last executing test programs:

19m42.31762723s ago: executing program 4 (id=364):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x1c, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000891}, 0x20004044)

19m42.259050048s ago: executing program 4 (id=365):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000440)=@gcm_256={{0x303}, '\x00', "352bfc0f38345beb42380beb8a9b6220f956db553fc75817f69b4e4047aaa9e1", '\x00', '\x00\x00\x00@\x00'}, 0x38)
recvmmsg(r0, &(0x7f0000003300)=[{{0x0, 0x0, &(0x7f0000000200)}}], 0x1, 0x40000122, 0x0)

19m42.076926441s ago: executing program 4 (id=368):
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0xffff, 0xffffffffffffffff, 0x7, 0xf}, 0xa}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000004000ffffffff02000000080003", @ANYRES32=r3, @ANYBLOB="080002002e"], 0x24}, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r4, @ANYBLOB="f6a2b6759f7baab3c3d53229294b1fff851c039ce891ef668e7026371c9735d7853f303604f07eaa3e461d9135f044a6e6a0ed7c213553f7558f44e4960200000073920bd804a378c57795ee70de59f24de80fc1d394b06219be0653792aab52041dda119fa4676d7d8c86a1696d252c20401f552d9b826b2dfcf2ce1ce58a267940c5c903b8bb3cb019255bbdbaf5bba8be97b13c07fd2ddad169946e8494d03c9f7c7917ae3a6b752762ab2e3b5b1e0049383210642eafb2019887b87cc2a5ab7dc2ab6d835701e139bb086f0b28245f6f235690452d6aae98affd7241f992812c45fcf716aa78bad9b5617eeb9c28dfbe98f445c8fee18ec70e7a5be9cb8808f8f25956bd7d6642add4e785581851bc8287a185feb2b91809c2d4974dbcfb137b6adade2cd1e6195b9c68319fec3cceef00aa467d6a4c63002bae0fe422522b2cef9725ea6abf938b0f07b75cb93fddcfaafe92ef5f830e3e7098b8fb79af9c43c27dfe28db01bb30bdd44e4af77543d32de13f94fcb3dd29bf4485f79356e142df6c466c74c1dbd458bcf08341980b99eabed91a6ae6fe21"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x722b4d06da1eb2a4}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x4c, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfffb}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xb5f}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x14, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0xb1, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
sendmmsg(r6, &(0x7f0000000180), 0x4000190, 0x0)

19m41.887536519s ago: executing program 4 (id=373):
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x1003, r1}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000200)={0x0, &(0x7f00000006c0)=""/145, &(0x7f0000000400), &(0x7f0000000780), 0x4, r1}, 0x38)

19m41.63831418s ago: executing program 4 (id=377):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x5, 0x0, 0x0, 0xa, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xac, 0xfff, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x2, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x4d2, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x49}]}]}, 0xfc}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r2 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r2, &(0x7f0000000580)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x4, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x0, 0x2}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000000)="3260cad1dc", 0x5}], 0x1}, 0x880)

19m40.450145622s ago: executing program 4 (id=385):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000600)=0x50d, 0x4)
listen(r1, 0xffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {0x0}], 0x2}, 0x0)
socket(0x15, 0x4, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="7c000000010405000000000000000000000000000600064000000000080005400000000005000100010000000a0002000000000000000000080003400000c018060006400000000008000440000000000a000200", @ANYRES64], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = socket(0x2b, 0x1, 0x1)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r6, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x40000)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r8=>0x0})
recvmmsg(r6, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000b, 0x200000006c832, r0, 0x0)
read(r6, &(0x7f0000000000)=""/31, 0x1f)
setsockopt$inet6_tcp_buf(r5, 0x6, 0xd, &(0x7f0000000100)="97", 0x1)
sendmsg$TIPC_CMD_SHOW_PORTS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x2400c0c1)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=r8, @ANYBLOB="e5d343f733df44b355b26fe59b28d53ed099f29db9a9c81a2ae93c3f30ecd7481c90e0e77c829c04a87a992b34f9be2d6bf4e4b1da1f765754fea2d4d3338e7e01c021c4762d63ea968b1ce5d0296378a87bd89e33b4f5d17347be29bfd16ec4ed473dccc62a7816831bfeeea8ac8c910efe2cf5584ad764f93cbf40db3a9fdb676813b71e899ed4df994898ea597f1ed67027cf7b81af3b882200641cd30d4bb5294cabc54d7f702d2af850c971173e1946ec69", @ANYBLOB="000000000000000000000000000040000000000000fffb000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000001000000000000004400050000000000000000000000000000000000000000003309ac549b969dfa6dc6bb43aa2197105f917b5d1d97fc3e159bcd24c3e01e5fdbeb7aa68b4a2f45cf554bb6d40c63b96eea7b9dea2a0112cc710b2a83ce898b55b414de9e7935202f3de093ce6d207368244711c96e3e5acdb07d8308e09d5da2a5b1c2c32a354d47d822a45472bf776e4ce9b65c0ab4141f891b17827e6c6b13da3b98340e83e0f12cc6b4cb1b5ef5ed38602940288623af55e9bbce59fa8a77b98c7f46031a7bf552e18dd64be49ff55d5820ae321b972abd601939b541ac"], 0xfc}}, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r10, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e55", 0x324, 0xfdff, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

19m25.241707854s ago: executing program 32 (id=385):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000600)=0x50d, 0x4)
listen(r1, 0xffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {0x0}], 0x2}, 0x0)
socket(0x15, 0x4, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="7c000000010405000000000000000000000000000600064000000000080005400000000005000100010000000a0002000000000000000000080003400000c018060006400000000008000440000000000a000200", @ANYRES64], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = socket(0x2b, 0x1, 0x1)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r6, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x40000)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r8=>0x0})
recvmmsg(r6, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000b, 0x200000006c832, r0, 0x0)
read(r6, &(0x7f0000000000)=""/31, 0x1f)
setsockopt$inet6_tcp_buf(r5, 0x6, 0xd, &(0x7f0000000100)="97", 0x1)
sendmsg$TIPC_CMD_SHOW_PORTS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x2400c0c1)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=r8, @ANYBLOB="e5d343f733df44b355b26fe59b28d53ed099f29db9a9c81a2ae93c3f30ecd7481c90e0e77c829c04a87a992b34f9be2d6bf4e4b1da1f765754fea2d4d3338e7e01c021c4762d63ea968b1ce5d0296378a87bd89e33b4f5d17347be29bfd16ec4ed473dccc62a7816831bfeeea8ac8c910efe2cf5584ad764f93cbf40db3a9fdb676813b71e899ed4df994898ea597f1ed67027cf7b81af3b882200641cd30d4bb5294cabc54d7f702d2af850c971173e1946ec69", @ANYBLOB="000000000000000000000000000040000000000000fffb000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000001000000000000004400050000000000000000000000000000000000000000003309ac549b969dfa6dc6bb43aa2197105f917b5d1d97fc3e159bcd24c3e01e5fdbeb7aa68b4a2f45cf554bb6d40c63b96eea7b9dea2a0112cc710b2a83ce898b55b414de9e7935202f3de093ce6d207368244711c96e3e5acdb07d8308e09d5da2a5b1c2c32a354d47d822a45472bf776e4ce9b65c0ab4141f891b17827e6c6b13da3b98340e83e0f12cc6b4cb1b5ef5ed38602940288623af55e9bbce59fa8a77b98c7f46031a7bf552e18dd64be49ff55d5820ae321b972abd601939b541ac"], 0xfc}}, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r10, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e55", 0x324, 0xfdff, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

18m55.580480096s ago: executing program 0 (id=786):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)

18m55.321307967s ago: executing program 0 (id=790):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0xe, 0x0, &(0x7f00000002c0)="69d387051eaf71a0486e5c660000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

18m55.003911015s ago: executing program 0 (id=794):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000440)="b9ff03e8ffff10ffffffffbaeeaa", 0x0, 0xa, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

18m54.841701219s ago: executing program 0 (id=797):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x9)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r2=>0x0})
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f0000000040)=""/28, &(0x7f0000000100)=0x1c)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r4 = gettid()
r5 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010000304f9ffbffffedbdf2500007400", @ANYRES32=r2, @ANYBLOB="049c01000750050008001300", @ANYRES32=r4, @ANYBLOB="140003002e"], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0)

18m54.603373226s ago: executing program 0 (id=800):
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xc2300, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

18m54.342914026s ago: executing program 0 (id=804):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r0, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
accept4$nfc_llcp(r1, &(0x7f00000003c0), 0x0, 0x800)
r2 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r2, &(0x7f0000000540), 0x0)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x12, 0xa, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x62)
ioctl$int_in(r3, 0x5421, &(0x7f0000000140)=0x6)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60)
close(0xffffffffffffffff)

18m39.265218104s ago: executing program 33 (id=804):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r0, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
accept4$nfc_llcp(r1, &(0x7f00000003c0), 0x0, 0x800)
r2 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r2, &(0x7f0000000540), 0x0)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x12, 0xa, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x62)
ioctl$int_in(r3, 0x5421, &(0x7f0000000140)=0x6)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60)
close(0xffffffffffffffff)

5m28.622023981s ago: executing program 5 (id=7519):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
close(r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x10, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1, 0x1, 0xb, 0x1, 0xfffffffc, 0xffff, 0x3, 0x1, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24058081}, 0xc804)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

5m27.858214416s ago: executing program 5 (id=7523):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{0x0}], 0x1}, 0x8000}], 0x2, 0x10002, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)

5m27.659962375s ago: executing program 5 (id=7524):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES64], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r1}, 0x18)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r0, 0x58}, 0x55)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e23, 0x4, @mcast1, 0x8}}, 0xfffd, 0x7ffe}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)='%pS    \x00'}, 0x20)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f00000003c0)=0xfffffffffffffffe, 0x12)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1500000006400000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="9e18bcd294fad8e5310c64a6e2e59c97860547c240aff7075391769b70b39367b8839ff2db6cf2860e5182d9dcc84a2e7e3de9f7a06c8032569d5863aaa78f76ec30385349b4fb9916e03f63fa58b6940eb287348bb53abb995c416cd0", @ANYRES64=0x0], 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getsockopt$sock_buf(r5, 0x1, 0x3b, &(0x7f00000014c0)=""/145, &(0x7f0000000000)=0x91)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000008c0), 0x0, 0x408c0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}}, 0x8000)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c9, &(0x7f0000000100))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000000001010400000072000000000000000404000280"], 0x18}, 0x1, 0x0, 0x0, 0xdf505db1a3d84e25}, 0x0)

5m27.167113293s ago: executing program 5 (id=7526):
r0 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x10)
sendto$phonet(r0, 0x0, 0x0, 0x20000001, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x20040014)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

5m27.117622834s ago: executing program 5 (id=7527):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000a17000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="85000000ae00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)

5m27.061269965s ago: executing program 5 (id=7528):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58)
unshare(0x62040200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000006800e97800000000f9ffffff0a00000000"], 0x1c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800dd0400010000002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x7, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r8, r6, 0x25, 0x0, @void}, 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d04a0f1d0d47b2", 0x10)
r9 = accept4(r3, 0x0, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0f000000040000000800000009"], 0x48)
r11 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r11, 0x11b, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x30)
r12 = socket(0x1, 0x2, 0x0)
setsockopt$ax25_int(r9, 0x101, 0x8, &(0x7f0000000280)=0x3ff, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r10, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r12, 0x2}, 0x20)
syz_genetlink_get_family_id$fou(0x0, r9)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401})

5m11.729361042s ago: executing program 34 (id=7528):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58)
unshare(0x62040200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000006800e97800000000f9ffffff0a00000000"], 0x1c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800dd0400010000002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x7, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r8, r6, 0x25, 0x0, @void}, 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d04a0f1d0d47b2", 0x10)
r9 = accept4(r3, 0x0, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0f000000040000000800000009"], 0x48)
r11 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r11, 0x11b, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x30)
r12 = socket(0x1, 0x2, 0x0)
setsockopt$ax25_int(r9, 0x101, 0x8, &(0x7f0000000280)=0x3ff, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r10, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r12, 0x2}, 0x20)
syz_genetlink_get_family_id$fou(0x0, r9)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401})

