpoint 0x3 has an invalid bInterval 241, changing to 7
[  758.274641][  T106] usb 5-1: config 2 interface 251 has no altsetting 0
[  758.288139][  T106] usb 5-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=ea.ae
[  758.298620][ T5971] usb 7-1: device descriptor read/64, error -71
[  758.299012][  T106] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.313200][  T106] usb 5-1: Product: syz
[  758.317968][  T106] usb 5-1: Manufacturer: syz
[  758.325656][  T106] usb 5-1: SerialNumber: syz
[  758.336906][T15552] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  758.409101][ T5971] usb usb7-port1: attempt power cycle
[  758.557106][  T106] redrat3 5-1:2.251: Couldn't find all endpoints
[  758.592597][  T106] usb 5-1: USB disconnect, device number 75
[  758.748621][ T5971] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  758.769673][ T5971] usb 7-1: device descriptor read/8, error -71
[  759.009465][ T5971] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[  759.039926][ T5971] usb 7-1: device descriptor read/8, error -71
[  759.048615][ T5921] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  759.159062][ T5971] usb usb7-port1: unable to enumerate USB device
[  759.188664][ T5921] usb 1-1: device descriptor read/64, error -71
[  759.439052][ T5921] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  759.590852][ T5921] usb 1-1: device descriptor read/64, error -71
[  759.710440][ T5921] usb usb1-port1: attempt power cycle
[  759.973531][T15594] FAULT_INJECTION: forcing a failure.
[  759.973531][T15594] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  759.986859][T15594] CPU: 1 UID: 0 PID: 15594 Comm: syz.2.2738 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  759.986889][T15594] Tainted: [L]=SOFTLOCKUP
[  759.986895][T15594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  759.986905][T15594] Call Trace:
[  759.986912][T15594]  <TASK>
[  759.986919][T15594]  dump_stack_lvl+0x189/0x250
[  759.986943][T15594]  ? __pfx____ratelimit+0x10/0x10
[  759.986967][T15594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  759.986986][T15594]  ? __pfx__printk+0x10/0x10
[  759.987017][T15594]  should_fail_ex+0x414/0x560
[  759.987045][T15594]  _copy_to_user+0x31/0xb0
[  759.987065][T15594]  simple_read_from_buffer+0xe1/0x170
[  759.987095][T15594]  proc_fail_nth_read+0x1b3/0x220
[  759.987114][T15594]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  759.987132][T15594]  ? rw_verify_area+0x2a6/0x4d0
[  759.987157][T15594]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  759.987174][T15594]  vfs_read+0x200/0xa30
[  759.987188][T15594]  ? fdget_pos+0x247/0x320
[  759.987211][T15594]  ? __pfx___mutex_lock+0x10/0x10
[  759.987228][T15594]  ? __pfx_vfs_read+0x10/0x10
[  759.987244][T15594]  ? __fget_files+0x2a/0x420
[  759.987267][T15594]  ? __fget_files+0x3a0/0x420
[  759.987285][T15594]  ? __fget_files+0x2a/0x420
[  759.987311][T15594]  ksys_read+0x145/0x250
[  759.987325][T15594]  ? exc_page_fault+0x82/0x100
[  759.987341][T15594]  ? __pfx_ksys_read+0x10/0x10
[  759.987358][T15594]  ? __do_fast_syscall_32+0xbe/0x590
[  759.987378][T15594]  __do_fast_syscall_32+0x1f7/0x590
[  759.987396][T15594]  ? rcu_is_watching+0x15/0xb0
[  759.987415][T15594]  ? do_fast_syscall_32+0x34/0x80
[  759.987436][T15594]  do_fast_syscall_32+0x34/0x80
[  759.987453][T15594]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  759.987471][T15594] RIP: 0023:0xf70ed539
[  759.987485][T15594] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  759.987498][T15594] RSP: 002b:00000000f54dd590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  759.987514][T15594] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54dd620
[  759.987525][T15594] RDX: 000000000000000f RSI: 00000000f7486ff4 RDI: 0000000000000000
[  759.987534][T15594] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  759.987543][T15594] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  759.987552][T15594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  759.987574][T15594]  </TASK>
[  760.288584][ T5921] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  760.301145][T15598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  760.319180][ T5921] usb 1-1: device descriptor read/8, error -71
[  760.330937][T15598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  760.353368][T15598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  760.366988][T15598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  760.399286][T15598] kAFS: unable to lookup cell '/,'
[  760.420391][T15598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  760.476347][T15598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  760.562699][ T5921] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  760.589681][ T5921] usb 1-1: device descriptor read/8, error -71
[  760.730407][ T5921] usb usb1-port1: unable to enumerate USB device
[  760.929175][ T5921] usb 6-1: new full-speed USB device number 53 using dummy_hcd
[  760.969731][T15608] loop2: detected capacity change from 0 to 7
[  760.979900][T15608] Dev loop2: unable to read RDB block 7
[  760.985514][T15608]  loop2: AHDI p1 p2 p3
[  760.995723][T15608] loop2: partition table partially beyond EOD, truncated
[  761.033098][T15608] loop2: p1 start 1601398130 is beyond EOD, truncated
[  761.049202][T15608] loop2: p2 start 1702059890 is beyond EOD, truncated
[  761.102464][ T5921] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  761.113965][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.134411][ T5921] usb 6-1: Product: syz
[  761.148724][ T5921] usb 6-1: Manufacturer: syz
[  761.153374][ T5921] usb 6-1: SerialNumber: syz
[  761.179883][ T5921] usb 6-1: config 0 descriptor??
[  761.397063][ T5921] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  761.708349][T15616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.723780][T15616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  762.737928][ T5921] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  762.753560][ T5921] usb 6-1: USB disconnect, device number 53
[  762.849019][ T5892] udevd[5892]: setting owner of /dev/bus/usb/006/053 to uid=0, gid=0 failed: No such file or directory
[  763.362026][T15649] loop2: detected capacity change from 0 to 7
[  763.370647][ T5960] Dev loop2: unable to read RDB block 7
[  763.376413][ T5960]  loop2: AHDI p1 p2 p3
[  763.381448][ T5960] loop2: partition table partially beyond EOD, truncated
[  763.389648][ T5960] loop2: p1 start 1601398130 is beyond EOD, truncated
[  763.397788][ T5960] loop2: p2 start 1702059890 is beyond EOD, truncated
[  763.412594][T15649] Dev loop2: unable to read RDB block 7
[  763.420693][T15649]  loop2: AHDI p1 p2 p3
[  763.431643][T15649] loop2: partition table partially beyond EOD, truncated
[  763.443762][T15649] loop2: p1 start 1601398130 is beyond EOD, truncated
[  763.451314][T15649] loop2: p2 start 1702059890 is beyond EOD, truncated
[  764.598644][  T106] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[  764.898678][  T106] usb 7-1: Using ep0 maxpacket: 8
[  764.962233][  T106] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  765.038578][  T106] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.124859][  T106] pvrusb2: Hardware description: Terratec Grabster AV400
[  765.142266][  T106] pvrusb2: **********
[  765.162530][  T106] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  765.204233][  T106] pvrusb2: Important functionality might not be entirely working.