13.632195051s ago: executing program 6 (id=9104):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="10797fcd6c7704e11e05000000000000", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c40)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
r5 = getpgrp(0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = getpid()
r7 = io_uring_setup(0x7d30, &(0x7f00000020c0)={0x0, 0xffffffff, 0x1046})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r7, 0xc, 0x0, 0x0)
sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r8 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r8, 0x1, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x3, 0x300)
r10 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
socket$pptp(0x18, 0x1, 0x2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000040)=r4, 0x4)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="3be5902e693a", 0x6}, {&(0x7f0000003340)="10854a3b45187b4c622bff0433660a8e23fadb18526560f4cd9ff7ecfd9db6faf5c0ed6d31026b8b47719d520b6ab0ffb274a94ce4420f0cc51a24ba64ed3eb1ac8023513286b7b37e0bc5d877d68509fa473db77a88afe36ba97a9d647c56e9dae33234cf8077051d4fd901b6d8af69107929648dd534d2143446f1f03379eea920e72a93850eef1283fc2b312d58b89dc6a26a52fd01b07f3373116d320201db29d333f8f453105fb32b1c9cde810d392e1ccfb9dedfdad06af3ee3ff60b4407fe74a87be6bf61a87b9cec4f5fa448b6366ddbbcfb79d5963bf3cb890d2554d882614028483c1c4747f26f4f262650fd5f13136f5dd7f4aa118526c023cd4b3c5238067384eeec974823618269800e961ca4f515cf64f9a8739b40c7542fd388d46a5206efbc9592d3792352e78540208605699f25e4d258a7d02ee6d4215a27219d86dda47365a124fc1bb8df490215623850ab791f6678a6be9527f424e16532bc8197bcec14dc1154f534f0d35b1030ccb8a3656359aa5461036febe6ede1920fcde1a614351743e4860f078daeab83bc5995509d5f1cfeb7f4cff2788c28aab3ccffa00c484f7cc5755aa56ead6bde694e36ae8b60ba1ac2411519c86ddb2078ee39a0d2c0aca70f0dd151c23bc5e9323268398bd320ed7db3b77a59838932cafada0fe90524a1253cb35c48ba28903ba49fb0e8893e5b7be1524bc8d92d362fd446b6bbdc212901dada52d619ee2131bb50788f8eba2c88082246c08b9ee2a20f546e5742682ac4d0fb738ef5a2ae5cd168424e9a297c2d20b2c6cf36c8543bba39a08cf0c9024fa46ae2df40d4eaea808e198903930b5eba67548b5987609e7e6927c6819178abf2fb318247db404a0ee7f8b0b9b3d4fd5192eaeac81cfd9efdbb0ef1aaca47a66c6d20ea98628adff30ff1b3d94f3cfd49744db8392ecfd4efe04d031b6ae2d62fca54fb72d365622d54ae8378f1c91a2af2b18f49909d1238cfadb4a9af941b7819c483d9e705c46d72e7f5f39800414b3f6c5bac13c5b876299d571d18aee11032f74a2b9d1cf7dbc0683897b3926fb55d23e3fbc33498f3c0473c697818c0d35901074a05e8b326918b47151740d1e697de1862c9ada210d9370a5718d767c78f76c20cbd5f0bce44ed7d5bf54dde20c8677704ee851aa45e95e21bec7d47d816cc96db68aa17119536014f280fc8372d1c920cf15e047c05214bb76de023e86322762c55b44dcd206ef52cb972462b050b1c469251fea38d438c2df85039182b0b4e22673d23a0e149519b768d418e7a11baff11bc98835654fe4b57b628bd4fce9c6720806900b37cc22977fe23ef3661a490e7f9e940c3608946bf4e1ac60c9f795c56b69e32065efd10978a63ffb2646cf6d266acd8a38a2ad979a707cefaebf01806a81655d6469c0e11e7a1599d5ba1fef89dbd04230fe5fe0d0e38de62c9024d4afae224537b61feaa8d32894135217f383e8885e63e325722e99194215cc74a9531e72de4fa25870ad051c14b18a98d06986ef4d3698fa298a9aa26daf0f7b3a88d35022d9cf05dfd3ec90fb24302c5b0ae61d3edb760022903619e511b3dc4c841d6940bc04dd4bf8f27e4740205193caa23a4108899b9fdb4e5d520a8b97818fb944c3eb7bfba4daa16084ef35f8adca0deaf90ab4ca13fe16f20cf4efca5809fd52187ea605c06bf0ab416d72e3be589a8308144f46d1b722fa63611a1ef9ecef29afa773487985239058e299d175a12c48fdcd1a5a47d05ab4e9814ef4beae2575fb2f2c62823edf5bf0828bac407e6f619704028723edc3c9ccc70c1042b4c4b417c15d9ff2800bfc827f366148519a796cd03107c77c452b563283aa685fcacfb6cdc31cb576335d0007d09da104da810cb3b173e36ebe184b8954446aafe732e5c0c014335085f074abdecbbe74081f64a6a066975bf122210b98d08ae64d4f35e34cc7743fbe9f87c697e06716b51b0cc151765ac2757b65b360ec378488e67928de48f07dcd4ad3c97aca7fd329ff2e120d3ac3895832cd5e4cfc835f4b173e692fa75b007189d3d615bed03841cdb42d3a1cd3c2aa86ed68d0484f03257c99e7771aedf619d34b1535834419d7180dd87a42cd7d16a6411dd4b05557db2a6d92e6c1c31be932660531300088265aeb4b03e1ede4baa458ea58fda4571e7a99532699f7062cc72fd7101a8fd158d0fa1065c984e43c6cc68a150bdca244baef4cb13a707dac40419cf1f0c0d31d44f8597b6ab735e322fbcf195108326a27e56674a2926d7457edf5a933ce36702973e420b0e516ee6c2d14d0a36b5ca65d472ac69b0f7a74754573239c64737e9bb31918bef61d48f0b5544b41438589835abf29d2235fde8a2cf05c4145be73c4dd122307d38b103ae9e344b54353335cd8fd27dd0eb02a43570d8aa807696c79f2b4695247812a66ab97a26232fda19279b8fa7605d640f1c70dca6402f14d7675238316e62c536bddc6acb702fd5eaaf379d41f2d6eddab958716728a5332d435125cfacfda1df63745cf8949fdda4ec98140c44dee9ffc11dbce07564eda169ee8aa08511a00803849f60a076f0b08787d68df4ea874855f506b8abcf8fb4287f9a7090acb2295c18081a0aee659186424cbfd999691e3a5876b69df7793f13bf7eda8806627411eea15ebf882fa97fad1741330f10360eb6386190505d6032d78228e074495caa7d92d9bfc2f4325697635de35396a590885f1fc461e0696471c330d30e1682a038134c6e13cf169959d265668598b94d6c8bf03295b6297f38953cf38efe25b5effde158e44b8926d3f7bed81f620b23d43781978e818be63db3f55387b41a6a527e9f1f88a87b6af536c7384b377373558812c9a2cfc7cccf0a4a7a875a19b09e28399c1d57a713d64b9a80b4163e1cc5d04afc19bcb8e7bf39e1496f8657d64f2141d1a7bbb740e05f387fe6afd5ba56dcd3a23de8708e0e2b0264c554ec5933410b0e2882358d57ecb6a24f40d889b02c08228d54134537806a9e2444afacdfe851fb0ede22d546291d4bead3d57182f0495cd4153f4a8509b08f77d6dc9faf07f52cb49b0b55feeb2a30bb384e767a9c9ee6f19744b8ed4d0fd14185c561811d6fa2eb045fbfccbbec56ab539462fbcb5030d5156654db64e1b7d56c5b8a9a77c2a5fcfa8a9c2ba146339bd6527ce728c3298fcd07bbb85fe720adae6d6068884bb9f027b736d8dbd52b517057ea701793fa07c5f54d8d26b300e94ee612a8a0dd47fcd89d579f4ddb367c2c8f898848a8b033e5f7d25a6b6f13925b80f896ebf47ad632e35477679a3ead7ea2c7b2f56270e57f23097811ce9b441d6db225214c03772897a72c501ed952a00e45cb9b6ab14156c587b32699b3432ea34de6a8c1a8003140ac5a43c54887240669c05db6e9af47105fe6ae2fecf3d65911e390c04c859dc62113fd9a17bf2cd2a567b2c5bc68c48bf06e7cd7e3e495677e94a78d4b821d8604ad26a83a60bf1ed837ba661c2b171e3ea644f3b91f658303598bd8607e95136c1d98f0c70c7a11c2fc0812035d2c621e5481bb7cf880cf0fc0e8861dc2249e1e16423ab6523ef5c0874dad9a5a8c28f908afe342d3118ffdbc85a6c91d5f4f1ff28c3998a29b539d98d372fd2558d5eddb416a34a1e27e876aa08dfbbd0ccaca19448e769d7f542f188383fb621821076cbb22f3c8e8f5465215eb1961ea183f3f4919d3b791c23b38ebefd23ff467b276caa6336b50ac6d04388709e96a9cd24ea64dc9824a681e30a4da64b91800e53b8c34cedffb55eeaa910571a0ef2770976595dfc1ae2c36e485cda8bc13abf22378c3ef04195f13b076db47f2f61b77a610cb17bc6e459487b734e15ec855076e4b4bece90c9f062a33c9453f005e475cf22ec68e91e8734cb65fee9fc91b1c1cac0fc7a4ab2918b829bdae0eb32b4d49853df4ca6ffb6cada7d91d617b11ec2de784c07cb4c013302938b1fa1958e4e65e5a37d6350c5b4eec5abc30713ab400a961a5f32d36cb5f3ed06c88c18376330edd41871ec9a74b93305b0278c52ab239f23de3fee7dd7bd273abb298f0fddc980c924ab2580cda4c1cb00eae773ff33f3367b9c93963187fe7c8709693b58eac47d2c3f5d8f416b46b6d00bcc407426239a84a7ae15412aa7b0c480d9068807a3ab370a7ae4b501b778494a967393e33aab34c73d44e83e8fdf640643ffb10fdca63fd49e4fa7e62b8310c79aa42105a54f9bb0954ee5530b865220a2298ccb7d270f3b6765f63e01c788c505f45f68cde229ce8a2cb030c02e58b66ea2e1ab6c4cff3765091ca7de5267399a399ca2068218a31ee90133bf25b3be87fbe13d622e4809a8cf7ce964663c91858ff28d918799d5a3966e6264cd95144dd574cf0716d2005f033d372412e99ebe0d8f8ef8ad6c2572d8a8fd2b0f37fa197dc6cecf0447cd9bf6e2a286dcd37db91f9acc0dae0a3dab015918016390f5dcd69cb2cd8d6030d67d2368b7d0d2045846ef7f9e1e9b4417d4295a3b02979ca87dd4cd1d8d7279faaf9d795a6de256a15fc23a26d029c65ed00613c34d86eade9a782580662440faf0c3973bb3ceaa816b5c6b73035b3aab7e932056ba19ba84cf9e95e23d643242885932f95727e23f05d250185b26b48a421f16851bd68b4c0f7ab8b6b9fd0c91f", 0xcfb}, {&(0x7f0000000180)="65128d36512b5a2f828002d1efcad0c0e80feb0eec18257aafd8f99f6e8a46af838fe82db0e7fb8f3ed405bcf94879df4b24eddfa489eb3d963d49f74b6bd237607d02d52b9e0f03da005863faefce38736e27328b70cb517ce4bd8d427904f2dc730eea637406dc117c0d5e71f2d580b85ecc534784c2a1b8e92ff674aa592d3f0eb937fbad499b7a7262a71103463be2bf3619e15ee98723b1660bfad7b291e06216e1aa5a1a7ff998fca3ce4ed4500b0e7af2838705bd8196b09ac111d305ae4ffee2163591c1188dc13f33d42a691cb019f0f4b233ec0974a4056bf07034c62e09af33e7a0c0e6cb625bec5f83166d42f3dfc409db1383b44ed1b46f281ba119323f7b9e4a220b6d86e11c074360d2b986493cfd1e9664e678e5fb4d4ac57fa4093045460bbc44deaafe2b5ab90c49ffb69986b12c550f8bf5717ba048037e9750058b000cf62fb6687bf92b7effc220a09321687c7c6cc1e4ad2158e8996b65f76ac0e9aaf7a76ab8c2e0f2e0284ae15ff674372a554e5df15688407a22ad19344bcfc61eac8f0fcc10d4d551265815190c62c08567d839946503616190fbfb906338f97114245f21d373a5c79e41d13e745a6973442654c700dfe922b5968e8cbde90c1b719d7d7372b7ff5f62e03626ab289ab76d26f141fb0b00330578167c2e21f265b5352542c5f3de1145cee3b14581f4ce9dd0b284b60e7b37fc060e47680af555d9fc35fdf427b107afb477977b8d4d3739dfce5d826aa6aa154b6653d3a83c5b88d078562e5f5d4072eec8f6190b518bfa746eb889c6e814065bb23b8eb3052d69841903091516ecd5a1e66917a4eca97a554d392afd1732e4115056f2bf7b98fffd6f93d378f119d0a95774e383e5645acfa10a264d26a164b8330e0fde6fc768295319eb9e021fc6469af8d8d4ba04b4e9d806177ba70db2a35aeb44ab71c46067309d8f54d199d5fe232d1bd4034bedf9e2ec634c7897a3114fbba1e8604584c034b239f2b56adb1363e2d442abadd35bcc73e71d102d9f71996e2159723631df889853fe523b16c4ae305d8d0a7a88679b303c9da670f1a8e5c45ca09c73c835cd565305e2cc430a8101cbf00fb2d770accfbf05fbb6", 0x31f}], 0x3)

10.113187768s ago: executing program 6 (id=9106):
syz_usb_connect$lan78xx(0x4, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000880000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x38, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r5)
ptrace$peeksig(0x4209, r5, &(0x7f0000000080)={0x0, 0x1, 0x1}, &(0x7f0000001500)=[{}])
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

9.058068089s ago: executing program 2 (id=9110):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x260bc2, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040))
ftruncate(r0, 0x8800000)
r3 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53)
close(r3)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_int(r4, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3)
recvfrom$inet(r4, &(0x7f0000000080)=""/19, 0x31, 0x720, 0x0, 0x0)
inotify_init1(0x800)
sendfile(r4, r0, 0x0, 0x578410ed)

9.052721795s ago: executing program 3 (id=9111):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0xe3c, 0xe, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xe28, 0x3, 0x0, 0x1, [{0x16c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPRESSIONS={0x20, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}, {0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x9}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_KEY={0x124, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "3fd018377e492272a325d06b1472b0e4ba195b0a5272d03bff27f5f33ebc98d98dec44a060b898f22217d916296ede20e57c22e089c1084af756dc72031a642fe3031c9aee6093b4310a2ec93275dd3521bfee0218e6de83a43874d7873e175d4902291763aad1cba1a88eb354d57969294cece23d066e39a33dcbbcf09eea0f1bc3de2b2c14c1394374dd1e1591d4d635caf8c5608bda096a"}, @NFTA_DATA_VALUE={0x3d, 0x1, "a231a0a6ea93cd1d1a8953ead296138055fc710b03ea4fbde2f5b01c3adef612f5aa063141de13dfa490d6241b263415904738294319ddfe69"}, @NFTA_DATA_VALUE={0x19, 0x1, "6c7c1dde624f6bc568029285f962a27d68349ae520"}, @NFTA_DATA_VALUE={0x21, 0x1, "8f65cd7d54cc7eaaa55a4760bf5852c6e108ff61c68e36d19873f80f51"}]}]}, {0x45c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x21, 0x6, 0x1, 0x0, "96499f60af1f9ab32c7654bd5eb7ee46b84f511fa91815e73b3b30622f"}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x4d}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x3}]}}}]}, @NFTA_SET_ELEM_USERDATA={0x39, 0x6, 0x1, 0x0, "947069b1c2038853f61b13733921f4a8d67b922cf213c020ecb5bb390a2f506cff1568217f5a778a757a9dfe530dc5b53c80476160"}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x3b8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0x15, 0x1, "f07b67a3a741da7d7db1e5ea6c19428bcc"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x686426a9a5aa1a0a}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xd7, 0x1, "db49a30a69fb78b4c207663d5a841e4490148c34d12149b5269f2c0d4482515a0671cbb60554343c0b16fc5fb8d69e3a1254889a04c9b4338b81b93fac13dc892e85a43f982d40e42db74db5645a6d93289e1ea6b0788292b542baef22472d32a90da262160496deab6b7c5d120dfbc7436570425e62102b35cbf218fb4497e2dbc180d7510742ac12c63d5f6b8abb270e4be231b63c793ac7e81aad261a249b830b964bc3efe47380dbfb852a362786fa0c9cffca5024e5e8c1e2a19777bba4850d38bee73a660a266dee9e5c6476c85424d1"}, @NFTA_DATA_VALUE={0xc6, 0x1, "4676ccd78ed692e7e329ae63c1ec8e93ac5703b33af699c310f00d9b6dda1d56c3022f97a1d714c09997a36729412363e019a4ac708c3c0d844341095d8fff4b0ba6c6ec791fd1710769499388108f6d75f04cb65d97389642a22de6e325c75eddeb3bb37d6ad78e70660da3e5b4c617c30b504e9a340bd02d9c2de711ef205477d3153bcf5d95dbbd0e8757727c0ae5ab5dce635b6922db8089358e081856fe972038971d3c4c33437bd963ddbc87b5ab458f164e515c981742c738b191c186f0a4"}, @NFTA_DATA_VALUE={0xa1, 0x1, "98b0e37d50126504b58c61ef9ae45102e3937267f6122421fd6a96e25ec918113de94ebb427bfae2a79464a31cb22b97fdb4258ae2a8e5a4ea9f8346d0900adff07acb10e83599869afbddf2bde5b728a32e431960d2dafc9cb034274059309198621ea1b10b2ad43f53b726969d13553db82c73e5aaece1df23ccb0919aa1af5aa0b58db5100e154fb0a31cbf8593ebcf4516e19685581f0b9bdd83a3"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xad, 0x1, "5b0f6e0f547438052860c6b227bab52e9a5914eda967f1dfa9a027a2a912b8a150b4b67093a6378f89c345236dfbf6d80e36574fa0bcdd7fa2181147096eeaf2a3f2d780e13d56daf57995bf79d4a508b5213492f63a434829650f055520f4d7d48e2144f2f365fa980946a17ea17f0f7892a9a12f88549c4b5ee77847edfba2d9fc86f773ac6e4fbb6837f46e2303562a3f6ededbed10a6b6454baf1db433c015018d40f04d73661d"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xaba}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x5}]}, {0x658, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x204, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x3f, 0x1, "874379e5bf72cd4eda8b60795785e1273f7aafa668bc9a3306036f2931b023bed5d41d66624c33ced687da31ed736b454ce1dd9dd7789f6d201ef2"}, @NFTA_DATA_VALUE={0xeb, 0x1, "4b7b9398b54163b76012bdce81a2a8ba2b85f412b18568ba309517995e6effe7ed4db235d31d72af8ba3005837aa56790de6bf06c9806457df280b15bf398cd7fea8ae7e6a3eece499ea374ce9e1d812b70f5005c29abba570f5b1b2ee57333db1fdc47b29f403b06044399fd9172cb4dedde4aa61b87908e69c238c7d11f12b581e0fb573a7004c29bde4137db8f794978a7c749ef4240658b0b4d34094afb0e6df43d4e1e6ce143ab102ab4017a84526c64ca3b7df1ff6bd817d74a1da79e725f6b3a80039aed53b63b0027a038257d383c4afed985ec2c0fafff180be19fc5f66cf0beadd4c"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0x3c, 0x1, "6acf18c86f270d7f25bf673fbe71c457c766fe4088b423343cf2a23a4972e69f80d94dd9fcdfaf03417332b7eee1c6fda54f9d9bdcf573bf"}, @NFTA_DATA_VALUE={0x21, 0x1, "e683929fb396c1a5ec7a843aed00607741e56b3be2471a0769543e0cea"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}, @NFTA_SET_ELEM_KEY={0x1f4, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xf5, 0x1, "36af71d556a3dda972deae33b296bfa63d4fb442710805d947831fa79548b49450921a8a5e6294f62360107b03919637fd2a3d0638235e6012dfb9fe40c1803e914160f83c13f62f921ff40834bf9f6e0ea77a0bf85ecbd6277139d7e10a100f099d95a6b57608b37ec7704bf54f2351d08e6680331dc4413ac0f36687da0294767aebd228e64affc65490268e223f6672f57329c74d266b775fb466d85325f937607a77197d6343ecd42677dbce615b6bc38463428e5bb0b35b04cb470cf702725ab8c6a57d4dba8043ef7b6bf445913b7794865a776dca29bd5fbf01df52d4cfba53fc9cd1295059f0582b99e76d872f"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xa4, 0x1, "d4b2557c79bc2eb0d23d40e7f899c4c2e23301c31954c256f14d909bd6b629921175c64ebcfed4ddb365e845c4a0204d409a2fc8203d5c029844f825fe9bb784f4376e6232a242c3a2964c15238c20b8c42da34d868582a168243df7ff126eed62104b4e897e24e4bacaf12d4b66f42c83e9a2caf66042aa471af8f2ca3d3fcc842ab84f01184a4c8a8209912bf68da9cec4e69007de558f403c594431e47b25"}]}, @NFTA_SET_ELEM_KEY_END={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_KEY={0x234, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0x15, 0x1, "ae9f110b8ed1526a7b55e080ea8e146d34"}, @NFTA_DATA_VALUE={0x76, 0x1, "e0d723aeb6e22bd05e03eb333c7e5928f10f1854d2f9dccbe91868907531a93e75d4a884c657e619ea2d2c7c5855d2d2caf9e1cdc2434b763ad745b45003332c47f16e444995d8c5c30c86f5f94d891f256dee1e0b243ff4d5e2e45c71cf768cf7a68c1c22fbc8fff7c9059930cc80cadbba"}, @NFTA_DATA_VALUE={0xb9, 0x1, "05ef248b17c7e299a5373327923263f697cfebbc97259fefb329bc0373d82d0365f4b2d9fffdd850fc9001a64804b017797adca1d1a7b0cdbe9fcdd366b68010569ee8257d5841626923a444f7390c4cbe8c3f0c543b65dc80c71801d2159997ff062307026194ebcfdb139706d24411fc9f7543d7358b2cd1b810daf7b5187ae71d039043ac2341fb5ecea40f585cb0a4cd7cd8b7d7fec6cc5845eed77341ebd13e56c003f7d255c4c33968adc2510765d086f0bf"}, @NFTA_DATA_VALUE={0xcd, 0x1, "2758e9d2a3f3d35b9b47a5e99cc301ac70700050e38a10202f032743f6c29ba39f7048c78e25532c7b7a711e48658a2ea855539fb31370bfb70e0548f675ffdf94c2d07b557443c1c8e19fbd0ac2b34539f84e0cb8c808784d6eb82f29400dea512443d9bde58ce99174d905d8f8ed5d23c018c7332d14ef3602951c48228f9d5eccf9e786dbac7ee39549471ad3c359f31e7baeb3a3256ea71ec1659f6023b7b3e59c1c980c16bd3138f630cdad137ef5fe988239c9fc8349aca8aee4c2a550d6d2566fca4ba08e8d"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x9b}]}, {0x11c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xb8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb3, 0x1, "4aafc2ca6b9078b862b2fad3089af5e9df0856da76ad300518dd368747e3221b4d3cf8f688cf5b0fc2723ae0d6f8fadd31c425c5179d856986521619a5a9d9872a06708a6f75071a1a705186cb41a6ca7a5990abd4a2632e60b95d2785203cb81ca3e5f0614d7b1c9ef9c5367adcbba881f19b169ab469b6ec8f7589856f89e4fd7d597b809bff209885578029ea07e643da86371a94fe73c616f98163b5edaa178985bfad8e8dc3d53eb19826ccf1"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xb9}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x28, 0x7, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MAX={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_NAT_FLAGS={0x8, 0x7, 0x1, 0x0, 0x5}]}}}, @NFTA_SET_ELEM_EXPR={0x10, 0x7, 0x0, 0x1, @meta={{0x9}, @void}}]}, {0xd8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x14, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x2c, 0xb, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x13}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x14, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}]}, @NFTA_SET_ELEM_USERDATA={0x1d, 0x6, 0x1, 0x0, "798d860d3f0d632621bce4aafc6b211e204c7fae7cdc8de3bc"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x400}, @NFTA_SET_ELEM_KEY_END={0x54, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xec4}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
read$hidraw(r1, &(0x7f0000002340)=""/147, 0x93)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='\x00')

6.853789245s ago: executing program 1 (id=9115):
mlockall(0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
io_setup(0x2, &(0x7f0000002400))
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee2, 0x8031, 0xffffffffffffffff, 0x6770c000)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
pipe(&(0x7f0000000d00)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
bind$inet(r3, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x714f, 0x0)
write$dsp(r0, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
request_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000200)=':-~\xd0y\xa2j\xac\x1d3!\xa8\a\x8d\x9d\xa7\xb2c\x01\x83\xe8\x85\xa2\xe8\x16r\xd263\xf1\r;u\x032V\xbd\x98\x821v\xe1\x93\x1bSC\xc4\rnoA\x9d\xf0\xbd\x91:\xca\x98\xbd\xc5x\x85\xcbbU>\xdc\xa0\xc12^j\xda\xd2\xeb\"4\n\xf0\xc4\bZ\xae\xbb\xff\xf2\xe0\xa4\xaa\xe0\xd6\xfa\x8c\xab\x16\x9cM\xc4\xe8\x83\xde\xfd7\xc2HK\xb0nl%A', 0xfffffffffffffffe)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000010000000000000060018200000", @ANYRES32=r6, @ANYBLOB="0000000007000000c30009400000000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0xd1, &(0x7f0000001400)=""/209}, 0x94)
r7 = openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_labels_list(r7, &(0x7f0000000040)={[{'*%}[}'}]}, 0x7)

5.931655834s ago: executing program 2 (id=9116):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r0 = fanotify_init(0x8, 0x1000)
fanotify_mark(r0, 0x5, 0x1018, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')

5.896347477s ago: executing program 1 (id=9117):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x130, 0x65, 0x800, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0xf4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xdc, 0x1, [@m_ct={0xd8, 0xb, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_LABELS={0x14, 0x7, "ffe7377efb339bc59f350c7b025a3b71"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x9}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @private=0xa010101}, @TCA_CT_ACTION={0x6, 0x3, 0x1}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x101, 0x10000000, 0x1, 0x2}}, @TCA_CT_LABELS={0x14, 0x7, "075abac8315d88d707c2ed5fc953392e"}]}, {0x4d, 0x6, "a9b0373813e0f2da6e8f5cd5c2f0e993b814de8645c7545f5f50c5380480ed4ef5013ca2d00164d47399225c275c36df8b272a85bb6c9c930de5c21cfcfeb39c9de06bd96859ae3e19"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x130}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

5.74380154s ago: executing program 3 (id=9118):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x21c2, 0x101, 0x22}, 0xffffffffffffffbb)
mknodat$null(r0, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x32)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x8, 0x5, 0x34524742, 0x5, 0x4, [{0x8, 0x9}, {0x7, 0x9}, {0x3, 0x80}, {0xd, 0x8}, {0xd, 0xe0}, {0x200, 0x7ff}, {0x2, 0x3}, {0xfffffffc, 0xa}], 0x2, 0x28, 0x8, 0x1}})
sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x8)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x41a840, 0x1ff)
sendmsg$nl_route(r6, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="700000001800000426bd7000fbdbdf251c80800ffc02fd080018000008000100000000000c0009000300000a", @ANYRES32=0x0, @ANYBLOB="080001000000000000800400e994cb03158636b2068b6574942db4907d71acf23f43b4c2171bca172765472b27c0d4be3d4acb73878ebb5a2b761c2ef3b4751a9894d84906e1203b0c23", @ANYRES32=r2, @ANYBLOB="080001000000000005001a00000000000c00090006001409", @ANYRES32=0x0, @ANYBLOB="140012003d009ec650a2520ec7aadc7501a1c447"], 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x4000081)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4c)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

5.723165831s ago: executing program 6 (id=9119):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
lstat(0x0, 0x0)
getpgid(0xffffffffffffffff)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x40000)
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)=0xffffffff)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000780)={0x10000008})
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom$l2tp6(r4, 0x0, 0x0, 0x1, 0x0, 0x0)
r5 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffde6}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
getresgid(0x0, &(0x7f0000000380), 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e14060200ffef000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084)

5.693250827s ago: executing program 2 (id=9120):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x13c, 0x65, 0x800, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x100, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xe8, 0x1, [@m_ct={0xe4, 0xb, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_LABELS={0x14, 0x7, "ffe7377efb339bc59f350c7b025a3b71"}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @private=0xa010101}, @TCA_CT_ACTION={0x6, 0x3, 0x1}, @TCA_CT_LABELS={0x14, 0x7, "075abac8315d88d707c2ed5fc953392e"}]}, {0x7b, 0x6, "a9b0373813e0f2da6e8f5cd5c2f0e993b814de8645c7545f5f50c5380480ed4ef5013ca2d00164d47399225c275c36df8b272a85bb6c9c930de5c21cfcfeb39c9de06bd96859ae3e19a20d72ffe99adec2667fa15f5dc9985c817c830838de22cb50db69cea06d79bdd4b0a20ecfe8241339adc4ecabec"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

5.555832281s ago: executing program 1 (id=9121):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)

5.507183399s ago: executing program 2 (id=9122):
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x2, 0x0)
socket$kcm(0x1e, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0xc3a, 0x2c0802)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$inet_smc(0x2b, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0x0}, 0x50)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000480), 0x28002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1})

4.581898457s ago: executing program 1 (id=9123):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x300000}, 0xc, &(0x7f0000000700)={&(0x7f0000000080)={0x678, r1, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_FRAME={0x576, 0x33, @assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1}, @device_a, @broadcast, @initial, {0xd, 0x1}}, 0x6000, 0x9, @random=0x2, @void, @void, [{0xdd, 0xf7, "23d0b28678f3dec9bbf4c5ab147a5aa878f473889805929737e8b32ea5cad375fcf05b69cffa9c80a28e0b64bd112596596e020889b5b1016c59cc33dbf49d6238b5c7164850bd32eefde0130aa0c16ca577d895b24ed87077a5bf090447f92c47fb4fabe06a1a014dafed2b4d4ce78590dbb1f0770063c7f5dc571c45991303c4e1a4faa7c5a30ba18bedb391399e4a4ea079649d81319d0f6d289acd772d9273ffa9bdb4b8f2808a24467d0e70a690ec0871a079713ff9754837c93c12b63269705530f388fd64ae5ba7c505117a311e7e26a5ad4587905c9ba08d443f7ce80b0b7115be72b3ee8af74099316164cdf70e41df32839f"}, {0xdd, 0xf6, "b5263d190bd727a79c4515e554a8e8de801f8e7df39e3e708d05ba2da0c7c7a57c0d468119ce6becb547553350e90f25f711181747d3ce2eba2baa87b8491c6bcd00a3cf3d33f175433baac0ef9b059d642b852a3a47fa1cb6c408a0a4c7c768c01e434bc0f0f2f40f1f91fdbdf5beab608e33fb2658dfebe6ac3eadcc6887e01498e1595b4cfaab81fde78bc09de9f4c6e7649bd8409bdfbab33abfbb67d815c94f69c61f1541582d6cdf0b22430f26779e2c51c9b20b922bf4f184b3258ac5df0ab5969b2b746ce1a51999e4fb7282bf5a69632a397b7c9120726a7e8a9bdb39b2fefff579af2562a745a9ce5016360909395d9c5d"}, {0xdd, 0x51, "71ed6c07dec6ad7761436bcd67d5717d020059e8277b13e00074d8fa913663f6f700a4d5f415c8d50ca702b2878e76ecf2b2a7535c78c8a1b81c671509fb11825f1605c1c0a446b34864a1e67648a7cb3c"}, {0xdd, 0x15, "6277727b55db9760d4a130af0da7723363f05ef610"}, {0xdd, 0x5a, "5e17aca32eb7e76960bb8c13d5989df438e5667ca8242494f5dd72da0658077122483a54b6a7db2d6ff69344d1a906f0b5bafcb30bb2988d2cf7b628a1dc01fe11f662f60303f7f2a964b828d4ef2b33c48c19eedfbbb87b9ae8"}, {0xdd, 0x25, "e5257e10ad5a3d0c5f0b8501d578f12c569c1b2b07265d59a57c60dad7ca9f04f37d66ef1a"}, {0xdd, 0xa0, "e515762015898ecaeb9d49441a2989ff287747ddbd3ed0d78067ef105c9de0bb29dfec91020d2b85d1e9fbba704712f6733f525d70b2dc1c132b0a64018b93ea7ffd088450bc8edb1d2133d005b51b99383a37aff81955e6f8994f21156c2741d2caf44cb7e4dfe4aac86ede848987fec07388e0f62c99b86fe76f887c3d76c4f3fb1b1b41717d848e9e7bc4cea5b25d5c58ae3005379a5957b16b60259badd2"}, {0xdd, 0xed, "a41bd484f31da0da3f500365ff3d5f244adbc393e8a0e63ae12afe375ecba23393c95be1aecc1749f82ead27ffa3a8beb91124d66c20af1c26b99c397fdd78ad3a45495c64770b7d5efc94077cb92c740de1e910d386b1e815d7882345e5651a4acf9db103a0ccbd01cfd5d3b2f8a17d4e35dfd8f8910bb28b9d4895690a4bba560435dcfc294919faa28892d140dd057757e117e01c6d15702651ec2b90583ac5e02f0c45803d6486e092ac0654fe87a45f896e8cdb139be3f6675d6143068b4de502228f4394f643441cdd14add9a8baf92f462350782f4350028c8757a89a03f3d72d0d906978a5ec733476"}, {0xdd, 0xe3, "30e4177d248640250a3aba976504afb526f9a7f0b7c16cbb6771a8fac4d79d35b2eace1de894041723e71c3f39a73bc29cbc56186f7f01bbdb12da0cded0ff0524f1c06c8c8a527560a5d1dbdfe60c087a4625fa6f0a14e7028d35445ea3726e8bad204fb56be82ec698514aaf57e79b6aa026bab9d97666a3118a94d6dd72921100f73f8e059fddb463c5d9d6a9ea4ae1065eb3c824c5cf3fa58c27502186e5a32434b0c222a75ac755e094f1ddc5dfdaef480e6d7c37981c9684ab91a7f033128f7f3400c3e62c7ea657cb921bca1e9c2dee545a292558b60c806686d88ae3488bb6"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0xe, 0x5, 0x9, 0xa]}, @NL80211_ATTR_FRAME={0xd8, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x60}, @device_a, @device_b, @random="108dd0d499e9", {0x4, 0x6}, @value=@ver_80211n={0x0, 0x9, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, 0x0, 0x2, 0x6a, @val={0x10, 0x1, 0x5d}, [{0xdd, 0x2a, "4405572f3737953d0eb2e17f512076740d9d3a0821d3b116896031136d5645287fc9fe50880f7c31762d"}, {0xdd, 0x81, "a0135891a249e95f7811055c6de1a60ba64e980b618ac57d7e68a45c06ddcbd37740eb89dbde0b05c9cfc02bec819828ce9f06575b5c5d4e1d51d3c1c4001b941f654c70a4b9c990f7c23b02b04183d4cc80e8fb547a09c3339918547c06e6e565dcb0f5fea2e971d192e1e87d68b203ed102e47dc72f618e5fa11c28cdf05d085"}]}}]}, 0x678}, 0x1, 0x0, 0x0, 0x4000800}, 0x80880)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x34, 0x0, 0x500, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x10}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_usb_connect(0x5, 0x32d, &(0x7f0000000880)={{0x12, 0x1, 0x201, 0x8f, 0xf6, 0x2b, 0x20, 0x16ca, 0x1502, 0xd33a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x31b, 0x1, 0xaa, 0x2, 0x40, 0x1, [{{0x9, 0x4, 0xf8, 0x4, 0xc, 0xb, 0xad, 0x2c, 0x7, [@hid_hid={0x9, 0x21, 0x5, 0x1, 0x1, {0x22, 0x93c}}], [{{0x9, 0x5, 0xc, 0x0, 0x0, 0x2, 0x2, 0x7, [@generic={0xc1, 0x8, "0835798b14fe676ec2d95baa1bc806d870a27cd197449a1db629f30699aa87f9a38f22b97314fa8a06d404229b33f6c4baa33111e34f09d1f5f9507380d1959738bd1caf52e8df84369b39bf49c6f50702737a150a0a7351aeda864c7bd0a7546c5c6f469cfc85438aea504bacb2809e658eaba9f6facb0b46caaa540a157fb609e427df8be143dacefb7de69307f40bae02a67ac5cb6661d498367460b5950c74a141c79695cd00516d4c5c6ce0b3c74110618dc1ba9f5ea98d4a397c309d"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x81, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0xe7b71152e73f70af, 0x4, 0x48, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x100, 0x49, 0xb8}]}}, {{0x9, 0x5, 0xa, 0x14, 0x20, 0x2, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x6}, @generic={0x72, 0x3, "1b0ccc7248232090bf8c978dabf5f8b4385b6e56a47cb9b56e91c2d36673205cbd24530eed5feb4287f88b4c5f63140732a31d98652e350cc7328d12d7b90f87abf187a84e7629b22c5aee1bd8a679c0cb125c3d55f41476cdc37a23dff92d0fe847c66052523f5c8ffdfe4c3766400f"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x3ff, 0xfa, 0xe1, 0x1}}, {{0x9, 0x5, 0xd, 0x13, 0x40, 0x9, 0x2, 0x6}}, {{0x9, 0x5, 0x4, 0x3, 0x20, 0x10, 0x10, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x8000}]}}, {{0x9, 0x5, 0x3, 0x1, 0x10, 0x0, 0x2, 0x10, [@generic={0x4c, 0x22, "9a1cd38bfefc6ecf545e5324742e151e358606d65df11d9c136356cedb0890ee0efcfa0d86d76637182acdd7135d20d2671eaa8196e4ccb35ffa2cc21c40873346617e42cea00e41b380"}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0x1, 0x8, 0x5}}, {{0x9, 0x5, 0x9, 0x10, 0x40, 0x9, 0xc, 0xc7, [@generic={0xf2, 0x30, "c39008d344734bbb6664ef2208cef23dde9f48e374fced950b5dd3b7a146126fc34558819e31b7eec58c084b05a2720bee4209086c5c69cacc65f217259e0a9c5a6db4a5083a6f0c0c28b0864dc1ef2667ee4963e09dfc36b1564660d84511182d0ceafd551a0e7b917476a2f7ebdcf19617a78be66dec0d47053ae779ff273b6c523d51504eaa98cbea3ffe299704c46684cab859caab1a21dff439a2b760ee1b4c730511129eeb8b34665a1c4a93457d013bc070aaf21aafa58647ce6bc79e0b3f6018f3d3f90beec499c27a0eee6b7dceff0cd6204fab336195ea91d7b07204cda10236a82e7858e7a4ca8334778e"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x0, 0x5, 0x8, 0x2}}, {{0x9, 0x5, 0x2, 0x10, 0x0, 0x1, 0x1, 0x2}}, {{0x9, 0x5, 0x80, 0x0, 0x0, 0x8d, 0x7f, 0x2}}]}}]}}]}}, &(0x7f0000000ec0)={0xa, &(0x7f0000000bc0)={0xa, 0x6, 0x300, 0x8, 0x10, 0xd9, 0xef, 0x3}, 0x5, &(0x7f0000000c00)={0x5, 0xf, 0x5}, 0x4, [{0xc7, &(0x7f0000000c40)=@string={0xc7, 0x3, "5c25032274da6ab2b05608a26ddb1c3f324cdb5ef537b9276c62f94814da0f7e835e3b6ba38cc3b0dead5bc8d6316a1c5d0b33b6a096d900252d87c2f626e4efd1252b3631e026cb72ad5d98fa34c75ef7075c93ed21ce32639a92ed3593ddf7ac9c50fda94de8a68b7b95bcaffe31b5b450be1fbcf4510c8beb63c35d08b406cd0762c694ff5b6514ee9f743f5765b68f341380023e28eeccccae20330b77d5dce52834455b6f6602084edf8e479e6a7fc88fc22e3df6ab4bf5c6b83f02ac221af6a40144"}}, {0x84, &(0x7f0000000d40)=@string={0x84, 0x3, "88804dcf6de3493bf760ed47161f301ffefe502078b4a1d617b902d80b12e822428b957ba875e6b58bb34c7819d718d58720e9bea97705c9e29c34810bde2a67d58abef92f915fc1181a4712e5060d1d0baeaba84b294b5bfd61acb727df8e5bab5d29b1d64630daa59c44e89ddbdeeb97591df040e5add282d6ae8b72ca963dd512"}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x42a}}, {0x69, &(0x7f0000000e40)=@string={0x69, 0x3, "6237c5eaaee949de5f29e1465abd84259299e8644b47ff3ef8188b918aa061add6c2d8ee9bcdc19c1d40e8b7193b078896898c26243408fbceb6728eaa9500c6fa71544fb867125071a453cdd5fb112d946b9acbbaf6545a22083d7b12c61d0be26bd0a9501636"}}]})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000f40)={{0x1, 0x1, 0x18, <r2=>r0, {0xee01, 0xee01}}, './file0\x00'})
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000fc0), r0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f0000001240)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001200)={&(0x7f0000001000)={0x1fc, r3, 0x800, 0x70bd25, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xc}, {0x8, 0x13, 0x216a9744}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9cf}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0x6}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xffffff7f}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x7fd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x46d5cc73}, {0x6, 0x11, 0xe22}, {0x8, 0x13, 0x8}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfe91}, {0x6, 0x11, 0x99e}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x93f}, {0x6, 0x11, 0xda0}, {0x8, 0x13, 0x8}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x7f}, {0x8, 0x13, 0x3}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0x80000001}, {0x5, 0x14, 0x1}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x8000}, 0x10)