[  765.238989][T15685] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2763'.
[  765.244349][  T106] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  765.275165][  T106] pvrusb2: **********
[  765.340559][ T2344] pvrusb2: Invalid write control endpoint
[  765.574732][T15675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.590315][T15675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  765.645043][ T2344] pvrusb2: Invalid write control endpoint
[  765.676744][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  765.704373][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  765.723531][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  765.744868][ T2344] pvrusb2: Device being rendered inoperable
[  765.763812][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  765.788761][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  765.811369][ T2344] pvrusb2: Attached sub-driver cx25840
[  765.830903][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  765.879449][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  766.077885][T15696] bond0: entered promiscuous mode
[  766.089250][T15696] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  766.131096][T15696] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode
[  766.156560][T15696] bond0: left promiscuous mode
[  766.182620][T15696] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  766.225787][T15696] mac80211_hwsim hwsim10 wlan1: left promiscuous mode
[  766.302710][ T5921] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  766.481167][ T5921] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  766.493708][ T5921] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  766.519409][ T5921] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  766.557919][ T5921] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  766.649540][ T5921] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  766.674203][ T5921] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  766.711747][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  766.730572][ T5921] usb 6-1: Product: syz
[  766.735740][ T5921] usb 6-1: Manufacturer: syz
[  766.757265][ T5921] cdc_wdm 6-1:1.0: skipping garbage
[  766.768703][ T5921] cdc_wdm 6-1:1.0: skipping garbage
[  766.781203][ T5921] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  766.788280][ T5921] cdc_wdm 6-1:1.0: Unknown control protocol
[  767.046839][T15695] bridge4: entered promiscuous mode
[  767.070648][T15695] bridge4: entered allmulticast mode
[  767.103312][T15695] netlink: 'syz.5.2767': attribute type 2 has an invalid length.
[  767.114957][T15706] loop2: detected capacity change from 0 to 7
[  767.126830][T15706] Dev loop2: unable to read RDB block 7
[  767.133396][T15706]  loop2: AHDI p1 p2 p3
[  767.137884][T15695] netlink: 119 bytes leftover after parsing attributes in process `syz.5.2767'.
[  767.157361][T15706] loop2: partition table partially beyond EOD, truncated
[  767.189327][T15706] loop2: p1 start 1601398130 is beyond EOD, truncated
[  767.196740][T15706] loop2: p2 start 1702059890 is beyond EOD, truncated
[  767.293349][ T5921] usb 6-1: USB disconnect, device number 54
[  767.299063][  T106] usb 7-1: USB disconnect, device number 50
[  767.410814][T15708] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2772'.
[  767.532807][T15710] FAULT_INJECTION: forcing a failure.
[  767.532807][T15710] name failslab, interval 1, probability 0, space 0, times 0
[  767.559393][T15710] CPU: 0 UID: 0 PID: 15710 Comm: syz.4.2770 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  767.559428][T15710] Tainted: [L]=SOFTLOCKUP
[  767.559436][T15710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  767.559454][T15710] Call Trace:
[  767.559464][T15710]  <TASK>
[  767.559474][T15710]  dump_stack_lvl+0x189/0x250
[  767.559509][T15710]  ? __pfx____ratelimit+0x10/0x10
[  767.559542][T15710]  ? __pfx_dump_stack_lvl+0x10/0x10
[  767.559567][T15710]  ? __pfx__printk+0x10/0x10
[  767.559592][T15710]  ? __pfx___might_resched+0x10/0x10
[  767.559621][T15710]  ? fs_reclaim_acquire+0x7d/0x100
[  767.559642][T15710]  should_fail_ex+0x414/0x560
[  767.559670][T15710]  should_failslab+0xa8/0x100
[  767.559690][T15710]  __kmalloc_cache_noprof+0x84/0x700
[  767.559707][T15710]  ? nfnetlink_rcv+0xf97/0x2590
[  767.559728][T15710]  nfnetlink_rcv+0xf97/0x2590
[  767.559771][T15710]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  767.559787][T15710]  ? kasan_save_track+0x4f/0x80
[  767.559839][T15710]  ? netlink_deliver_tap+0x2e/0x1b0
[  767.559872][T15710]  netlink_unicast+0x82f/0x9e0
[  767.559896][T15710]  ? __pfx_netlink_unicast+0x10/0x10
[  767.559914][T15710]  ? netlink_sendmsg+0x642/0xb30
[  767.559933][T15710]  ? skb_put+0x11b/0x210
[  767.559953][T15710]  netlink_sendmsg+0x805/0xb30
[  767.559980][T15710]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.560002][T15710]  ? __import_iovec+0x5d4/0x7f0
[  767.560019][T15710]  ? aa_sock_msg_perm+0xf1/0x1b0
[  767.560043][T15710]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  767.560057][T15710]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.560078][T15710]  __sock_sendmsg+0x21c/0x270
[  767.560104][T15710]  ____sys_sendmsg+0x505/0x820
[  767.560127][T15710]  ? __pfx_____sys_sendmsg+0x10/0x10
[  767.560149][T15710]  ? kstrtouint+0x6e/0xe0
[  767.560178][T15710]  ___sys_sendmsg+0x21f/0x2a0
[  767.560198][T15710]  ? __pfx____sys_sendmsg+0x10/0x10
[  767.560222][T15710]  ? rcu_read_lock_any_held+0xb3/0x120
[  767.560263][T15710]  ? __fget_files+0x2a/0x420
[  767.560282][T15710]  ? __fget_files+0x3a0/0x420
[  767.560310][T15710]  __sys_sendmsg+0x164/0x220
[  767.560330][T15710]  ? __pfx___sys_sendmsg+0x10/0x10
[  767.560361][T15710]  ? __pfx_ksys_write+0x10/0x10
[  767.560379][T15710]  ? __do_fast_syscall_32+0xbe/0x590
[  767.560400][T15710]  __do_fast_syscall_32+0x1f7/0x590
[  767.560418][T15710]  ? rcu_is_watching+0x15/0xb0
[  767.560436][T15710]  ? do_fast_syscall_32+0x34/0x80
[  767.560457][T15710]  do_fast_syscall_32+0x34/0x80
[  767.560474][T15710]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  767.560493][T15710] RIP: 0023:0xf70bd539
[  767.560507][T15710] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  767.560521][T15710] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  767.560538][T15710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840
[  767.560549][T15710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  767.560558][T15710] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  767.560567][T15710] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  767.560576][T15710] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  767.560599][T15710]  </TASK>
[  768.170912][ T5921] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[  768.427825][ T5921] usb 7-1: Using ep0 maxpacket: 16
[  768.459586][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  768.501841][ T5921] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  768.542236][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.659811][ T5921] usb 7-1: config 0 descriptor??
[  769.105950][ T5921] mcp2221 0003:04D8:00DD.0028: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  769.436911][ T5921] usb 7-1: USB disconnect, device number 51
[  770.867343][T15764] loop2: detected capacity change from 0 to 7
[  770.889863][T15764] Dev loop2: unable to read RDB block 7
[  770.890008][T15767] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2790'.
[  770.902453][T15764]  loop2: unable to read partition table
[  770.932359][T15764] loop2: partition table beyond EOD, truncated
[  770.957127][T15764] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  771.004174][T15773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2787'.
[  771.015458][T15773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2787'.
[  771.107880][T15768] bond_slave_0: left promiscuous mode
[  771.123235][T15768] bond_slave_1: left promiscuous mode
[  786.802944][ T8332] delete_channel: no stack
[  786.815952][ T5921] usb 3-1: USB disconnect, device number 33
[  786.833642][ T5921] usblp0: removed
[  787.034973][T12667] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  787.046749][T12667] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  787.060343][T12667] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  787.071886][T12667] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  787.082451][T12667] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  787.300214][ T5827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  787.312379][ T5827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  787.321545][ T5827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  787.331126][ T5827] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  787.341224][ T5827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  787.434185][ T5827] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  787.444728][ T5827] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  787.454799][ T5827] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  787.467566][ T5827] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  787.476615][ T5827] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  789.158810][T12667] Bluetooth: hci5: command tx timeout
[  789.398940][T12667] Bluetooth: hci6: command tx timeout
[  789.558838][T12667] Bluetooth: hci7: command tx timeout
[  791.239901][T12667] Bluetooth: hci5: command tx timeout
[  791.488625][T12667] Bluetooth: hci6: command tx timeout
[  791.638654][T12667] Bluetooth: hci7: command tx timeout
[  793.318631][T12667] Bluetooth: hci5: command tx timeout
[  793.570115][T12667] Bluetooth: hci6: command tx timeout
[  793.718764][T12667] Bluetooth: hci7: command tx timeout
[  795.398596][T12667] Bluetooth: hci5: command tx timeout
[  795.638594][T12667] Bluetooth: hci6: command tx timeout
[  795.798606][T12667] Bluetooth: hci7: command tx timeout
[  802.806127][ T5827] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  802.818317][ T5827] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  802.826911][ T5827] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  802.837361][ T5827] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  802.866184][ T5827] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  803.263805][ T5827] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  803.276048][ T5827] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  803.285560][ T5827] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  803.294022][ T5827] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  803.304428][ T5827] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  804.918673][ T5827] Bluetooth: hci8: command tx timeout
[  805.398971][ T5827] Bluetooth: hci9: command tx timeout
[  806.999101][ T5827] Bluetooth: hci8: command tx timeout
[  807.479090][ T5827] Bluetooth: hci9: command tx timeout
[  809.078680][ T5827] Bluetooth: hci8: command tx timeout
[  809.558980][ T5827] Bluetooth: hci9: command tx timeout
[  811.158671][ T5827] Bluetooth: hci8: command tx timeout
[  811.638851][ T5827] Bluetooth: hci9: command tx timeout
[  814.043021][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  814.050244][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  847.762010][T12667] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  847.772984][T12667] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  847.781616][T12667] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  847.794281][T12667] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  847.802893][T12667] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  847.931425][T12667] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  847.939011][ T5834] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  847.952386][ T5834] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  847.953311][T12667] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  847.960603][ T5834] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  847.975385][T12667] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  847.976374][ T5834] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  847.991293][ T5834] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  847.998793][T12667] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  848.010537][T12667] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  849.879567][T12667] Bluetooth: hci10: command tx timeout
[  850.038695][T12667] Bluetooth: hci12: command tx timeout
[  850.045610][ T5827] Bluetooth: hci11: command tx timeout
[  851.958607][ T5827] Bluetooth: hci10: command tx timeout
[  852.118739][ T5827] Bluetooth: hci11: command tx timeout
[  852.118750][T12667] Bluetooth: hci12: command tx timeout
[  854.038706][ T5827] Bluetooth: hci10: command tx timeout
[  854.198656][T12667] Bluetooth: hci12: command tx timeout
[  854.198961][ T5827] Bluetooth: hci11: command tx timeout
[  856.118682][ T5827] Bluetooth: hci10: command tx timeout
[  856.278733][T12667] Bluetooth: hci12: command tx timeout
[  856.284279][ T5827] Bluetooth: hci11: command tx timeout
[  862.725747][T12667] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  862.737039][T12667] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  862.746504][T12667] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  862.756818][T12667] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  862.766928][T12667] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  863.721834][T12667] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  863.732715][T12667] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  863.741423][T12667] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  863.751747][T12667] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  863.760725][T12667] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  864.838651][T12667] Bluetooth: hci13: command tx timeout
[  865.798757][T12667] Bluetooth: hci14: command tx timeout
[  866.918634][T12667] Bluetooth: hci13: command tx timeout
[  867.878559][T12667] Bluetooth: hci14: command tx timeout
[  868.998570][T12667] Bluetooth: hci13: command tx timeout
[  869.958627][T12667] Bluetooth: hci14: command tx timeout
[  871.078578][T12667] Bluetooth: hci13: command tx timeout
[  872.038622][T12667] Bluetooth: hci14: command tx timeout