4.566659778s ago: executing program 3 (id=9124):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder1\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

4.363161829s ago: executing program 3 (id=9125):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x15c, 0x65, 0x800, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x120, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x108, 0x1, [@m_ct={0x104, 0xb, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_LABELS={0x14, 0x7, "ffe7377efb339bc59f350c7b025a3b71"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x9}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @private=0xa010101}, @TCA_CT_ACTION={0x6, 0x3, 0x1}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x101, 0x10000000, 0x1, 0x2}}, @TCA_CT_LABELS={0x14, 0x7, "075abac8315d88d707c2ed5fc953392e"}]}, {0x7a, 0x6, "a9b0373813e0f2da6e8f5cd5c2f0e993b814de8645c7545f5f50c5380480ed4ef5013ca2d00164d47399225c275c36df8b272a85bb6c9c930de5c21cfcfeb39c9de06bd96859ae3e19a20d72ffe99adec2667fa15f5dc9985c817c830838de22cb50db69cea06d79bdd4b0a20ecfe8241339adc4ecab"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

4.210561958s ago: executing program 3 (id=9126):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xfb)
close(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}}) (fail_nth: 1)

3.37143787s ago: executing program 3 (id=9127):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000180)=@generic={0x4, 0x2, 0x0, "0200"})
r1 = creat(&(0x7f0000000100)='./file0\x00', 0xfb)
close(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}})

3.362443247s ago: executing program 2 (id=9128):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0xe3c, 0xe, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xe28, 0x3, 0x0, 0x1, [{0x16c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPRESSIONS={0x20, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}, {0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x9}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_KEY={0x124, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "3fd018377e492272a325d06b1472b0e4ba195b0a5272d03bff27f5f33ebc98d98dec44a060b898f22217d916296ede20e57c22e089c1084af756dc72031a642fe3031c9aee6093b4310a2ec93275dd3521bfee0218e6de83a43874d7873e175d4902291763aad1cba1a88eb354d57969294cece23d066e39a33dcbbcf09eea0f1bc3de2b2c14c1394374dd1e1591d4d635caf8c5608bda096a"}, @NFTA_DATA_VALUE={0x3d, 0x1, "a231a0a6ea93cd1d1a8953ead296138055fc710b03ea4fbde2f5b01c3adef612f5aa063141de13dfa490d6241b263415904738294319ddfe69"}, @NFTA_DATA_VALUE={0x19, 0x1, "6c7c1dde624f6bc568029285f962a27d68349ae520"}, @NFTA_DATA_VALUE={0x21, 0x1, "8f65cd7d54cc7eaaa55a4760bf5852c6e108ff61c68e36d19873f80f51"}]}]}, {0x45c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x21, 0x6, 0x1, 0x0, "96499f60af1f9ab32c7654bd5eb7ee46b84f511fa91815e73b3b30622f"}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x4d}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x3}]}}}]}, @NFTA_SET_ELEM_USERDATA={0x39, 0x6, 0x1, 0x0, "947069b1c2038853f61b13733921f4a8d67b922cf213c020ecb5bb390a2f506cff1568217f5a778a757a9dfe530dc5b53c80476160"}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x3b8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0x15, 0x1, "f07b67a3a741da7d7db1e5ea6c19428bcc"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x686426a9a5aa1a0a}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xd7, 0x1, "db49a30a69fb78b4c207663d5a841e4490148c34d12149b5269f2c0d4482515a0671cbb60554343c0b16fc5fb8d69e3a1254889a04c9b4338b81b93fac13dc892e85a43f982d40e42db74db5645a6d93289e1ea6b0788292b542baef22472d32a90da262160496deab6b7c5d120dfbc7436570425e62102b35cbf218fb4497e2dbc180d7510742ac12c63d5f6b8abb270e4be231b63c793ac7e81aad261a249b830b964bc3efe47380dbfb852a362786fa0c9cffca5024e5e8c1e2a19777bba4850d38bee73a660a266dee9e5c6476c85424d1"}, @NFTA_DATA_VALUE={0xc6, 0x1, "4676ccd78ed692e7e329ae63c1ec8e93ac5703b33af699c310f00d9b6dda1d56c3022f97a1d714c09997a36729412363e019a4ac708c3c0d844341095d8fff4b0ba6c6ec791fd1710769499388108f6d75f04cb65d97389642a22de6e325c75eddeb3bb37d6ad78e70660da3e5b4c617c30b504e9a340bd02d9c2de711ef205477d3153bcf5d95dbbd0e8757727c0ae5ab5dce635b6922db8089358e081856fe972038971d3c4c33437bd963ddbc87b5ab458f164e515c981742c738b191c186f0a4"}, @NFTA_DATA_VALUE={0xa1, 0x1, "98b0e37d50126504b58c61ef9ae45102e3937267f6122421fd6a96e25ec918113de94ebb427bfae2a79464a31cb22b97fdb4258ae2a8e5a4ea9f8346d0900adff07acb10e83599869afbddf2bde5b728a32e431960d2dafc9cb034274059309198621ea1b10b2ad43f53b726969d13553db82c73e5aaece1df23ccb0919aa1af5aa0b58db5100e154fb0a31cbf8593ebcf4516e19685581f0b9bdd83a3"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xad, 0x1, "5b0f6e0f547438052860c6b227bab52e9a5914eda967f1dfa9a027a2a912b8a150b4b67093a6378f89c345236dfbf6d80e36574fa0bcdd7fa2181147096eeaf2a3f2d780e13d56daf57995bf79d4a508b5213492f63a434829650f055520f4d7d48e2144f2f365fa980946a17ea17f0f7892a9a12f88549c4b5ee77847edfba2d9fc86f773ac6e4fbb6837f46e2303562a3f6ededbed10a6b6454baf1db433c015018d40f04d73661d"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xaba}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x5}]}, {0x658, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x204, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x3f, 0x1, "874379e5bf72cd4eda8b60795785e1273f7aafa668bc9a3306036f2931b023bed5d41d66624c33ced687da31ed736b454ce1dd9dd7789f6d201ef2"}, @NFTA_DATA_VALUE={0xeb, 0x1, "4b7b9398b54163b76012bdce81a2a8ba2b85f412b18568ba309517995e6effe7ed4db235d31d72af8ba3005837aa56790de6bf06c9806457df280b15bf398cd7fea8ae7e6a3eece499ea374ce9e1d812b70f5005c29abba570f5b1b2ee57333db1fdc47b29f403b06044399fd9172cb4dedde4aa61b87908e69c238c7d11f12b581e0fb573a7004c29bde4137db8f794978a7c749ef4240658b0b4d34094afb0e6df43d4e1e6ce143ab102ab4017a84526c64ca3b7df1ff6bd817d74a1da79e725f6b3a80039aed53b63b0027a038257d383c4afed985ec2c0fafff180be19fc5f66cf0beadd4c"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0x3c, 0x1, "6acf18c86f270d7f25bf673fbe71c457c766fe4088b423343cf2a23a4972e69f80d94dd9fcdfaf03417332b7eee1c6fda54f9d9bdcf573bf"}, @NFTA_DATA_VALUE={0x21, 0x1, "e683929fb396c1a5ec7a843aed00607741e56b3be2471a0769543e0cea"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}, @NFTA_SET_ELEM_KEY={0x1f4, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xf5, 0x1, "36af71d556a3dda972deae33b296bfa63d4fb442710805d947831fa79548b49450921a8a5e6294f62360107b03919637fd2a3d0638235e6012dfb9fe40c1803e914160f83c13f62f921ff40834bf9f6e0ea77a0bf85ecbd6277139d7e10a100f099d95a6b57608b37ec7704bf54f2351d08e6680331dc4413ac0f36687da0294767aebd228e64affc65490268e223f6672f57329c74d266b775fb466d85325f937607a77197d6343ecd42677dbce615b6bc38463428e5bb0b35b04cb470cf702725ab8c6a57d4dba8043ef7b6bf445913b7794865a776dca29bd5fbf01df52d4cfba53fc9cd1295059f0582b99e76d872f"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0xa4, 0x1, "d4b2557c79bc2eb0d23d40e7f899c4c2e23301c31954c256f14d909bd6b629921175c64ebcfed4ddb365e845c4a0204d409a2fc8203d5c029844f825fe9bb784f4376e6232a242c3a2964c15238c20b8c42da34d868582a168243df7ff126eed62104b4e897e24e4bacaf12d4b66f42c83e9a2caf66042aa471af8f2ca3d3fcc842ab84f01184a4c8a8209912bf68da9cec4e69007de558f403c594431e47b25"}]}, @NFTA_SET_ELEM_KEY_END={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_KEY={0x234, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0x15, 0x1, "ae9f110b8ed1526a7b55e080ea8e146d34"}, @NFTA_DATA_VALUE={0x76, 0x1, "e0d723aeb6e22bd05e03eb333c7e5928f10f1854d2f9dccbe91868907531a93e75d4a884c657e619ea2d2c7c5855d2d2caf9e1cdc2434b763ad745b45003332c47f16e444995d8c5c30c86f5f94d891f256dee1e0b243ff4d5e2e45c71cf768cf7a68c1c22fbc8fff7c9059930cc80cadbba"}, @NFTA_DATA_VALUE={0xb9, 0x1, "05ef248b17c7e299a5373327923263f697cfebbc97259fefb329bc0373d82d0365f4b2d9fffdd850fc9001a64804b017797adca1d1a7b0cdbe9fcdd366b68010569ee8257d5841626923a444f7390c4cbe8c3f0c543b65dc80c71801d2159997ff062307026194ebcfdb139706d24411fc9f7543d7358b2cd1b810daf7b5187ae71d039043ac2341fb5ecea40f585cb0a4cd7cd8b7d7fec6cc5845eed77341ebd13e56c003f7d255c4c33968adc2510765d086f0bf"}, @NFTA_DATA_VALUE={0xcd, 0x1, "2758e9d2a3f3d35b9b47a5e99cc301ac70700050e38a10202f032743f6c29ba39f7048c78e25532c7b7a711e48658a2ea855539fb31370bfb70e0548f675ffdf94c2d07b557443c1c8e19fbd0ac2b34539f84e0cb8c808784d6eb82f29400dea512443d9bde58ce99174d905d8f8ed5d23c018c7332d14ef3602951c48228f9d5eccf9e786dbac7ee39549471ad3c359f31e7baeb3a3256ea71ec1659f6023b7b3e59c1c980c16bd3138f630cdad137ef5fe988239c9fc8349aca8aee4c2a550d6d2566fca4ba08e8d"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x9b}]}, {0x11c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xb8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb3, 0x1, "4aafc2ca6b9078b862b2fad3089af5e9df0856da76ad300518dd368747e3221b4d3cf8f688cf5b0fc2723ae0d6f8fadd31c425c5179d856986521619a5a9d9872a06708a6f75071a1a705186cb41a6ca7a5990abd4a2632e60b95d2785203cb81ca3e5f0614d7b1c9ef9c5367adcbba881f19b169ab469b6ec8f7589856f89e4fd7d597b809bff209885578029ea07e643da86371a94fe73c616f98163b5edaa178985bfad8e8dc3d53eb19826ccf1"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xb9}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x28, 0x7, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MAX={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_NAT_FLAGS={0x8, 0x7, 0x1, 0x0, 0x5}]}}}, @NFTA_SET_ELEM_EXPR={0x10, 0x7, 0x0, 0x1, @meta={{0x9}, @void}}]}, {0xd8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x14, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x2c, 0xb, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x13}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x14, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}]}, @NFTA_SET_ELEM_USERDATA={0x1d, 0x6, 0x1, 0x0, "798d860d3f0d632621bce4aafc6b211e204c7fae7cdc8de3bc"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x400}, @NFTA_SET_ELEM_KEY_END={0x54, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xec4}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
read$hidraw(r1, &(0x7f0000002340)=""/147, 0x93)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='\x00')

3.045980806s ago: executing program 7 (id=9132):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x36, 0x36}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000380)={{}, [@remote, @bcast, @remote, @remote, @null, @bcast, @null, @bcast]}, &(0x7f0000000140)=0x48, 0x80000)
bind$netrom(r4, &(0x7f0000000480)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x48d5}, 0x8010)
syz_open_dev$ttys(0xc, 0x2, 0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000003100)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
lseek(r5, 0x1000000, 0x0)

2.970848939s ago: executing program 6 (id=9133):
r0 = syz_io_uring_setup(0x495, &(0x7f0000000540)={0x0, 0xe140, 0x0, 0x0, 0x28b}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x20031, 0xffffffffffffffff, 0x0)
r3 = socket(0x27, 0x6, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040), 0x10)
listen(r3, 0x0) (async, rerun: 32)
r4 = socket(0x28, 0x5, 0x0) (rerun: 32)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r4, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x4000890)
r5 = accept4$unix(r3, 0x0, 0x0, 0x0)
recvfrom$unix(r5, &(0x7f0000000880)=""/270, 0x64, 0x2, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$KDGKBDIACR(r6, 0x4b4a, &(0x7f0000002f80)=""/61) (async)
io_uring_enter(r0, 0x3516, 0x100000, 0x0, 0x0, 0x0)

1.738288572s ago: executing program 7 (id=9134):
creat(&(0x7f0000000100)='./file0\x00', 0xfb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) (fail_nth: 1)

1.681696037s ago: executing program 1 (id=9135):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder1\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000440)="e88e4e4ad4e696"})

1.680847956s ago: executing program 6 (id=9136):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x150, 0x65, 0x800, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x114, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0x108, 0x1, [@m_ct={0x104, 0xb, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_LABELS={0x14, 0x7, "ffe7377efb339bc59f350c7b025a3b71"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x9}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @private=0xa010101}, @TCA_CT_ACTION={0x6, 0x3, 0x1}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x101, 0x10000000, 0x1, 0x2}}, @TCA_CT_LABELS={0x14, 0x7, "075abac8315d88d707c2ed5fc953392e"}]}, {0x7a, 0x6, "a9b0373813e0f2da6e8f5cd5c2f0e993b814de8645c7545f5f50c5380480ed4ef5013ca2d00164d47399225c275c36df8b272a85bb6c9c930de5c21cfcfeb39c9de06bd96859ae3e19a20d72ffe99adec2667fa15f5dc9985c817c830838de22cb50db69cea06d79bdd4b0a20ecfe8241339adc4ecab"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x150}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1.152241504s ago: executing program 1 (id=9137):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x109280, 0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil)
write$binfmt_script(r1, &(0x7f0000000cc0), 0xfd45)
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000380)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r3, 0x0, r2})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000140)={r3, 0x0, r0, 0x8, 0x80000})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x690, 0x40, 0x80, 0x320, 0x9, 0x8, 0x20, 0x2, {0xdb, 0x1}, {0x8, 0xb954}, {0x6, 0xffffffff}, {0xdc, 0x5}, 0x2, 0x19be63786f8403e1, 0x5, 0x0, 0x0, 0x1, 0x6, 0x4, 0x3, 0x800, 0xcdf, 0x4, 0x5c, 0x200, 0x3, 0x7})

1.095949092s ago: executing program 7 (id=9138):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000000100)={@remote}, 0x14)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', <r2=>0x0})
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x2000, {0x0, 0x0, 0x74, r2, {0xfffd, 0xfff0}, {0xffe0, 0xfff1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x30004804}, 0x200088c0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
close(r3)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r4, 0x2)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000280)={0x0, @local, @multicast2}, &(0x7f00000000c0)=0xc)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, 0x0, 0x4000000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, 0x0)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0xc000)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090)
socket$inet6(0x10, 0x3, 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=0xfffffffffffffcca, 0x400)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendto$inet6(r6, &(0x7f0000000080)="d4b586b308e00a379e782c400b69be4483fcece535551c4596c0a1574c47b3810652cce11484", 0x26, 0x20044850, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="3401000010000100"/20, @ANYRES32=r8, @ANYBLOB="000000000000000014011a80400002803c000180080021000000000008001800000000000800030000000000080009000000000008000c0000000000080012000000000008001f00000000006c000a8014000700fc010000000000000000000000000000000000000000000000000000000800000000000500080000000000050008000000000014000700fc020000000000000000000000000000050008000000000004000700e7fe1c002c000a80000008000100000014000700ff0100000000000000000000000000012800028024000180080000000000000008000000000000000800000000000000080000000000000085fe1c0004"], 0x134}}, 0x0)
close(0x4)

1.084189167s ago: executing program 6 (id=9139):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
openat$tun(0xffffffffffffff9c, 0x0, 0x90100, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$rose(0xffffffffffffffff, 0x0, 0x0, 0x20000040, 0x0, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 1)

726.625114ms ago: executing program 7 (id=9140):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
unshare(0x480) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1a00000004000000000000000100000000800000", @ANYRES32=0x1, @ANYRES64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000400"/20, @ANYRES32], 0x50) (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) (async)
openat$incfs(0xffffffffffffffff, 0x0, 0x400001, 0x6)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r5, 0x3b82, &(0x7f0000000000)={0x18, r6, 0x1, 0x0, &(0x7f00000004c0)=[{0x7ff, 0x107e}]}) (async)
ioctl$IOMMU_IOAS_MAP(r5, 0x3b85, &(0x7f00000001c0)={0x28, 0x4, r6, 0x0, &(0x7f0000000100)="e2", 0x1, 0xc}) (async)
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f00000000c0)={0xc, r6}) (async)
listen(r4, 0xa1) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="7800000000010104110000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000008653d20024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003555ef0af9e9673400000100e0c00"], 0x78}}, 0x0)

146.475775ms ago: executing program 7 (id=9141):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r0 = fanotify_init(0x8, 0x1000)
fanotify_mark(r0, 0x5, 0x1018, 0xffffffffffffff9c, 0x0)

93.793063ms ago: executing program 2 (id=9142):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x130, 0x65, 0x800, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0xf4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xdc, 0x1, [@m_ct={0xd8, 0xb, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_LABELS={0x14, 0x7, "ffe7377efb339bc59f350c7b025a3b71"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x9}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @private=0xa010101}, @TCA_CT_ACTION={0x6, 0x3, 0x1}, @TCA_CT_PARMS={0x18, 0x1, {0xf, 0x101, 0x10000000, 0x1, 0x2}}, @TCA_CT_LABELS={0x14, 0x7, "075abac8315d88d707c2ed5fc953392e"}]}, {0x4d, 0x6, "a9b0373813e0f2da6e8f5cd5c2f0e993b814de8645c7545f5f50c5380480ed4ef5013ca2d00164d47399225c275c36df8b272a85bb6c9c930de5c21cfcfeb39c9de06bd96859ae3e19"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x130}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

0s ago: executing program 7 (id=9143):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2$9p(&(0x7f0000002740), 0x80080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
syz_emit_ethernet(0x6e, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x3c, 0x0, 0x1, 0x0, 0x0, {0x37}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