[  875.483746][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  875.490245][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  907.763690][ T5827] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  907.774847][ T5827] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  907.785007][ T5827] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  907.793327][ T5827] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  907.801748][ T5827] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  908.830793][T12667] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  908.842567][T12667] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  908.851055][T12667] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  908.859787][T12667] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  908.867576][T12667] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  908.909521][ T5827] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  908.920263][ T5827] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  908.929146][ T5827] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  908.939797][ T5827] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  908.947667][ T5827] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  909.878577][T12667] Bluetooth: hci15: command tx timeout
[  910.918595][T12667] Bluetooth: hci16: command tx timeout
[  911.008643][T12667] Bluetooth: hci17: command tx timeout
[  911.958906][T12667] Bluetooth: hci15: command tx timeout
[  912.998861][T12667] Bluetooth: hci16: command tx timeout
[  913.078599][T12667] Bluetooth: hci17: command tx timeout
[  913.403302][T12667] Bluetooth: hci7: command 0x0406 tx timeout
[  913.410038][T15852] Bluetooth: hci6: command 0x0406 tx timeout
[  913.416115][T15852] Bluetooth: hci5: command 0x0406 tx timeout
[  914.038874][ T5829] Bluetooth: hci15: command tx timeout
[  915.078875][ T5829] Bluetooth: hci16: command tx timeout
[  915.158632][ T5829] Bluetooth: hci17: command tx timeout
[  916.118568][ T5829] Bluetooth: hci15: command tx timeout
[  917.158899][ T5829] Bluetooth: hci16: command tx timeout
[  917.238757][ T5829] Bluetooth: hci17: command tx timeout
[  922.804082][ T5827] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  922.818047][ T5827] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  922.827542][ T5827] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  922.838021][ T5827] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  922.847383][ T5827] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  923.813863][ T5827] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1
[  923.824692][ T5827] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9
[  923.833774][ T5827] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9
[  923.843405][ T5827] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4
[  923.853565][ T5827] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2
[  924.918795][ T5829] Bluetooth: hci18: command tx timeout
[  925.409643][   T31] INFO: task kworker/u8:15:5948 blocked for more than 143 seconds.
[  925.417679][   T31]       Tainted: G             L      syzkaller #0
[  925.426159][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  925.434995][   T31] task:kworker/u8:15   state:D stack:23320 pid:5948  tgid:5948  ppid:2      task_flags:0x4208060 flags:0x00080000
[  925.447383][   T31] Workqueue: events_unbound linkwatch_event
[  925.453405][   T31] Call Trace:
[  925.456707][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  925.459717][   T31]  __schedule+0x14bc/0x5000
[  925.464950][   T31]  ? __pfx___schedule+0x10/0x10
[  925.470292][   T31]  ? schedule+0x91/0x360
[  925.474582][   T31]  schedule+0x165/0x360
[  925.478859][   T31]  schedule_preempt_disabled+0x13/0x30
[  925.484357][   T31]  __mutex_lock+0x7e6/0x1350
[  925.489344][   T31]  ? __mutex_lock+0x5bb/0x1350
[  925.494160][   T31]  ? linkwatch_event+0xe/0x60
[  925.499931][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  925.505021][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  925.511065][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  925.516838][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  925.524207][   T31]  linkwatch_event+0xe/0x60
[  925.530595][   T31]  process_scheduled_works+0xad1/0x1770
[  925.536242][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  925.560937][   T31]  worker_thread+0x8a0/0xda0
[  925.565605][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  925.597256][   T31]  ? __kthread_parkme+0x7b/0x200
[  925.603862][   T31]  kthread+0x711/0x8a0
[  925.607999][   T31]  ? __pfx_worker_thread+0x10/0x10
[  925.614873][   T31]  ? __pfx_kthread+0x10/0x10
[  925.620979][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  925.626336][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  925.638808][   T31]  ? __pfx_kthread+0x10/0x10
[  925.654915][   T31]  ret_from_fork+0x599/0xb30
[  925.659638][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  925.664806][   T31]  ? __switch_to_asm+0x39/0x70
[  925.670729][   T31]  ? __switch_to_asm+0x33/0x70
[  925.675532][   T31]  ? __pfx_kthread+0x10/0x10
[  925.680489][   T31]  ret_from_fork_asm+0x1a/0x30
[  925.685312][   T31]  </TASK>
[  925.688388][   T31] INFO: task kworker/u8:21:14110 blocked for more than 143 seconds.
[  925.696451][   T31]       Tainted: G             L      syzkaller #0
[  925.703021][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  925.712057][   T31] task:kworker/u8:21   state:D stack:22104 pid:14110 tgid:14110 ppid:2      task_flags:0x4208060 flags:0x00080000
[  925.724518][   T31] Workqueue: ipv6_addrconf addrconf_verify_work
[  925.730921][   T31] Call Trace:
[  925.734233][   T31]  <TASK>
[  925.737196][   T31]  __schedule+0x14bc/0x5000
[  925.742255][   T31]  ? __pfx___schedule+0x10/0x10
[  925.747198][   T31]  ? schedule+0x91/0x360
[  925.751542][   T31]  schedule+0x165/0x360
[  925.755732][   T31]  schedule_preempt_disabled+0x13/0x30
[  925.761321][   T31]  __mutex_lock+0x7e6/0x1350
[  925.765951][   T31]  ? __mutex_lock+0x5bb/0x1350
[  925.771118][   T31]  ? addrconf_verify_work+0x19/0x30
[  925.776371][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  925.782505][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  925.788267][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  925.793575][   T31]  addrconf_verify_work+0x19/0x30
[  925.799038][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  925.804770][   T31]  process_scheduled_works+0xad1/0x1770
[  925.810454][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  925.816498][   T31]  worker_thread+0x8a0/0xda0
[  925.821200][   T31]  kthread+0x711/0x8a0
[  925.825317][   T31]  ? __pfx_worker_thread+0x10/0x10
[  925.831084][   T31]  ? __pfx_kthread+0x10/0x10
[  925.835718][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  925.840975][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  925.846198][   T31]  ? __pfx_kthread+0x10/0x10
[  925.850896][   T31]  ret_from_fork+0x599/0xb30
[  925.855517][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  925.861015][   T31]  ? __switch_to_asm+0x39/0x70
[  925.865826][   T31]  ? __switch_to_asm+0x33/0x70
[  925.870679][   T31]  ? __pfx_kthread+0x10/0x10
[  925.875307][   T31]  ret_from_fork_asm+0x1a/0x30
[  925.878557][ T5829] Bluetooth: hci19: command tx timeout
[  925.880228][   T31]  </TASK>
[  925.890227][   T31] INFO: task syz.5.2790:15767 blocked for more than 143 seconds.
[  925.897978][   T31]       Tainted: G             L      syzkaller #0
[  925.911904][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  925.921844][   T31] task:syz.5.2790      state:D stack:26024 pid:15767 tgid:15766 ppid:8825   task_flags:0x400140 flags:0x10080002
[  925.934070][   T31] Call Trace:
[  925.937387][   T31]  <TASK>
[  925.942217][   T31]  __schedule+0x14bc/0x5000
[  925.946790][   T31]  ? __pfx___schedule+0x10/0x10
[  925.952839][   T31]  ? schedule+0x91/0x360
[  925.957119][   T31]  schedule+0x165/0x360
[  925.962434][   T31]  schedule_preempt_disabled+0x13/0x30
[  925.967907][   T31]  __mutex_lock+0x7e6/0x1350
[  925.972591][   T31]  ? __mutex_lock+0x5bb/0x1350
[  925.977394][   T31]  ? nl80211_pre_doit+0x5f/0x930
[  925.983488][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  925.988955][   T31]  ? rcu_is_watching+0x15/0xb0
[  925.993802][   T31]  ? __nla_parse+0x40/0x60
[  925.998262][   T31]  nl80211_pre_doit+0x5f/0x930
[  926.005571][   T31]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  926.012369][   T31]  genl_family_rcv_msg_doit+0x1be/0x300
[  926.017970][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  926.024156][   T31]  ? bpf_lsm_capable+0x9/0x20
[  926.029046][   T31]  ? security_capable+0x7e/0x2e0
[  926.034032][   T31]  genl_rcv_msg+0x60e/0x790
[  926.040106][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.045156][   T31]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  926.051808][   T31]  ? __pfx_nl80211_remain_on_channel+0x10/0x10
[  926.057996][   T31]  ? __pfx_nl80211_post_doit+0x10/0x10
[  926.064741][   T31]  netlink_rcv_skb+0x208/0x470
[  926.070313][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.075394][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  926.080817][   T31]  ? down_read+0x274/0x2e0
[  926.085287][   T31]  ? genl_rcv+0xd/0x40
[  926.090417][   T31]  genl_rcv+0x28/0x40
[  926.094513][   T31]  netlink_unicast+0x82f/0x9e0
[  926.099745][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  926.105092][   T31]  ? netlink_sendmsg+0x642/0xb30
[  926.111667][   T31]  ? skb_put+0x11b/0x210
[  926.115961][   T31]  netlink_sendmsg+0x805/0xb30
[  926.121001][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.126334][   T31]  ? __import_iovec+0x5d4/0x7f0
[  926.131559][   T31]  ? aa_sock_msg_perm+0xf1/0x1b0
[  926.136547][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  926.141923][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.147247][   T31]  __sock_sendmsg+0x21c/0x270
[  926.152156][   T31]  ____sys_sendmsg+0x505/0x820
[  926.157016][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  926.163033][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  926.168569][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  926.173284][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  926.178712][   T31]  ? futex_private_hash_put+0x13b/0x170
[  926.184328][   T31]  ? futex_wake+0x4b2/0x560
[  926.189287][   T31]  ? __fget_files+0x2a/0x420
[  926.193937][   T31]  ? __fget_files+0x3a0/0x420
[  926.198780][   T31]  __sys_sendmsg+0x164/0x220
[  926.203417][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[  926.208634][   T31]  ? __do_fast_syscall_32+0xbe/0x590
[  926.214014][   T31]  __do_fast_syscall_32+0x1f7/0x590
[  926.219794][   T31]  ? rcu_is_watching+0x15/0xb0
[  926.224614][   T31]  ? do_fast_syscall_32+0x34/0x80
[  926.229984][   T31]  do_fast_syscall_32+0x34/0x80
[  926.234887][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  926.241328][   T31] RIP: 0023:0xf6ffd539
[  926.245629][   T31] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  926.254593][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  926.262699][   T31] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  926.271121][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  926.279733][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  926.287942][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  926.296026][   T31]  </TASK>
[  926.299146][   T31] INFO: task syz.6.2791:15775 blocked for more than 144 seconds.
[  926.306899][   T31]       Tainted: G             L      syzkaller #0
[  926.314728][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  926.323704][   T31] task:syz.6.2791      state:D stack:26104 pid:15775 tgid:15771 ppid:10318  task_flags:0x400140 flags:0x10080002
[  926.335773][   T31] Call Trace:
[  926.339468][   T31]  <TASK>
[  926.342457][   T31]  __schedule+0x14bc/0x5000
[  926.347035][   T31]  ? __pfx___schedule+0x10/0x10
[  926.352009][   T31]  ? schedule+0x91/0x360
[  926.356308][   T31]  schedule+0x165/0x360
[  926.360741][   T31]  schedule_preempt_disabled+0x13/0x30
[  926.366467][   T31]  __mutex_lock+0x7e6/0x1350
[  926.371527][   T31]  ? __mutex_lock+0x5bb/0x1350
[  926.376359][   T31]  ? nl80211_pre_doit+0x5f/0x930
[  926.381707][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  926.386817][   T31]  ? rcu_is_watching+0x15/0xb0
[  926.391741][   T31]  ? __nla_parse+0x40/0x60
[  926.396213][   T31]  nl80211_pre_doit+0x5f/0x930
[  926.401461][   T31]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  926.407841][   T31]  genl_family_rcv_msg_doit+0x1be/0x300
[  926.413489][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  926.419679][   T31]  ? bpf_lsm_capable+0x9/0x20
[  926.424406][   T31]  ? security_capable+0x7e/0x2e0
[  926.429796][   T31]  genl_rcv_msg+0x60e/0x790
[  926.434359][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.439551][   T31]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  926.444966][   T31]  ? __pfx_nl80211_set_cqm+0x10/0x10
[  926.450320][   T31]  ? __pfx_nl80211_post_doit+0x10/0x10
[  926.455832][   T31]  netlink_rcv_skb+0x208/0x470
[  926.460984][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.466042][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  926.471489][   T31]  ? down_read+0x274/0x2e0
[  926.475942][   T31]  ? genl_rcv+0xd/0x40
[  926.480120][   T31]  genl_rcv+0x28/0x40
[  926.484151][   T31]  netlink_unicast+0x82f/0x9e0
[  926.489623][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  926.494954][   T31]  ? netlink_sendmsg+0x642/0xb30
[  926.499971][   T31]  ? skb_put+0x11b/0x210
[  926.504261][   T31]  netlink_sendmsg+0x805/0xb30
[  926.509094][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.514423][   T31]  ? __import_iovec+0x5d4/0x7f0
[  926.519705][   T31]  ? aa_sock_msg_perm+0xf1/0x1b0
[  926.524694][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  926.530070][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.535391][   T31]  __sock_sendmsg+0x21c/0x270
[  926.540204][   T31]  ____sys_sendmsg+0x505/0x820