robability 0, space 0, times 0
[ 1184.271387][T29783] CPU: 0 UID: 0 PID: 29783 Comm: syz.3.8673 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1184.271403][T29783] Tainted: [L]=SOFTLOCKUP
[ 1184.271407][T29783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1184.271414][T29783] Call Trace:
[ 1184.271419][T29783]  <TASK>
[ 1184.271424][T29783]  dump_stack_lvl+0xe8/0x150
[ 1184.271444][T29783]  should_fail_ex+0x46c/0x600
[ 1184.271462][T29783]  should_failslab+0xa8/0x100
[ 1184.271473][T29783]  __kmalloc_noprof+0xe0/0x7e0
[ 1184.271488][T29783]  ? kfree+0x4d/0x900
[ 1184.271502][T29783]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1184.271517][T29783]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1184.271529][T29783]  ? tomoyo_domain+0xd9/0x130
[ 1184.271542][T29783]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1184.271557][T29783]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1184.271573][T29783]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1184.271586][T29783]  ? __lock_acquire+0x6b6/0x2cf0
[ 1184.271602][T29783]  ? do_raw_spin_lock+0x121/0x290
[ 1184.271630][T29783]  ? __fget_files+0x2a/0x420
[ 1184.271643][T29783]  ? __fget_files+0x2a/0x420
[ 1184.271653][T29783]  ? __fget_files+0x3a6/0x420
[ 1184.271663][T29783]  ? __fget_files+0x2a/0x420
[ 1184.271675][T29783]  security_file_ioctl+0xcb/0x2d0
[ 1184.271691][T29783]  __se_sys_ioctl+0x47/0x170
[ 1184.271707][T29783]  do_syscall_64+0xec/0xf80
[ 1184.271719][T29783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.271729][T29783]  ? trace_irq_disable+0x37/0x100
[ 1184.271749][T29783]  ? clear_bhb_loop+0x60/0xb0
[ 1184.271762][T29783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.271772][T29783] RIP: 0033:0x7f09a592f749
[ 1184.271783][T29783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1184.271792][T29783] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1184.271805][T29783] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1184.271813][T29783] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1184.271820][T29783] RBP: 00007f09a3b96090 R08: 0000000000000000 R09: 0000000000000000
[ 1184.271827][T29783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1184.271833][T29783] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1184.271850][T29783]  </TASK>
[ 1184.271855][T29783] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1184.280950][   T10] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1184.430484][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1184.430541][   T10] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1184.430566][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.441821][   T10] usb 7-1: config 0 descriptor??
[ 1184.446816][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[ 1185.671846][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1185.673266][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[ 1185.674523][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1185.675409][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[ 1185.676285][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[ 1185.677172][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[ 1185.677995][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[ 1185.678786][   T10] pwc: recv_control_msg error -32 req 02 val 2100
[ 1185.679492][   T10] pwc: recv_control_msg error -32 req 04 val 1500
[ 1187.050871][   T10] pwc: recv_control_msg error -71 req 02 val 2400
[ 1187.051367][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[ 1187.052171][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[ 1187.052650][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[ 1187.053413][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[ 1187.054826][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[ 1187.095199][   T10] pwc: Registered as video103.
[ 1187.115593][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input33
[ 1187.155768][   T10] usb 7-1: USB disconnect, device number 27
[ 1189.239231][T29825] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8691'.
[ 1189.378722][   T10] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1189.523161][T23102] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1189.528665][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1189.530617][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1189.551605][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1189.551637][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.551659][   T10] usb 2-1: Product: syz
[ 1189.551675][   T10] usb 2-1: Manufacturer: syz
[ 1189.551691][   T10] usb 2-1: SerialNumber: syz
[ 1189.580278][   T10] usb 2-1: config 0 descriptor??
[ 1189.604901][   T10] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1189.604936][   T10] em28xx 2-1:0.0: DVB interface 0 found: bulk
[ 1189.668685][T23102] usb 8-1: Using ep0 maxpacket: 32
[ 1189.680678][T23102] usb 8-1: config 170 has an invalid interface number: 248 but max is 0
[ 1189.680755][T23102] usb 8-1: config 170 has no interface number 0
[ 1189.680807][T23102] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1189.680830][T23102] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1189.680855][T23102] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1189.680932][T23102] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1189.680962][T23102] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1189.680985][T23102] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1189.681010][T23102] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1189.681084][T23102] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1189.681107][T23102] usb 8-1: config 170 interface 248 has no altsetting 0
[ 1189.689278][T23102] usb 8-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1189.689356][T23102] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.689377][T23102] usb 8-1: Product: Ъ
[ 1189.689392][T23102] usb 8-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1189.689418][T23102] usb 8-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1189.908015][T29843] FAULT_INJECTION: forcing a failure.
[ 1189.908015][T29843] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.908053][T29843] CPU: 1 UID: 0 PID: 29843 Comm: syz.3.8698 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1189.908081][T29843] Tainted: [L]=SOFTLOCKUP
[ 1189.908089][T29843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1189.908101][T29843] Call Trace:
[ 1189.908109][T29843]  <TASK>
[ 1189.908117][T29843]  dump_stack_lvl+0xe8/0x150
[ 1189.908147][T29843]  should_fail_ex+0x46c/0x600
[ 1189.908178][T29843]  _copy_from_user+0x2d/0xb0
[ 1189.908198][T29843]  ___sys_sendmsg+0x158/0x2a0
[ 1189.908225][T29843]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1189.908289][T29843]  ? __fget_files+0x2a/0x420
[ 1189.908309][T29843]  ? __fget_files+0x3a6/0x420
[ 1189.908338][T29843]  __x64_sys_sendmsg+0x1a1/0x260
[ 1189.908365][T29843]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1189.908397][T29843]  ? __pfx_ksys_write+0x10/0x10
[ 1189.908442][T29843]  do_syscall_64+0xec/0xf80
[ 1189.908462][T29843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.908480][T29843]  ? trace_irq_disable+0x37/0x100
[ 1189.908500][T29843]  ? clear_bhb_loop+0x60/0xb0
[ 1189.908526][T29843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.908541][T29843] RIP: 0033:0x7f09a592f749
[ 1189.908559][T29843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1189.908575][T29843] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1189.908596][T29843] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1189.908609][T29843] RDX: 0000000000044000 RSI: 0000200000001640 RDI: 0000000000000004
[ 1189.908621][T29843] RBP: 00007f09a3b96090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.908633][T29843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.908644][T29843] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1189.908674][T29843]  </TASK>
[ 1190.348902][    T9] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1190.498754][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1190.536681][   T10] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 1190.552881][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1190.599192][    T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1190.599285][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.599308][    T9] usb 7-1: Product: syz
[ 1190.599324][    T9] usb 7-1: Manufacturer: syz
[ 1190.599340][    T9] usb 7-1: SerialNumber: syz
[ 1190.810437][T23102] usb 8-1: USB disconnect, device number 9
[ 1192.550655][   T10] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1192.550731][   T10] em28xx 2-1:0.0: board has no eeprom
[ 1192.623166][   T10] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1192.623199][   T10] em28xx 2-1:0.0: dvb set to bulk mode.
[ 1192.694279][T23102] em28xx 2-1:0.0: Binding DVB extension
[ 1192.852669][   T10] usb 2-1: USB disconnect, device number 24
[ 1192.865724][   T10] em28xx 2-1:0.0: Disconnecting em28xx
[ 1192.980957][    T9] cdc_ncm 7-1:1.0: failed to get mac address
[ 1193.008882][    T9] cdc_ncm 7-1:1.0: bind() failure
[ 1193.020256][T23102] em28xx 2-1:0.0: Registering input extension
[ 1193.039540][   T10] em28xx 2-1:0.0: Closing input extension
[ 1193.047788][    T9] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1193.048893][    T9] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1193.051009][    T9] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[ 1193.084974][    T9] usb 7-1: USB disconnect, device number 28
[ 1193.091208][   T10] em28xx 2-1:0.0: Freeing device
[ 1193.182880][T29882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1193.183305][T29882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1193.370721][T29893] FAULT_INJECTION: forcing a failure.
[ 1193.370721][T29893] name failslab, interval 1, probability 0, space 0, times 0
[ 1193.370759][T29893] CPU: 0 UID: 0 PID: 29893 Comm: syz.3.8713 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1193.370787][T29893] Tainted: [L]=SOFTLOCKUP
[ 1193.370794][T29893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1193.370806][T29893] Call Trace:
[ 1193.370815][T29893]  <TASK>
[ 1193.370823][T29893]  dump_stack_lvl+0xe8/0x150
[ 1193.370854][T29893]  should_fail_ex+0x46c/0x600
[ 1193.370885][T29893]  should_failslab+0xa8/0x100
[ 1193.370906][T29893]  __kmalloc_noprof+0xe0/0x7e0
[ 1193.370931][T29893]  ? kfree+0x4d/0x900
[ 1193.370951][T29893]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1193.370978][T29893]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1193.371008][T29893]  ? tomoyo_domain+0xd9/0x130
[ 1193.371032][T29893]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1193.371057][T29893]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1193.371086][T29893]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1193.371110][T29893]  ? __lock_acquire+0x6b6/0x2cf0
[ 1193.371137][T29893]  ? do_raw_spin_lock+0x121/0x290
[ 1193.371191][T29893]  ? __fget_files+0x2a/0x420
[ 1193.371215][T29893]  ? __fget_files+0x2a/0x420
[ 1193.371234][T29893]  ? __fget_files+0x3a6/0x420
[ 1193.371252][T29893]  ? __fget_files+0x2a/0x420
[ 1193.371276][T29893]  security_file_ioctl+0xcb/0x2d0
[ 1193.371305][T29893]  __se_sys_ioctl+0x47/0x170
[ 1193.371333][T29893]  do_syscall_64+0xec/0xf80
[ 1193.371353][T29893]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.371371][T29893]  ? trace_irq_disable+0x37/0x100
[ 1193.371391][T29893]  ? clear_bhb_loop+0x60/0xb0
[ 1193.371414][T29893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.371433][T29893] RIP: 0033:0x7f09a592f749
[ 1193.371450][T29893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1193.371468][T29893] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1193.371490][T29893] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1193.371505][T29893] RDX: 0000200000001040 RSI: 00000000000089f1 RDI: 0000000000000003
[ 1193.371518][T29893] RBP: 00007f09a3b96090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.371531][T29893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1193.371544][T29893] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1193.371575][T29893]  </TASK>
[ 1193.371584][T29893] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1193.448740][   T10] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1193.598688][   T10] usb 2-1: Using ep0 maxpacket: 8
[ 1193.601432][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1193.602731][   T10] usb 2-1: config 8 has an invalid interface number: 24 but max is 0
[ 1193.602757][   T10] usb 2-1: config 8 has no interface number 0
[ 1193.602805][   T10] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 1024
[ 1193.602834][   T10] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 255, changing to 11
[ 1193.602863][   T10] usb 2-1: config 8 interface 24 has no altsetting 0
[ 1193.605510][   T10] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[ 1193.605538][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.605560][   T10] usb 2-1: Product: syz
[ 1193.605623][   T10] usb 2-1: Manufacturer: syz
[ 1193.605639][   T10] usb 2-1: SerialNumber: syz
[ 1193.623478][T29881] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1193.849541][T29904] FAULT_INJECTION: forcing a failure.
[ 1193.849541][T29904] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1193.849578][T29904] CPU: 0 UID: 0 PID: 29904 Comm: syz.6.8717 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1193.849607][T29904] Tainted: [L]=SOFTLOCKUP
[ 1193.849615][T29904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1193.849627][T29904] Call Trace:
[ 1193.849635][T29904]  <TASK>
[ 1193.849644][T29904]  dump_stack_lvl+0xe8/0x150
[ 1193.849674][T29904]  should_fail_ex+0x46c/0x600
[ 1193.849704][T29904]  _copy_from_user+0x2d/0xb0
[ 1193.849725][T29904]  ___sys_sendmsg+0x158/0x2a0
[ 1193.849752][T29904]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1193.849812][T29904]  ? __fget_files+0x2a/0x420
[ 1193.849831][T29904]  ? __fget_files+0x3a6/0x420
[ 1193.849861][T29904]  __x64_sys_sendmsg+0x1a1/0x260
[ 1193.849887][T29904]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1193.849920][T29904]  ? __pfx_ksys_write+0x10/0x10
[ 1193.849961][T29904]  do_syscall_64+0xec/0xf80
[ 1193.849982][T29904]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.850000][T29904]  ? trace_irq_disable+0x37/0x100
[ 1193.850028][T29904]  ? clear_bhb_loop+0x60/0xb0
[ 1193.850050][T29904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.850069][T29904] RIP: 0033:0x7f25fd09f749
[ 1193.850087][T29904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1193.850104][T29904] RSP: 002b:00007f25fb2fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1193.850125][T29904] RAX: ffffffffffffffda RBX: 00007f25fd2f5fa0 RCX: 00007f25fd09f749
[ 1193.850140][T29904] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1193.850153][T29904] RBP: 00007f25fb2fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.850165][T29904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1193.850177][T29904] R13: 00007f25fd2f6038 R14: 00007f25fd2f5fa0 R15: 00007ffc527ea188
[ 1193.850208][T29904]  </TASK>
[ 1194.014470][   T10] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'.
[ 1194.036434][   T10] usb 2-1: USB disconnect, device number 25
[ 1195.273692][   T37] audit: type=1326 audit(1768477742.775:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.274540][   T37] audit: type=1326 audit(1768477742.775:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.275684][   T37] audit: type=1326 audit(1768477742.775:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.275837][   T37] audit: type=1326 audit(1768477742.775:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.275978][   T37] audit: type=1326 audit(1768477742.775:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.276355][   T37] audit: type=1326 audit(1768477742.775:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.276784][   T37] audit: type=1326 audit(1768477742.775:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.277121][   T37] audit: type=1326 audit(1768477742.775:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.277847][   T37] audit: type=1326 audit(1768477742.775:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.278300][   T37] audit: type=1326 audit(1768477742.775:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29924 comm="syz.2.8709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1a3def749 code=0x7ffc0000
[ 1195.841793][T29933] comedi comedi3: comedi_config --init_data is deprecated
[ 1196.304108][T29937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8728'.
[ 1199.152296][T29959] FAULT_INJECTION: forcing a failure.
[ 1199.152296][T29959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1199.152332][T29959] CPU: 1 UID: 0 PID: 29959 Comm: syz.3.8737 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1199.152360][T29959] Tainted: [L]=SOFTLOCKUP
[ 1199.152368][T29959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1199.152378][T29959] Call Trace:
[ 1199.152386][T29959]  <TASK>
[ 1199.152403][T29959]  dump_stack_lvl+0xe8/0x150
[ 1199.152432][T29959]  should_fail_ex+0x46c/0x600
[ 1199.152460][T29959]  _copy_from_user+0x2d/0xb0
[ 1199.152480][T29959]  ___sys_sendmsg+0x158/0x2a0
[ 1199.152506][T29959]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1199.152553][T29959]  ? __fget_files+0x2a/0x420
[ 1199.152572][T29959]  ? __fget_files+0x3a6/0x420
[ 1199.152598][T29959]  __x64_sys_sendmsg+0x1a1/0x260
[ 1199.152623][T29959]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1199.152655][T29959]  ? __pfx_ksys_write+0x10/0x10
[ 1199.152690][T29959]  do_syscall_64+0xec/0xf80
[ 1199.152710][T29959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.152727][T29959]  ? trace_irq_disable+0x37/0x100
[ 1199.152746][T29959]  ? clear_bhb_loop+0x60/0xb0
[ 1199.152766][T29959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.152785][T29959] RIP: 0033:0x7f09a592f749
[ 1199.152803][T29959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1199.152820][T29959] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1199.152841][T29959] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1199.152856][T29959] RDX: 0000000000008800 RSI: 0000200000003740 RDI: 0000000000000003
[ 1199.152869][T29959] RBP: 00007f09a3b96090 R08: 0000000000000000 R09: 0000000000000000
[ 1199.152881][T29959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1199.152893][T29959] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1199.152922][T29959]  </TASK>
[ 1201.309854][T29976] FAULT_INJECTION: forcing a failure.
[ 1201.309854][T29976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1201.309891][T29976] CPU: 0 UID: 0 PID: 29976 Comm: syz.6.8743 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1201.309919][T29976] Tainted: [L]=SOFTLOCKUP
[ 1201.309927][T29976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1201.309939][T29976] Call Trace:
[ 1201.309948][T29976]  <TASK>
[ 1201.309957][T29976]  dump_stack_lvl+0xe8/0x150
[ 1201.309995][T29976]  should_fail_ex+0x46c/0x600
[ 1201.310026][T29976]  _copy_from_user+0x2d/0xb0
[ 1201.310047][T29976]  io_query+0x10f/0x630
[ 1201.310072][T29976]  ? __pfx_io_query+0x10/0x10
[ 1201.310101][T29976]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1201.310123][T29976]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1201.310148][T29976]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1201.310176][T29976]  __se_sys_io_uring_register+0x141/0x1200
[ 1201.310208][T29976]  ? fput+0xa0/0xd0
[ 1201.310229][T29976]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[ 1201.310255][T29976]  ? ksys_write+0x230/0x260
[ 1201.310282][T29976]  ? __pfx_ksys_write+0x10/0x10
[ 1201.310317][T29976]  do_syscall_64+0xec/0xf80
[ 1201.310337][T29976]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1201.310355][T29976]  ? trace_irq_disable+0x37/0x100
[ 1201.310375][T29976]  ? clear_bhb_loop+0x60/0xb0
[ 1201.310398][T29976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1201.310416][T29976] RIP: 0033:0x7f25fd09f749
[ 1201.310434][T29976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1201.310451][T29976] RSP: 002b:00007f25fb2fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[ 1201.310473][T29976] RAX: ffffffffffffffda RBX: 00007f25fd2f5fa0 RCX: 00007f25fd09f749
[ 1201.310488][T29976] RDX: 0000200000000000 RSI: 0000000000000023 RDI: ffffffffffffffff
[ 1201.310503][T29976] RBP: 00007f25fb2fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1201.310516][T29976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1201.310529][T29976] R13: 00007f25fd2f6038 R14: 00007f25fd2f5fa0 R15: 00007ffc527ea188
[ 1201.310559][T29976]  </TASK>
[ 1201.703631][T29983] FAULT_INJECTION: forcing a failure.
[ 1201.703631][T29983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1201.703686][T29983] CPU: 0 UID: 0 PID: 29983 Comm: syz.6.8747 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1201.703714][T29983] Tainted: [L]=SOFTLOCKUP
[ 1201.703722][T29983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1201.703735][T29983] Call Trace:
[ 1201.703743][T29983]  <TASK>
[ 1201.703752][T29983]  dump_stack_lvl+0xe8/0x150
[ 1201.703783][T29983]  should_fail_ex+0x46c/0x600
[ 1201.703814][T29983]  _copy_from_user+0x2d/0xb0
[ 1201.703860][T29983]  ___sys_recvmsg+0x12e/0x510
[ 1201.703916][T29983]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1201.703949][T29983]  ? __fget_files+0x2a/0x420
[ 1201.704033][T29983]  ? __fget_files+0x3a6/0x420
[ 1201.704066][T29983]  do_recvmmsg+0x30d/0x770
[ 1201.704099][T29983]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1201.704136][T29983]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1201.704190][T29983]  __x64_sys_recvmmsg+0x190/0x240
[ 1201.704265][T29983]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1201.704334][T29983]  do_syscall_64+0xec/0xf80
[ 1201.704387][T29983]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1201.704426][T29983]  ? trace_irq_disable+0x37/0x100
[ 1201.704479][T29983]  ? clear_bhb_loop+0x60/0xb0
[ 1201.704544][T29983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1201.704592][T29983] RIP: 0033:0x7f25fd09f749
[ 1201.704628][T29983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1201.704644][T29983] RSP: 002b:00007f25fb2fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1201.704665][T29983] RAX: ffffffffffffffda RBX: 00007f25fd2f5fa0 RCX: 00007f25fd09f749
[ 1201.704680][T29983] RDX: 0000000000000001 RSI: 0000200000004e40 RDI: 0000000000000003
[ 1201.704711][T29983] RBP: 00007f25fb2fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1201.704729][T29983] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 1201.704741][T29983] R13: 00007f25fd2f6038 R14: 00007f25fd2f5fa0 R15: 00007ffc527ea188
[ 1201.704772][T29983]  </TASK>
[ 1201.990088][T29986] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[ 1202.408719][    T9] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1202.494365][T29994] tc_dump_action: action bad kind
[ 1202.558759][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1202.564785][    T9] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1202.564823][    T9] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1202.564859][    T9] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1202.564885][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1202.582532][    T9] usb 7-1: config 0 descriptor??
[ 1203.006277][T30007] FAULT_INJECTION: forcing a failure.
[ 1203.006277][T30007] name failslab, interval 1, probability 0, space 0, times 0
[ 1203.006315][T30007] CPU: 1 UID: 0 PID: 30007 Comm: syz.1.8758 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1203.006343][T30007] Tainted: [L]=SOFTLOCKUP
[ 1203.006351][T30007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1203.006364][T30007] Call Trace:
[ 1203.006372][T30007]  <TASK>
[ 1203.006381][T30007]  dump_stack_lvl+0xe8/0x150
[ 1203.006412][T30007]  should_fail_ex+0x46c/0x600
[ 1203.006443][T30007]  should_failslab+0xa8/0x100
[ 1203.006463][T30007]  __kmalloc_cache_noprof+0x84/0x6d0
[ 1203.006488][T30007]  ? __lock_acquire+0x6b6/0x2cf0
[ 1203.006512][T30007]  ? alloc_pipe_info+0xe9/0x4d0
[ 1203.006541][T30007]  alloc_pipe_info+0xe9/0x4d0
[ 1203.006566][T30007]  splice_direct_to_actor+0xa6e/0xcd0
[ 1203.006592][T30007]  ? kstrtouint+0x6e/0xe0
[ 1203.006617][T30007]  ? get_pid_task+0x20/0x1f0
[ 1203.006649][T30007]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1203.006670][T30007]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1203.006699][T30007]  do_splice_direct+0x187/0x270
[ 1203.006721][T30007]  ? __pfx_do_splice_direct+0x10/0x10
[ 1203.006740][T30007]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1203.006776][T30007]  ? rw_verify_area+0x25b/0x4e0
[ 1203.006802][T30007]  do_sendfile+0x4ec/0x7f0
[ 1203.006819][T30007]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1203.006845][T30007]  ? __pfx_do_sendfile+0x10/0x10
[ 1203.006872][T30007]  __se_sys_sendfile64+0x13e/0x190
[ 1203.006892][T30007]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1203.006921][T30007]  do_syscall_64+0xec/0xf80
[ 1203.006941][T30007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.006959][T30007]  ? trace_irq_disable+0x37/0x100
[ 1203.006978][T30007]  ? clear_bhb_loop+0x60/0xb0
[ 1203.007001][T30007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.007019][T30007] RIP: 0033:0x7f0e9975f749