[  926.545027][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  926.550762][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[  926.556100][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  926.560863][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  926.566116][   T31]  ? futex_wait+0x285/0x360
[  926.570714][   T31]  ? __fget_files+0x2a/0x420
[  926.575350][   T31]  ? __fget_files+0x3a0/0x420
[  926.580472][   T31]  __sys_sendmsg+0x164/0x220
[  926.585115][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[  926.590317][   T31]  ? __do_fast_syscall_32+0xbe/0x590
[  926.595641][   T31]  __do_fast_syscall_32+0x1f7/0x590
[  926.601492][   T31]  ? rcu_is_watching+0x15/0xb0
[  926.606302][   T31]  ? do_fast_syscall_32+0x34/0x80
[  926.611734][   T31]  do_fast_syscall_32+0x34/0x80
[  926.616644][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  926.623074][   T31] RIP: 0023:0xf7f34539
[  926.627188][   T31] RSP: 002b:00000000f53e455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  926.635676][   T31] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[  926.644002][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  926.652159][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  926.660223][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  926.668225][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  926.676701][   T31]  </TASK>
[  926.686782][   T31] INFO: task syz.6.2791:15778 blocked for more than 144 seconds.
[  926.694630][   T31]       Tainted: G             L      syzkaller #0
[  926.701511][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  926.710718][   T31] task:syz.6.2791      state:D stack:25792 pid:15778 tgid:15771 ppid:10318  task_flags:0x400140 flags:0x10080002
[  926.722818][   T31] Call Trace:
[  926.726153][   T31]  <TASK>
[  926.729484][   T31]  __schedule+0x14bc/0x5000
[  926.734100][   T31]  ? __pfx___schedule+0x10/0x10
[  926.739131][   T31]  ? schedule+0x91/0x360
[  926.743412][   T31]  schedule+0x165/0x360
[  926.747583][   T31]  schedule_preempt_disabled+0x13/0x30
[  926.753118][   T31]  __mutex_lock+0x7e6/0x1350
[  926.757747][   T31]  ? __mutex_lock+0x5bb/0x1350
[  926.763171][   T31]  ? nl80211_pre_doit+0x5f/0x930
[  926.768142][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  926.773242][   T31]  ? rcu_is_watching+0x15/0xb0
[  926.778054][   T31]  ? __nla_parse+0x40/0x60
[  926.782622][   T31]  nl80211_pre_doit+0x5f/0x930
[  926.787420][   T31]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  926.794176][   T31]  genl_family_rcv_msg_doit+0x1be/0x300
[  926.799886][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  926.805993][   T31]  ? bpf_lsm_capable+0x9/0x20
[  926.810753][   T31]  ? security_capable+0x7e/0x2e0
[  926.815741][   T31]  genl_rcv_msg+0x60e/0x790
[  926.820936][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.826011][   T31]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  926.831456][   T31]  ? __pfx_nl80211_new_station+0x10/0x10
[  926.837159][   T31]  ? __pfx_nl80211_post_doit+0x10/0x10
[  926.842804][   T31]  netlink_rcv_skb+0x208/0x470
[  926.847622][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  926.853062][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  926.858468][   T31]  ? down_read+0x274/0x2e0
[  926.862923][   T31]  ? genl_rcv+0xd/0x40
[  926.867039][   T31]  genl_rcv+0x28/0x40
[  926.871184][   T31]  netlink_unicast+0x82f/0x9e0
[  926.875995][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  926.881674][   T31]  ? netlink_sendmsg+0x642/0xb30
[  926.886665][   T31]  ? skb_put+0x11b/0x210
[  926.907660][   T31]  netlink_sendmsg+0x805/0xb30
[  926.913577][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.919067][   T31]  ? __import_iovec+0x5d4/0x7f0
[  926.923960][   T31]  ? aa_sock_msg_perm+0xf1/0x1b0
[  926.929328][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  926.934658][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  926.940335][   T31]  __sock_sendmsg+0x21c/0x270
[  926.945073][   T31]  ____sys_sendmsg+0x505/0x820
[  926.949983][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  926.955374][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[  926.960775][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  926.965504][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  926.971173][   T31]  ? futex_wait+0x285/0x360
[  926.975754][   T31]  ? __fget_files+0x2a/0x420
[  926.980476][   T31]  ? __fget_files+0x3a0/0x420
[  926.985204][   T31]  __sys_sendmsg+0x164/0x220
[  926.989926][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[  926.995088][   T31]  ? __do_fast_syscall_32+0xbe/0x590
[  926.998658][T15852] Bluetooth: hci18: command tx timeout
[  927.000908][   T31]  __do_fast_syscall_32+0x1f7/0x590
[  927.011131][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  927.016373][   T31]  ? do_fast_syscall_32+0x34/0x80
[  927.021500][   T31]  ? irqentry_exit+0x10f/0x660
[  927.026295][   T31]  ? rcu_is_watching+0x15/0xb0
[  927.031581][   T31]  do_fast_syscall_32+0x34/0x80
[  927.036477][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  927.043309][   T31] RIP: 0023:0xf7f34539
[  927.047422][   T31] RSP: 002b:00000000f4b9e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  927.055942][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080
[  927.064281][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  927.072370][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  927.080685][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  927.089205][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  927.097237][   T31]  </TASK>
[  927.100783][   T31] 
[  927.100783][   T31] Showing all locks held in the system:
[  927.109040][   T31] 1 lock held by ksoftirqd/1/23:
[  927.114017][   T31]  #0: ffff8880b863a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  927.130999][   T31] 1 lock held by khungtaskd/31:
[  927.135881][   T31]  #0: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  927.145859][   T31] 3 locks held by kworker/0:2/106:
[  927.151533][   T31]  #0: ffff88813ff16948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.164144][   T31]  #1: ffffc90002687b80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.175376][   T31]  #2: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xa1/0xf00
[  927.185461][   T31] 1 lock held by klogd/5187:
[  927.190127][   T31]  #0: ffff8880b863a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  927.200157][   T31] 2 locks held by getty/5588:
[  927.204867][   T31]  #0: ffff88814ea980a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  927.215194][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460
[  927.225465][   T31] 3 locks held by kworker/u9:2/5827:
[  927.230822][   T31]  #0: ffff88807f3af148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.242143][   T31]  #1: ffffc90003f2fb80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.254857][   T31]  #2: ffff888024c14ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400