[ 1203.007037][T30007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1203.007054][T30007] RSP: 002b:00007f0e979be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1203.007076][T30007] RAX: ffffffffffffffda RBX: 00007f0e999b5fa0 RCX: 00007f0e9975f749
[ 1203.007091][T30007] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[ 1203.007102][T30007] RBP: 00007f0e979be090 R08: 0000000000000000 R09: 0000000000000000
[ 1203.007115][T30007] R10: 000080001d00c0d1 R11: 0000000000000246 R12: 0000000000000001
[ 1203.007127][T30007] R13: 00007f0e999b6038 R14: 00007f0e999b5fa0 R15: 00007ffde6ab9998
[ 1203.007157][T30007]  </TASK>
[ 1203.174844][    T9] nzxt-smart2 0003:1E71:2009.002A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0
[ 1203.581028][T30018] FAULT_INJECTION: forcing a failure.
[ 1203.581028][T30018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1203.581067][T30018] CPU: 1 UID: 0 PID: 30018 Comm: syz.2.8760 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1203.581095][T30018] Tainted: [L]=SOFTLOCKUP
[ 1203.581102][T30018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1203.581113][T30018] Call Trace:
[ 1203.581121][T30018]  <TASK>
[ 1203.581129][T30018]  dump_stack_lvl+0xe8/0x150
[ 1203.581159][T30018]  should_fail_ex+0x46c/0x600
[ 1203.581189][T30018]  _copy_from_user+0x2d/0xb0
[ 1203.581209][T30018]  ___sys_sendmsg+0x158/0x2a0
[ 1203.581236][T30018]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1203.581290][T30018]  ? __fget_files+0x2a/0x420
[ 1203.581309][T30018]  ? __fget_files+0x3a6/0x420
[ 1203.581334][T30018]  __x64_sys_sendmsg+0x1a1/0x260
[ 1203.581358][T30018]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1203.581389][T30018]  ? __pfx_ksys_write+0x10/0x10
[ 1203.581425][T30018]  do_syscall_64+0xec/0xf80
[ 1203.581445][T30018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.581463][T30018]  ? trace_irq_disable+0x37/0x100
[ 1203.581482][T30018]  ? clear_bhb_loop+0x60/0xb0
[ 1203.581505][T30018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.581523][T30018] RIP: 0033:0x7ff1a3def749
[ 1203.581541][T30018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1203.581557][T30018] RSP: 002b:00007ff1a204e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1203.581579][T30018] RAX: ffffffffffffffda RBX: 00007ff1a4045fa0 RCX: 00007ff1a3def749
[ 1203.581594][T30018] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[ 1203.581607][T30018] RBP: 00007ff1a204e090 R08: 0000000000000000 R09: 0000000000000000
[ 1203.581619][T30018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1203.581631][T30018] R13: 00007ff1a4046038 R14: 00007ff1a4045fa0 R15: 00007ffc8f318308
[ 1203.581661][T30018]  </TASK>
[ 1203.601392][    T9] usb 7-1: USB disconnect, device number 29
[ 1203.881210][T30021] netlink: 276 bytes leftover after parsing attributes in process `syz.1.8762'.
[ 1206.077352][T30032] netlink: 'syz.1.8767': attribute type 2 has an invalid length.
[ 1206.436937][T30032] !�9: entered promiscuous mode
[ 1206.448099][T30035] tc_dump_action: action bad kind
[ 1207.018859][T30059] netlink: 276 bytes leftover after parsing attributes in process `syz.7.8775'.
[ 1207.679136][ T5882] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1207.838813][ T5882] usb 3-1: Using ep0 maxpacket: 16
[ 1207.841013][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1207.845313][ T5882] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1207.845354][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.845375][ T5882] usb 3-1: Product: syz
[ 1207.845392][ T5882] usb 3-1: Manufacturer: syz
[ 1207.845407][ T5882] usb 3-1: SerialNumber: syz
[ 1207.862130][ T5882] usb 3-1: config 0 descriptor??
[ 1207.868248][ T5882] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1207.868284][ T5882] em28xx 3-1:0.0: DVB interface 0 found: bulk
[ 1208.440855][    T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1208.566653][ T5882] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[ 1208.589100][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1208.591348][    T9] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1208.591369][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1208.591391][    T9] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1208.591404][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.608972][    T9] usb 2-1: config 0 descriptor??
[ 1208.916283][T30107] FAULT_INJECTION: forcing a failure.
[ 1208.916283][T30107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1208.916321][T30107] CPU: 1 UID: 0 PID: 30107 Comm: syz.3.8794 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1208.916348][T30107] Tainted: [L]=SOFTLOCKUP
[ 1208.916355][T30107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1208.916367][T30107] Call Trace:
[ 1208.916375][T30107]  <TASK>
[ 1208.916384][T30107]  dump_stack_lvl+0xe8/0x150
[ 1208.916410][T30107]  should_fail_ex+0x46c/0x600
[ 1208.916442][T30107]  _copy_from_user+0x2d/0xb0
[ 1208.916462][T30107]  sk_setsockopt+0x276/0x2a70
[ 1208.916485][T30107]  ? sb_end_write+0xe9/0x1c0
[ 1208.916512][T30107]  ? __pfx_sk_setsockopt+0x10/0x10
[ 1208.916536][T30107]  ? __pfx_vfs_write+0x10/0x10
[ 1208.916559][T30107]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1208.916582][T30107]  ? do_sys_openat2+0x15a/0x200
[ 1208.916602][T30107]  ? kmem_cache_free+0x18f/0x8d0
[ 1208.916630][T30107]  ? do_sys_openat2+0x15a/0x200
[ 1208.916664][T30107]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1208.916693][T30107]  do_sock_setsockopt+0x11b/0x1b0
[ 1208.916720][T30107]  __x64_sys_setsockopt+0x145/0x1b0
[ 1208.916749][T30107]  do_syscall_64+0xec/0xf80
[ 1208.916768][T30107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.916787][T30107]  ? trace_irq_disable+0x37/0x100
[ 1208.916806][T30107]  ? clear_bhb_loop+0x60/0xb0
[ 1208.916828][T30107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.916847][T30107] RIP: 0033:0x7f09a592f749
[ 1208.916865][T30107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1208.916882][T30107] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1208.916904][T30107] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1208.916919][T30107] RDX: 0000000000000014 RSI: 0000000000000001 RDI: 0000000000000004
[ 1208.916931][T30107] RBP: 00007f09a3b96090 R08: 256c47525ddbca6a R09: 0000000000000000
[ 1208.916945][T30107] R10: 0000200000abaff9 R11: 0000000000000246 R12: 0000000000000001
[ 1208.916957][T30107] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1208.916988][T30107]  </TASK>
[ 1209.154248][    T9] nzxt-smart2 0003:1E71:2009.002B: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0
[ 1209.598949][ T5875] usb 2-1: USB disconnect, device number 26
[ 1210.457644][T30131] bond0: entered promiscuous mode
[ 1210.457673][T30131] bond_slave_0: entered promiscuous mode
[ 1210.458429][T30131] bond_slave_1: entered promiscuous mode
[ 1210.508975][ T5882] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1210.509009][ T5882] em28xx 3-1:0.0: board has no eeprom
[ 1210.511165][T30131] batadv0: entered promiscuous mode
[ 1210.597337][T30131] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1210.618691][ T5882] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1210.618720][ T5882] em28xx 3-1:0.0: dvb set to bulk mode.
[ 1210.618927][    T9] em28xx 3-1:0.0: Binding DVB extension
[ 1210.716725][    T9] em28xx 3-1:0.0: Registering input extension
[ 1210.793873][T18624] usb 3-1: USB disconnect, device number 33
[ 1210.796225][T18624] em28xx 3-1:0.0: Disconnecting em28xx
[ 1210.796254][T18624] em28xx 3-1:0.0: Closing input extension
[ 1210.853412][T18624] em28xx 3-1:0.0: Freeing device
[ 1210.978722][T30149] FAULT_INJECTION: forcing a failure.
[ 1210.978722][T30149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1210.978762][T30149] CPU: 1 UID: 0 PID: 30149 Comm: syz.6.8811 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1210.978789][T30149] Tainted: [L]=SOFTLOCKUP
[ 1210.978796][T30149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1210.978808][T30149] Call Trace:
[ 1210.978816][T30149]  <TASK>
[ 1210.978824][T30149]  dump_stack_lvl+0xe8/0x150
[ 1210.978853][T30149]  should_fail_ex+0x46c/0x600
[ 1210.978880][T30149]  _copy_from_user+0x2d/0xb0
[ 1210.978900][T30149]  ___sys_recvmsg+0x12e/0x510
[ 1210.978930][T30149]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1210.978957][T30149]  ? __fget_files+0x2a/0x420
[ 1210.978991][T30149]  ? __fget_files+0x3a6/0x420
[ 1210.979020][T30149]  __x64_sys_recvmsg+0x19e/0x260
[ 1210.979047][T30149]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1210.979082][T30149]  ? rcu_is_watching+0x15/0xb0
[ 1210.979110][T30149]  do_syscall_64+0xec/0xf80
[ 1210.979131][T30149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1210.979149][T30149]  ? trace_irq_disable+0x37/0x100
[ 1210.979169][T30149]  ? clear_bhb_loop+0x60/0xb0
[ 1210.979192][T30149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1210.979210][T30149] RIP: 0033:0x7f25fd09f749
[ 1210.979228][T30149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1210.979245][T30149] RSP: 002b:00007f25fb2fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1210.979265][T30149] RAX: ffffffffffffffda RBX: 00007f25fd2f5fa0 RCX: 00007f25fd09f749
[ 1210.979279][T30149] RDX: bf9d5a5a4c2f3718 RSI: 0000200000000040 RDI: 0000000000000003
[ 1210.979293][T30149] RBP: 00007f25fb2fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1210.979313][T30149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1210.979325][T30149] R13: 00007f25fd2f6038 R14: 00007f25fd2f5fa0 R15: 00007ffc527ea188
[ 1210.979356][T30149]  </TASK>
[ 1210.984723][T30149] netlink: 60 bytes leftover after parsing attributes in process `syz.6.8811'.
[ 1211.180341][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1211.348666][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1211.350988][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1211.351023][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1211.351061][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1211.351106][    T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1211.351130][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1211.356297][    T9] usb 2-1: config 0 descriptor??
[ 1212.668812][    T9] usbhid 2-1:0.0: can't add hid device: -71
[ 1212.668928][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1212.680817][    T9] usb 2-1: USB disconnect, device number 27
[ 1213.191899][    T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1213.321667][T30183] tc_dump_action: action bad kind
[ 1213.341075][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1213.346559][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1213.350967][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1213.350996][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1213.351017][    T9] usb 3-1: Product: syz
[ 1213.351032][    T9] usb 3-1: Manufacturer: syz
[ 1213.351053][    T9] usb 3-1: SerialNumber: syz
[ 1215.038767][T23626] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1215.161802][   T10] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1215.190557][T30209] FAULT_INJECTION: forcing a failure.
[ 1215.190557][T30209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1215.190595][T30209] CPU: 0 UID: 0 PID: 30209 Comm: syz.3.8839 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1215.190624][T30209] Tainted: [L]=SOFTLOCKUP
[ 1215.190631][T30209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1215.190643][T30209] Call Trace:
[ 1215.190655][T30209]  <TASK>
[ 1215.190664][T30209]  dump_stack_lvl+0xe8/0x150
[ 1215.190693][T30209]  should_fail_ex+0x46c/0x600
[ 1215.190725][T30209]  _copy_from_user+0x2d/0xb0
[ 1215.190745][T30209]  ___sys_sendmsg+0x158/0x2a0
[ 1215.190773][T30209]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1215.190837][T30209]  ? __fget_files+0x2a/0x420
[ 1215.190857][T30209]  ? __fget_files+0x3a6/0x420
[ 1215.190885][T30209]  __x64_sys_sendmsg+0x1a1/0x260
[ 1215.190912][T30209]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1215.190945][T30209]  ? __pfx_ksys_write+0x10/0x10
[ 1215.190981][T30209]  do_syscall_64+0xec/0xf80
[ 1215.191001][T30209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.191019][T30209]  ? trace_irq_disable+0x37/0x100
[ 1215.191039][T30209]  ? clear_bhb_loop+0x60/0xb0
[ 1215.191062][T30209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.191080][T30209] RIP: 0033:0x7f09a592f749
[ 1215.191098][T30209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1215.191115][T30209] RSP: 002b:00007f09a3b96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1215.191136][T30209] RAX: ffffffffffffffda RBX: 00007f09a5b85fa0 RCX: 00007f09a592f749
[ 1215.191151][T30209] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1215.191163][T30209] RBP: 00007f09a3b96090 R08: 0000000000000000 R09: 0000000000000000
[ 1215.191176][T30209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1215.191187][T30209] R13: 00007f09a5b86038 R14: 00007f09a5b85fa0 R15: 00007ffca32a2368
[ 1215.191220][T30209]  </TASK>
[ 1215.205290][T23626] usb 8-1: Using ep0 maxpacket: 16
[ 1215.208289][T23626] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1215.213958][T23626] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1215.214042][T23626] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.214064][T23626] usb 8-1: Product: syz
[ 1215.214079][T23626] usb 8-1: Manufacturer: syz
[ 1215.214095][T23626] usb 8-1: SerialNumber: syz
[ 1215.317233][    T9] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1215.317261][    T9] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1215.317281][    T9] cdc_ncm 3-1:1.0: setting rx_max = 2048
[ 1215.318672][   T10] usb 7-1: Using ep0 maxpacket: 16
[ 1215.323836][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1215.329745][   T10] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1215.330158][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.330181][   T10] usb 7-1: Product: syz
[ 1215.330196][   T10] usb 7-1: Manufacturer: syz
[ 1215.330212][   T10] usb 7-1: SerialNumber: syz
[ 1215.356545][   T10] usb 7-1: config 0 descriptor??
[ 1215.381012][   T10] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1215.381565][   T10] em28xx 7-1:0.0: DVB interface 0 found: bulk
[ 1215.531046][    T9] cdc_ncm 3-1:1.0: setting tx_max = 88
[ 1216.033539][    T9] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1216.092774][    T9] usb 3-1: USB disconnect, device number 34
[ 1216.106175][    T9] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[ 1216.211638][   T10] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1216.268458][T23626] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1216.268486][T23626] cdc_ncm 8-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1216.268506][T23626] cdc_ncm 8-1:1.0: setting rx_max = 2048
[ 1216.470265][T23626] cdc_ncm 8-1:1.0: setting tx_max = 88
[ 1216.583920][T23626] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1216.614061][T23626] usb 8-1: USB disconnect, device number 10
[ 1216.631141][T23626] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM (NO ZLP)
[ 1216.773375][T30241] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8848'.
[ 1217.147299][   T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1217.180458][   T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1217.183527][   T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1217.197966][   T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1217.229238][   T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1217.842329][T30264] netlink: 24 bytes leftover after parsing attributes in process `syz.7.8854'.
[ 1217.842359][T30264] netlink: 24 bytes leftover after parsing attributes in process `syz.7.8854'.
[ 1217.951754][   T10] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1217.951858][   T10] em28xx 7-1:0.0: board has no eeprom
[ 1218.792840][   T10] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1218.792871][   T10] em28xx 7-1:0.0: dvb set to bulk mode.
[ 1218.793221][T23102] em28xx 7-1:0.0: Binding DVB extension
[ 1219.393815][T17830] Bluetooth: hci4: command tx timeout
[ 1219.460027][T30274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8857'.
[ 1219.460055][T30274] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8857'.
[ 1219.507678][T23647] usb 7-1: USB disconnect, device number 30
[ 1219.521679][T23647] em28xx 7-1:0.0: Disconnecting em28xx
[ 1220.648883][T23102] em28xx 7-1:0.0: Registering input extension
[ 1220.649113][T23647] em28xx 7-1:0.0: Closing input extension
[ 1220.703317][T23647] em28xx 7-1:0.0: Freeing device
[ 1221.480778][T17830] Bluetooth: hci4: command tx timeout
[ 1222.591268][T30296] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8860'.
[ 1222.591312][T30296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8860'.
[ 1222.591327][T30296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8860'.
[ 1223.053237][T30298] netlink: 'syz.6.8864': attribute type 10 has an invalid length.
[ 1223.136361][T30299] netlink: 'syz.6.8864': attribute type 10 has an invalid length.
[ 1223.548927][T17830] Bluetooth: hci4: command tx timeout
[ 1223.820697][T30299] team0: Port device dummy0 removed
[ 1223.829083][T30299] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1224.677907][T22944] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1224.677931][T22944] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.908312][T30325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8872'.
[ 1224.929771][T30320] IPv6: sit1: Disabled Multicast RS
[ 1225.075526][T30323] tc_dump_action: action bad kind
[ 1225.277162][T30333] overlayfs: failed to clone lowerpath
[ 1225.377378][T22944] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1225.377415][T22944] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1225.482609][T30338] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[ 1225.628884][T17830] Bluetooth: hci4: command tx timeout
[ 1225.691937][T30348] netlink: 28 bytes leftover after parsing attributes in process `syz.7.8878'.
[ 1225.930316][T22944] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1225.930354][T22944] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.383371][T22944] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1226.383409][T22944] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.430132][T30245] chnl_net:caif_netlink_parms(): no params data found
[ 1226.446176][T30357] tc_dump_action: action bad kind
[ 1226.508361][T17830] Bluetooth: hci5: unexpected event 0x03 length: 1 < 11
[ 1226.710039][T30378] FAULT_INJECTION: forcing a failure.
[ 1226.710039][T30378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1226.710075][T30378] CPU: 1 UID: 0 PID: 30378 Comm: syz.7.8892 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1226.710103][T30378] Tainted: [L]=SOFTLOCKUP
[ 1226.710110][T30378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1226.710122][T30378] Call Trace:
[ 1226.710130][T30378]  <TASK>
[ 1226.710138][T30378]  dump_stack_lvl+0xe8/0x150
[ 1226.710168][T30378]  should_fail_ex+0x46c/0x600
[ 1226.710198][T30378]  _copy_from_user+0x2d/0xb0
[ 1226.710219][T30378]  __sys_bind+0x19f/0x3e0
[ 1226.710242][T30378]  ? __pfx___sys_bind+0x10/0x10
[ 1226.710273][T30378]  ? __pfx_ksys_write+0x10/0x10
[ 1226.710304][T30378]  __x64_sys_bind+0x7a/0x90
[ 1226.710324][T30378]  do_syscall_64+0xec/0xf80
[ 1226.710345][T30378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.710367][T30378]  ? trace_irq_disable+0x37/0x100
[ 1226.710386][T30378]  ? clear_bhb_loop+0x60/0xb0
[ 1226.710409][T30378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.710428][T30378] RIP: 0033:0x7f84c4b0f749
[ 1226.710451][T30378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1226.710468][T30378] RSP: 002b:00007f84c2d6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1226.710489][T30378] RAX: ffffffffffffffda RBX: 00007f84c4d65fa0 RCX: 00007f84c4b0f749
[ 1226.710505][T30378] RDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000004
[ 1226.710517][T30378] RBP: 00007f84c2d6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1226.710528][T30378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1226.710539][T30378] R13: 00007f84c4d66038 R14: 00007f84c4d65fa0 R15: 00007fffc8adf238
[ 1226.710567][T30378]  </TASK>
[ 1227.046289][T30387] netlink: 28 bytes leftover after parsing attributes in process `syz.7.8895'.
[ 1227.819462][T30405] FAULT_INJECTION: forcing a failure.
[ 1227.819462][T30405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1227.819493][T30405] CPU: 1 UID: 0 PID: 30405 Comm: syz.1.8900 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1227.819514][T30405] Tainted: [L]=SOFTLOCKUP
[ 1227.819520][T30405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1227.819530][T30405] Call Trace:
[ 1227.819536][T30405]  <TASK>
[ 1227.819542][T30405]  dump_stack_lvl+0xe8/0x150
[ 1227.819567][T30405]  should_fail_ex+0x46c/0x600
[ 1227.819592][T30405]  _copy_from_user+0x2d/0xb0
[ 1227.819608][T30405]  ___sys_sendmsg+0x158/0x2a0
[ 1227.819630][T30405]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1227.819671][T30405]  ? __fget_files+0x2a/0x420
[ 1227.819687][T30405]  ? __fget_files+0x3a6/0x420
[ 1227.819709][T30405]  __x64_sys_sendmsg+0x1a1/0x260
[ 1227.819731][T30405]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1227.819756][T30405]  ? __pfx_ksys_write+0x10/0x10
[ 1227.819785][T30405]  do_syscall_64+0xec/0xf80
[ 1227.819801][T30405]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.819814][T30405]  ? trace_irq_disable+0x37/0x100
[ 1227.819830][T30405]  ? clear_bhb_loop+0x60/0xb0
[ 1227.819848][T30405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.819862][T30405] RIP: 0033:0x7f0e9975f749
[ 1227.819877][T30405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1227.819890][T30405] RSP: 002b:00007f0e9799d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1227.819907][T30405] RAX: ffffffffffffffda RBX: 00007f0e999b6090 RCX: 00007f0e9975f749
[ 1227.819919][T30405] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000005
[ 1227.819929][T30405] RBP: 00007f0e9799d090 R08: 0000000000000000 R09: 0000000000000000
[ 1227.819939][T30405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1227.819948][T30405] R13: 00007f0e999b6128 R14: 00007f0e999b6090 R15: 00007ffde6ab9998
[ 1227.819971][T30405]  </TASK>
[ 1227.827885][T30245] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1227.828085][T30245] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1227.828381][T30245] bridge_slave_0: entered allmulticast mode
[ 1227.853397][T30245] bridge_slave_0: entered promiscuous mode
[ 1227.931365][T30245] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1227.943639][T30245] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1227.943951][T30245] bridge_slave_1: entered allmulticast mode
[ 1227.994535][T30245] bridge_slave_1: entered promiscuous mode
[ 1228.133288][T17830] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[ 1228.380328][T30409] process 'syz.6.8903' launched './file1' with NULL argv: empty string added
[ 1228.452382][T30414] FAULT_INJECTION: forcing a failure.
[ 1228.452382][T30414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1228.452419][T30414] CPU: 1 UID: 0 PID: 30414 Comm: syz.1.8904 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1228.452447][T30414] Tainted: [L]=SOFTLOCKUP
[ 1228.452454][T30414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1228.452466][T30414] Call Trace:
[ 1228.452474][T30414]  <TASK>
[ 1228.452482][T30414]  dump_stack_lvl+0xe8/0x150
[ 1228.452513][T30414]  should_fail_ex+0x46c/0x600
[ 1228.452544][T30414]  _copy_to_user+0x31/0xb0
[ 1228.452567][T30414]  simple_read_from_buffer+0xe1/0x170
[ 1228.452599][T30414]  proc_fail_nth_read+0x1b6/0x220
[ 1228.452629][T30414]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1228.452658][T30414]  ? rw_verify_area+0x2ac/0x4e0
[ 1228.452681][T30414]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1228.452709][T30414]  vfs_read+0x206/0xa30
[ 1228.452742][T30414]  ? __pfx_vfs_read+0x10/0x10
[ 1228.452769][T30414]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1228.452791][T30414]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1228.452810][T30414]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1228.452830][T30414]  ? mutex_lock_nested+0x154/0x1d0
[ 1228.452853][T30414]  ? fdget_pos+0x253/0x320
[ 1228.452882][T30414]  ksys_read+0x14b/0x260
[ 1228.452909][T30414]  ? __pfx_ksys_read+0x10/0x10
[ 1228.452944][T30414]  do_syscall_64+0xec/0xf80
[ 1228.452964][T30414]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1228.452982][T30414]  ? trace_irq_disable+0x37/0x100
[ 1228.453002][T30414]  ? clear_bhb_loop+0x60/0xb0
[ 1228.453023][T30414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1228.453042][T30414] RIP: 0033:0x7f0e9975e15c
[ 1228.453059][T30414] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1228.453075][T30414] RSP: 002b:00007f0e979be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1228.453096][T30414] RAX: ffffffffffffffda RBX: 00007f0e999b5fa0 RCX: 00007f0e9975e15c
[ 1228.453111][T30414] RDX: 000000000000000f RSI: 00007f0e979be0a0 RDI: 0000000000000006
[ 1228.453124][T30414] RBP: 00007f0e979be090 R08: 0000000000000000 R09: 0000000000000000
[ 1228.453137][T30414] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 1228.453148][T30414] R13: 00007f0e999b6038 R14: 00007f0e999b5fa0 R15: 00007ffde6ab9998