[  927.265086][   T31] 3 locks held by kworker/u9:3/5829:
[  927.270705][   T31]  #0: ffff88801dab0148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.281683][   T31]  #1: ffffc90003fbfb80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.294317][   T31]  #2: ffff8880567b8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400
[  927.304634][   T31] 3 locks held by kworker/u8:15/5948:
[  927.310101][   T31]  #0: ffff88813ff29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.322227][   T31]  #1: ffffc90004e77b80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.334592][   T31]  #2: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  927.343764][   T31] 3 locks held by kworker/0:9/5968:
[  927.349047][   T31]  #0: ffff88813ff15948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.360762][   T31]  #1: ffffc90004f97b80 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.372426][   T31]  #2: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  927.382971][   T31] 1 lock held by syz.6.2085/13368:
[  927.388215][   T31]  #0: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  927.397648][   T31] 3 locks held by kworker/u8:21/14110:
[  927.403368][   T31]  #0: ffff88814da43148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  927.415088][   T31]  #1: ffffc9000c6bfb80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  927.429226][   T31]  #2: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  927.438866][   T31] 5 locks held by kworker/u8:24/14115:
[  927.444355][   T31]  #0: ffff8880b863a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  927.454387][   T31]  #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  927.463672][   T31]  #2: ffff8880b87260d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  927.472816][   T31]  #3: ffffffff99b30670 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x87/0x540
[  927.483527][   T31]  #4: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa5/0x2390
[  927.493727][   T31] 2 locks held by syz.2.2787/15768:
[  927.499056][   T31]  #0: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90
[  927.508183][   T31]  #1: ffff88807ba98d38 (&dev_instance_lock_key#14){+.+.}-{4:4}, at: napi_disable+0x4e/0x80
[  927.518808][   T31] 2 locks held by syz.5.2790/15767:
[  927.524043][   T31]  #0: ffffffff8f3797b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  927.532378][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930
[  927.541721][   T31] 2 locks held by syz.6.2791/15775:
[  927.546938][   T31]  #0: ffffffff8f3797b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  927.555560][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930
[  927.564987][   T31] 2 locks held by syz.6.2791/15778:
[  927.571213][   T31]  #0: ffffffff8f3797b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  927.579999][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930
[  927.590524][   T31] 3 locks held by syz.0.2802/15794:
[  927.595785][   T31]  #0: ffffffff8f3797b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  927.605101][   T31]  #1: ffffffff8f3795c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  927.614783][   T31]  #2: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_register_hw+0x3037/0x4110
[  927.625094][   T31] 2 locks held by syz-executor/15796:
[  927.631483][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.641581][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.652178][   T31] 2 locks held by syz-executor/15798:
[  927.657617][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.668309][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.679457][   T31] 2 locks held by syz-executor/15799:
[  927.684882][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.694748][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.705931][   T31] 1 lock held by syz.4.2796/15801:
[  927.711177][   T31]  #0: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newroute+0x109/0x210
[  927.720706][   T31] 2 locks held by syz-executor/15808:
[  927.726095][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.736168][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.746806][   T31] 2 locks held by syz-executor/15811:
[  927.752468][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.762271][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.772886][   T31] 2 locks held by syz-executor/15822:
[  927.778302][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.787810][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.799537][   T31] 2 locks held by syz-executor/15826:
[  927.804943][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.815675][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.827222][   T31] 2 locks held by syz-executor/15827:
[  927.833109][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.842626][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.853204][   T31] 2 locks held by syz-executor/15831:
[  927.858985][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.868490][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.880008][   T31] 2 locks held by syz-executor/15835:
[  927.885413][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.895270][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.905830][   T31] 2 locks held by syz-executor/15844:
[  927.911306][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.921417][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.932059][   T31] 2 locks held by syz-executor/15849:
[  927.937458][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.947185][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.958023][   T31] 2 locks held by syz-executor/15850:
[  927.958589][T15852] Bluetooth: hci19: command tx timeout
[  927.963569][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  927.978346][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  927.989517][   T31] 2 locks held by syz-executor/15860:
[  927.994921][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  928.005616][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  928.016516][   T31] 2 locks held by syz-executor/15864:
[  928.021956][   T31]  #0: ffffffff8f304b70 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  928.031714][   T31]  #1: ffffffff8f311c08 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  928.043512][   T31] 
[  928.045871][   T31] =============================================
[  928.045871][   T31] 
[  928.054409][   T31] NMI backtrace for cpu 0
[  928.054430][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  928.054460][   T31] Tainted: [L]=SOFTLOCKUP
[  928.054468][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  928.054482][   T31] Call Trace:
[  928.054491][   T31]  <TASK>
[  928.054503][   T31]  dump_stack_lvl+0x189/0x250
[  928.054538][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  928.054567][   T31]  ? __pfx__printk+0x10/0x10
[  928.054609][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  928.054642][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  928.054673][   T31]  ? __pfx__printk+0x10/0x10
[  928.054710][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  928.054754][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  928.054786][   T31]  sys_info+0x135/0x170
[  928.054812][   T31]  watchdog+0xf95/0xfe0
[  928.054849][   T31]  ? watchdog+0x20a/0xfe0
[  928.054888][   T31]  kthread+0x711/0x8a0
[  928.054921][   T31]  ? __pfx_watchdog+0x10/0x10
[  928.054951][   T31]  ? __pfx_kthread+0x10/0x10
[  928.054981][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  928.055015][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  928.055036][   T31]  ? __pfx_kthread+0x10/0x10
[  928.055066][   T31]  ret_from_fork+0x599/0xb30
[  928.055090][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  928.055123][   T31]  ? __switch_to_asm+0x39/0x70
[  928.055152][   T31]  ? __switch_to_asm+0x33/0x70
[  928.055179][   T31]  ? __pfx_kthread+0x10/0x10
[  928.055209][   T31]  ret_from_fork_asm+0x1a/0x30
[  928.055256][   T31]  </TASK>
[  928.055265][   T31] Sending NMI from CPU 0 to CPUs 1:
[  928.212740][    C1] NMI backtrace for cpu 1
[  928.212761][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  928.212785][    C1] Tainted: [L]=SOFTLOCKUP
[  928.212792][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  928.212804][    C1] RIP: 0010:task_psi_group+0x42/0x1a0
[  928.212831][    C1] Code: 49 bd 00 00 00 00 00 fc ff df 4c 8d b7 98 13 00 00 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 f1 78 8b 00 4d 8b 36 <e8> e9 28 bf 09 85 c0 74 5e e8 40 d4 09 00 85 c0 75 55 48 c7 c7 a8
[  928.212847][    C1] RSP: 0018:ffffc90000a08b70 EFLAGS: 00000046
[  928.212863][    C1] RAX: 1ffff1100543d643 RBX: ffffffff8de06da0 RCX: c015f0739ea75400
[  928.212878][    C1] RDX: 0000000000010000 RSI: 0000000000000000 RDI: ffff88802a1e9e80
[  928.212890][    C1] RBP: 0000000000000000 R08: ffffffff819c8b49 R09: ffff8880b8724588
[  928.212903][    C1] R10: ffff88805aa09810 R11: ffffed100b541305 R12: 000000d81dca456b
[  928.212916][    C1] R13: dffffc0000000000 R14: ffff888020f3f800 R15: ffff88802a1e9e80
[  928.212930][    C1] FS:  0000000000000000(0000) GS:ffff888125f35000(0000) knlGS:0000000000000000
[  928.212944][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  928.212957][    C1] CR2: 000055b78c9c6120 CR3: 000000002e8a0000 CR4: 00000000003526f0
[  928.212977][    C1] Call Trace:
[  928.212985][    C1]  <IRQ>
[  928.212995][    C1]  psi_task_change+0xec/0x340
[  928.213020][    C1]  enqueue_task+0x3e3/0x4c0
[  928.213045][    C1]  ttwu_do_activate+0x1dc/0x860
[  928.213073][    C1]  try_to_wake_up+0x721/0x12b0
[  928.213103][    C1]  hrtimer_wakeup+0x4e/0x60
[  928.213128][    C1]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  928.213152][    C1]  __hrtimer_run_queues+0x51c/0xc30
[  928.213175][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  928.213205][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  928.213227][    C1]  ? read_tsc+0x9/0x20
[  928.213258][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  928.213296][    C1]  __sysvec_apic_timer_interrupt+0x102/0x3e0
[  928.213319][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  928.213337][    C1]  </IRQ>
[  928.213344][    C1]  <TASK>
[  928.213351][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  928.213371][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  928.213388][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 a0 0c 00 f3 0f 1e fa fb f4 <e9> c8 ed 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  928.213404][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  928.213418][    C1] RAX: c015f0739ea75400 RBX: ffffffff81978eba RCX: c015f0739ea75400
[  928.213432][    C1] RDX: 0000000000000001 RSI: ffffffff8d792222 RDI: ffffffff8bc08360
[  928.213445][    C1] RBP: ffffc90000197f10 R08: ffff8880b87336db R09: 1ffff110170e66db
[  928.213459][    C1] R10: dffffc0000000000 R11: ffffed10170e66dc R12: ffffffff8f821e70
[  928.213472][    C1] R13: 1ffff110038d4b70 R14: 0000000000000001 R15: 0000000000000001
[  928.213486][    C1]  ? do_idle+0x1ea/0x520
[  928.213511][    C1]  default_idle+0x13/0x20
[  928.213530][    C1]  default_idle_call+0x73/0xb0
[  928.213551][    C1]  do_idle+0x1ea/0x520
[  928.213570][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  928.213589][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[  928.213608][    C1]  ? __pfx_do_idle+0x10/0x10
[  928.213633][    C1]  ? do_idle+0x4f9/0x520
[  928.213653][    C1]  cpu_startup_entry+0x44/0x60
[  928.213673][    C1]  start_secondary+0x101/0x110
[  928.213700][    C1]  common_startup_64+0x13e/0x147
[  928.213734][    C1]  </TASK>
[  928.553906][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  928.560773][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  928.571608][   T31] Tainted: [L]=SOFTLOCKUP
[  928.576054][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  928.586135][   T31] Call Trace:
[  928.589453][   T31]  <TASK>
[  928.592402][   T31]  dump_stack_lvl+0x99/0x250
[  928.597035][   T31]  ? __asan_memcpy+0x40/0x70
[  928.601688][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  928.606906][   T31]  ? __pfx__printk+0x10/0x10
[  928.611528][   T31]  vpanic+0x237/0x6d0
[  928.615544][   T31]  ? __pfx_vpanic+0x10/0x10
[  928.620070][   T31]  ? preempt_schedule_common+0x83/0xd0
[  928.625559][   T31]  panic+0xb9/0xc0
[  928.629310][   T31]  ? __pfx_panic+0x10/0x10
[  928.633748][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  928.639137][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  928.645313][   T31]  watchdog+0xfdf/0xfe0
[  928.649490][   T31]  ? watchdog+0x20a/0xfe0
[  928.653882][   T31]  kthread+0x711/0x8a0
[  928.657970][   T31]  ? __pfx_watchdog+0x10/0x10
[  928.662666][   T31]  ? __pfx_kthread+0x10/0x10
[  928.667274][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  928.672493][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  928.677700][   T31]  ? __pfx_kthread+0x10/0x10
[  928.682302][   T31]  ret_from_fork+0x599/0xb30
[  928.686902][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  928.692026][   T31]  ? __switch_to_asm+0x39/0x70
[  928.696806][   T31]  ? __switch_to_asm+0x33/0x70
[  928.701585][   T31]  ? __pfx_kthread+0x10/0x10
[  928.706195][   T31]  ret_from_fork_asm+0x1a/0x30
[  928.710988][   T31]  </TASK>
[  928.714369][   T31] Kernel Offset: disabled
[  928.718737][   T31] Rebooting in 86400 seconds..