[ 1228.453181][T30414]  </TASK>
[ 1228.691547][T30419] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8905'.
[ 1228.747310][T30415] tc_dump_action: action bad kind
[ 1228.780847][T30245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1228.821480][T30245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1229.169511][T30424] ufs: You didn't specify the type of your ufs filesystem
[ 1229.169511][T30424] 
[ 1229.169511][T30424] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1229.169511][T30424] 
[ 1229.169511][T30424] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1229.169556][T30424] ufs: ufstype=old is supported read-only
[ 1229.176828][T30424] ufs: ufs_fill_super(): bad magic number
[ 1229.894280][T30245] team0: Port device team_slave_0 added
[ 1229.913801][T30245] team0: Port device team_slave_1 added
[ 1230.027255][T17830] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[ 1230.046545][T30439] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[ 1230.119082][T22944] bridge_slave_1: left allmulticast mode
[ 1230.119104][T22944] bridge_slave_1: left promiscuous mode
[ 1230.152270][T22944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1230.230158][T22944] bridge_slave_0: left allmulticast mode
[ 1230.230191][T22944] bridge_slave_0: left promiscuous mode
[ 1230.230462][T22944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1230.341888][T30445] netlink: 'syz.1.8914': attribute type 6 has an invalid length.
[ 1230.341911][T30445] netlink: 14577 bytes leftover after parsing attributes in process `syz.1.8914'.
[ 1230.478824][   T49] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1230.638880][   T49] usb 3-1: Using ep0 maxpacket: 32
[ 1230.647887][   T49] usb 3-1: config 0 has an invalid interface number: 247 but max is 0
[ 1230.647917][   T49] usb 3-1: config 0 has no interface number 0
[ 1230.660318][   T49] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[ 1230.660350][   T49] usb 3-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 1230.660370][   T49] usb 3-1: Product: syz
[ 1230.660386][   T49] usb 3-1: Manufacturer: syz
[ 1230.674194][   T49] usb 3-1: config 0 descriptor??
[ 1231.081792][T23102] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1231.218691][   T49] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1231.236309][T23102] usb 8-1: Using ep0 maxpacket: 16
[ 1231.238114][T23102] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1231.256873][T23102] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1231.256904][T23102] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1231.256916][T23102] usb 8-1: Product: syz
[ 1231.256924][T23102] usb 8-1: Manufacturer: syz
[ 1231.256932][T23102] usb 8-1: SerialNumber: syz
[ 1231.399071][   T49] usb 7-1: Using ep0 maxpacket: 32
[ 1231.407809][   T49] usb 7-1: config 170 has an invalid interface number: 248 but max is 0
[ 1231.407839][   T49] usb 7-1: config 170 has no interface number 0
[ 1231.407883][   T49] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1231.407908][   T49] usb 7-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1231.407932][   T49] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1231.407961][   T49] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1231.407998][   T49] usb 7-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1231.408022][   T49] usb 7-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1231.408047][   T49] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1231.408070][   T49] usb 7-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1231.408092][   T49] usb 7-1: config 170 interface 248 has no altsetting 0
[ 1231.530054][   T49] usb 7-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1231.530087][   T49] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1231.530108][   T49] usb 7-1: Product: Ъ
[ 1231.530124][   T49] usb 7-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1231.530151][   T49] usb 7-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1231.940376][   T49] usb 7-1: USB disconnect, device number 31
[ 1232.422600][T23102] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1232.422630][T23102] cdc_ncm 8-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1232.422651][T23102] cdc_ncm 8-1:1.0: setting rx_max = 2048
[ 1232.635384][T23102] cdc_ncm 8-1:1.0: setting tx_max = 88
[ 1233.315979][T30459] overlay: filesystem on ./bus is read-only
[ 1233.897873][T17830] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[ 1234.059451][T22944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1234.140426][T22944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1234.161589][T22944] bond0 (unregistering): Released all slaves
[ 1235.349182][T22944] bond1 (unregistering): Released all slaves
[ 1235.584591][T30482] netlink: 'syz.1.8927': attribute type 10 has an invalid length.
[ 1235.605430][T23641] usb 3-1: USB disconnect, device number 35
[ 1235.606398][T23102] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1235.637777][T30245] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1235.637795][T30245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1235.637823][T30245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1235.646710][T22944] tipc: Left network mode
[ 1235.683499][T23102] usb 8-1: USB disconnect, device number 11
[ 1235.779344][T30482] bond0: (slave dummy0): Releasing backup interface
[ 1235.783066][T23102] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM (NO ZLP)
[ 1235.894612][T30482] dummy0: left promiscuous mode
[ 1235.920426][T30483] netlink: 'syz.1.8927': attribute type 10 has an invalid length.
[ 1235.922986][T30482] team0: Port device dummy0 added
[ 1235.923914][T30245] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1235.923929][T30245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1235.923958][T30245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1236.136215][T30483] team0: Port device dummy0 removed
[ 1236.160327][T30483] dummy0: entered promiscuous mode
[ 1236.161006][T30483] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1236.332231][T30495] overlayfs: failed lookup in lower (/, name='file0', err=-40): overlapping layers
[ 1236.686221][T17830] Bluetooth: hci5: unexpected event 0x03 length: 1 < 11
[ 1236.838791][T23102] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1236.873919][T30505] overlay: filesystem on ./bus is read-only
[ 1237.028769][T23102] usb 7-1: Using ep0 maxpacket: 16
[ 1237.031246][T23102] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1237.034248][T23102] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1237.034280][T23102] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.034303][T23102] usb 7-1: Product: syz
[ 1237.034318][T23102] usb 7-1: Manufacturer: syz
[ 1237.034334][T23102] usb 7-1: SerialNumber: syz
[ 1237.496195][T30515] affs: No valid root block on device nullb0
[ 1238.032377][T30245] hsr_slave_0: entered promiscuous mode
[ 1238.069450][T30245] hsr_slave_1: entered promiscuous mode
[ 1238.070436][T30245] debugfs: 'hsr0' already exists in 'hsr'
[ 1238.070462][T30245] Cannot create hsr debugfs directory
[ 1238.332464][T30528] overlay: filesystem on ./bus is read-only
[ 1238.507827][T23102] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1238.507845][T23102] cdc_ncm 7-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1238.507857][T23102] cdc_ncm 7-1:1.0: setting rx_max = 2048
[ 1238.519110][T30531] overlay: filesystem on ./bus is read-only
[ 1238.699393][T30536] FAULT_INJECTION: forcing a failure.
[ 1238.699393][T30536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1238.699431][T30536] CPU: 1 UID: 0 PID: 30536 Comm: syz.1.8943 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1238.699462][T30536] Tainted: [L]=SOFTLOCKUP
[ 1238.699469][T30536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1238.699481][T30536] Call Trace:
[ 1238.699489][T30536]  <TASK>
[ 1238.699498][T30536]  dump_stack_lvl+0xe8/0x150
[ 1238.699528][T30536]  should_fail_ex+0x46c/0x600
[ 1238.699566][T30536]  _copy_from_user+0x2d/0xb0
[ 1238.699586][T30536]  io_register_clone_buffers+0x9a/0x2e0
[ 1238.699611][T30536]  ? __pfx_io_register_clone_buffers+0x10/0x10
[ 1238.699636][T30536]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1238.699657][T30536]  ? mutex_lock_nested+0x154/0x1d0
[ 1238.699680][T30536]  ? __se_sys_io_uring_register+0x187/0x1200
[ 1238.699712][T30536]  __se_sys_io_uring_register+0x849/0x1200
[ 1238.699747][T30536]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[ 1238.699773][T30536]  ? ksys_write+0x230/0x260
[ 1238.699801][T30536]  ? __pfx_ksys_write+0x10/0x10
[ 1238.699837][T30536]  do_syscall_64+0xec/0xf80
[ 1238.699857][T30536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1238.699884][T30536]  ? trace_irq_disable+0x37/0x100
[ 1238.699904][T30536]  ? clear_bhb_loop+0x60/0xb0
[ 1238.699928][T30536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1238.699947][T30536] RIP: 0033:0x7f0e9975f749
[ 1238.699964][T30536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1238.699980][T30536] RSP: 002b:00007f0e979be038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[ 1238.700001][T30536] RAX: ffffffffffffffda RBX: 00007f0e999b5fa0 RCX: 00007f0e9975f749
[ 1238.700016][T30536] RDX: 00002000000002c0 RSI: 000000000000001e RDI: 0000000000000005
[ 1238.700029][T30536] RBP: 00007f0e979be090 R08: 0000000000000000 R09: 0000000000000000
[ 1238.700042][T30536] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1238.700054][T30536] R13: 00007f0e999b6038 R14: 00007f0e999b5fa0 R15: 00007ffde6ab9998
[ 1238.700087][T30536]  </TASK>
[ 1238.711288][T23102] cdc_ncm 7-1:1.0: setting tx_max = 88
[ 1238.758284][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.758351][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.842566][T17830] Bluetooth: hci5: unexpected event 0x03 length: 1 < 11
[ 1239.029793][T22944] hsr_slave_0: left promiscuous mode
[ 1239.118756][T22944] hsr_slave_1: left promiscuous mode
[ 1239.120290][T22944] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1239.120309][T22944] batadv0: mtu less than device minimum
[ 1239.127246][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.166501][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.185858][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.207164][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.225865][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.244786][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.263222][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.287389][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.306216][T22944] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1239.395997][T22944] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1239.414160][T22944] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1239.506020][T30555] overlay: filesystem on ./bus is read-only
[ 1239.570670][T22944] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1239.589671][T22944] batman_adv: batadv0: Interface deactivated: dummy0
[ 1239.589692][T22944] batman_adv: batadv0: Removing interface: dummy0
[ 1239.703967][T22944] veth1_macvtap: left promiscuous mode
[ 1239.704034][T22944] veth0_macvtap: left promiscuous mode
[ 1239.704172][T22944] veth1_vlan: left promiscuous mode
[ 1239.704266][T22944] veth0_vlan: left promiscuous mode
[ 1240.244482][T17830] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[ 1240.525038][T30570] overlay: filesystem on ./bus is read-only
[ 1243.009548][T22944] team0 (unregistering): Port device team_slave_1 removed
[ 1243.289313][T22944] team0 (unregistering): Port device team_slave_0 removed
[ 1244.847725][T17830] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[ 1246.523026][T23102] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1246.527220][T30561] netlink: 'syz.7.8952': attribute type 14 has an invalid length.
[ 1246.562050][T23102] usb 7-1: USB disconnect, device number 32
[ 1246.564212][T23102] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[ 1246.567073][T30561] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1246.573244][T30561] netlink: 'syz.7.8952': attribute type 14 has an invalid length.
[ 1246.981197][T30561] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1247.329991][T23641] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1247.348839][T23102] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1247.498711][T23102] usb 7-1: Using ep0 maxpacket: 16
[ 1247.501580][T23102] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1247.501608][T23102] usb 7-1: config 0 has no interface number 0
[ 1247.502222][T23102] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1247.502253][T23102] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1247.502294][T23102] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1247.502320][T23102] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1247.519266][T23102] usb 7-1: config 0 descriptor??
[ 1247.608771][T23641] usb 8-1: Using ep0 maxpacket: 32
[ 1247.611982][T23641] usb 8-1: config 170 has an invalid interface number: 248 but max is 0
[ 1247.612014][T23641] usb 8-1: config 170 has no interface number 0
[ 1247.612057][T23641] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1247.612080][T23641] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1247.612100][T23641] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1247.612128][T23641] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1247.612156][T23641] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1247.612179][T23641] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1247.612203][T23641] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1247.612226][T23641] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1247.612247][T23641] usb 8-1: config 170 interface 248 has no altsetting 0
[ 1247.615064][T23641] usb 8-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1247.615093][T23641] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1247.615114][T23641] usb 8-1: Product: Ъ
[ 1247.615129][T23641] usb 8-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1247.615154][T23641] usb 8-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1247.954961][T30618] GUP no longer grows the stack in syz.2.8972 (30618): 200000004000-20000000a000 (200000002000)
[ 1247.955057][T30618] CPU: 1 UID: 0 PID: 30618 Comm: syz.2.8972 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1247.955090][T30618] Tainted: [L]=SOFTLOCKUP
[ 1247.955099][T30618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1247.955111][T30618] Call Trace:
[ 1247.955120][T30618]  <TASK>
[ 1247.955130][T30618]  dump_stack_lvl+0xe8/0x150
[ 1247.955171][T30618]  __get_user_pages+0x22c8/0x2830
[ 1247.955229][T30618]  get_user_pages_remote+0x2f1/0xac0
[ 1247.955259][T30618]  ? __pfx_mtree_load+0x10/0x10
[ 1247.955295][T30618]  ? __pfx_get_user_pages_remote+0x10/0x10
[ 1247.955324][T30618]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1247.955349][T30618]  ? __access_remote_vm+0x367/0x7d0
[ 1247.955391][T30618]  __access_remote_vm+0x211/0x7d0
[ 1247.955426][T30618]  ? __pfx___access_remote_vm+0x10/0x10
[ 1247.955471][T30618]  ? set_page_refcounted+0xa0/0x1e0
[ 1247.955500][T30618]  ? alloc_pages_noprof+0xe4/0x1e0
[ 1247.955526][T30618]  proc_pid_cmdline_read+0x433/0x810
[ 1247.955550][T30618]  ? __asan_memset+0x22/0x50
[ 1247.955579][T30618]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[ 1247.955607][T30618]  ? rw_verify_area+0x2ac/0x4e0
[ 1247.955641][T30618]  vfs_readv+0x5b3/0x850
[ 1247.955661][T30618]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[ 1247.955693][T30618]  ? __pfx_vfs_readv+0x10/0x10
[ 1247.955724][T30618]  ? __fget_files+0x2a/0x420
[ 1247.955753][T30618]  ? __fget_files+0x3a6/0x420
[ 1247.955777][T30618]  ? __fget_files+0x2a/0x420
[ 1247.955802][T30618]  __x64_sys_preadv+0x19a/0x2a0
[ 1247.955830][T30618]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 1247.955876][T30618]  do_syscall_64+0xec/0xf80
[ 1247.955906][T30618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1247.955936][T30618]  ? trace_irq_disable+0x37/0x100
[ 1247.955961][T30618]  ? clear_bhb_loop+0x60/0xb0
[ 1247.955981][T30618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1247.955999][T30618] RIP: 0033:0x7ff1a3def749
[ 1247.956018][T30618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1247.956038][T30618] RSP: 002b:00007ff1a204e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1247.956063][T30618] RAX: ffffffffffffffda RBX: 00007ff1a4045fa0 RCX: 00007ff1a3def749
[ 1247.956083][T30618] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[ 1247.956103][T30618] RBP: 00007ff1a3e73f91 R08: 0000000000000000 R09: 0000000000000000
[ 1247.956124][T30618] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[ 1247.956140][T30618] R13: 00007ff1a4046038 R14: 00007ff1a4045fa0 R15: 00007ffc8f318308
[ 1247.956173][T30618]  </TASK>
[ 1248.085914][T30600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1248.086518][T30600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1248.092347][T30600] netlink: 68 bytes leftover after parsing attributes in process `syz.6.8966'.
[ 1248.144288][T23102] hid (null): bogus close delimiter
[ 1248.468015][T23641] usb 8-1: USB disconnect, device number 12
[ 1248.507911][T17830] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[ 1248.785180][T23102] uclogic 0003:28BD:0071.002C: failed retrieving string descriptor #100: -71
[ 1248.785243][T23102] uclogic 0003:28BD:0071.002C: failed retrieving pen parameters: -71
[ 1248.785261][T23102] uclogic 0003:28BD:0071.002C: pen probing failed: -71
[ 1248.785280][T23102] uclogic 0003:28BD:0071.002C: failed probing parameters: -71
[ 1248.785394][T23102] uclogic 0003:28BD:0071.002C: probe with driver uclogic failed with error -71
[ 1248.788427][T23102] usb 7-1: USB disconnect, device number 33
[ 1249.849270][T30639] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8978'.
[ 1249.849309][T30639] netlink: 'syz.7.8978': attribute type 14 has an invalid length.
[ 1249.928226][T30639] bond1: option xmit_hash_policy: invalid value (11)
[ 1249.961960][T30639] bond1 (unregistering): Released all slaves
[ 1249.978720][ T5875] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1250.120311][T30639] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8978'.
[ 1250.120331][T30639] netlink: 'syz.7.8978': attribute type 14 has an invalid length.
[ 1250.144934][ T5875] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[ 1250.144992][ T5875] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1250.145006][ T5875] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1250.148222][ T5875] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1250.148253][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1250.148266][ T5875] usb 7-1: Product: syz
[ 1250.148274][ T5875] usb 7-1: Manufacturer: syz
[ 1250.148283][ T5875] usb 7-1: SerialNumber: syz
[ 1250.151810][ T5875] usb 7-1: config 0 descriptor??
[ 1250.210534][ T5875] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1250.210565][ T5875] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1250.214715][ T5875] usb 7-1: selecting invalid altsetting 0
[ 1250.285894][T23102] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1250.429044][T23102] usb 3-1: Using ep0 maxpacket: 16
[ 1250.431503][T23102] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1250.433964][T23102] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1250.433995][T23102] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1250.434010][T23102] usb 3-1: Product: syz
[ 1250.434018][T23102] usb 3-1: Manufacturer: syz
[ 1250.434027][T23102] usb 3-1: SerialNumber: syz
[ 1250.572982][T30639] bond1: option xmit_hash_policy: invalid value (11)
[ 1250.604600][T30639] bond1 (unregistering): Released all slaves
[ 1250.985993][T30654] netlink: 'syz.7.8984': attribute type 10 has an invalid length.
[ 1251.048514][T30654] team0: Port device dummy0 added
[ 1251.140670][T30654] netlink: 'syz.7.8984': attribute type 10 has an invalid length.
[ 1251.223095][T30654] team0: Port device dummy0 removed
[ 1251.257780][T30658] netlink: 'syz.1.8985': attribute type 6 has an invalid length.
[ 1251.257804][T30658] netlink: 14577 bytes leftover after parsing attributes in process `syz.1.8985'.
[ 1251.318518][T30654] dummy0: entered promiscuous mode
[ 1251.355129][T30654] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1251.473833][T23102] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1251.473859][T23102] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1251.473894][T23102] cdc_ncm 3-1:1.0: setting rx_max = 2048
[ 1251.676455][T23102] cdc_ncm 3-1:1.0: setting tx_max = 88
[ 1251.723196][T23102] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1251.745562][T23102] usb 3-1: USB disconnect, device number 36
[ 1251.758767][T23102] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[ 1251.818991][T18624] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1251.881867][ T5875] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1251.917740][T30245] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1251.945323][T30245] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1251.967898][T30245] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1251.968766][T18624] usb 2-1: Using ep0 maxpacket: 16
[ 1251.982275][T18624] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1251.982302][T18624] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1251.982315][T18624] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1251.982348][T18624] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1251.982362][T18624] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.985327][T18624] usb 2-1: config 0 descriptor??
[ 1252.028846][ T5875] usb 8-1: Using ep0 maxpacket: 32
[ 1252.085277][ T5875] usb 8-1: config 170 has an invalid interface number: 248 but max is 0
[ 1252.085368][ T5875] usb 8-1: config 170 has no interface number 0
[ 1252.085402][ T5875] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1252.085416][ T5875] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1252.085430][ T5875] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1252.085446][ T5875] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1252.085461][ T5875] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1252.085512][ T5875] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1252.085526][ T5875] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1252.085538][ T5875] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1252.085550][ T5875] usb 8-1: config 170 interface 248 has no altsetting 0
[ 1252.120567][ T5875] usb 8-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1252.120599][ T5875] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.120667][ T5875] usb 8-1: Product: Ъ
[ 1252.120684][ T5875] usb 8-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1252.120709][ T5875] usb 8-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1252.319830][T30245] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1252.627007][T18624] usbhid 2-1:0.0: can't add hid device: -71
[ 1252.627433][T18624] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1252.637925][T18624] usb 2-1: USB disconnect, device number 28
[ 1252.791362][T30673] affs: No valid root block on device nullb0
[ 1253.532648][T30245] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1253.534311][ T5875] usb 8-1: USB disconnect, device number 13
[ 1253.559994][   T49] usb 7-1: USB disconnect, device number 34
[ 1253.601278][T30245] 8021q: adding VLAN 0 to HW filter on device team0
[ 1253.623928][ T2155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1253.624028][ T2155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1253.676520][T17774] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1253.676599][T17774] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1253.974925][T30245] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1254.088707][   T10] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1254.345312][T30693] affs: No valid root block on device nullb0
[ 1254.394189][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1255.004328][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1255.004365][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1255.004391][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1255.004434][   T10] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1255.004459][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1255.059727][   T10] usb 3-1: config 0 descriptor??
[ 1255.077898][T30696] netlink: 'syz.7.8995': attribute type 6 has an invalid length.
[ 1255.077921][T30696] netlink: 14577 bytes leftover after parsing attributes in process `syz.7.8995'.
[ 1255.315254][T30701] netlink: 'syz.6.8996': attribute type 10 has an invalid length.
[ 1255.361650][T30701] bond0: (slave dummy0): Releasing backup interface
[ 1257.650809][   T61] Bluetooth: hci5: command 0x0406 tx timeout
[ 1259.703195][   T10] usbhid 3-1:0.0: can't add hid device: -71
[ 1259.710025][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1259.726558][   T10] usb 3-1: USB disconnect, device number 37
[ 1259.810305][T30701] team0: Port device dummy0 added
[ 1260.031397][T30245] veth0_vlan: entered promiscuous mode
[ 1260.095327][T30245] veth1_vlan: entered promiscuous mode
[ 1260.273254][T30245] veth0_macvtap: entered promiscuous mode
[ 1260.322396][T30245] veth1_macvtap: entered promiscuous mode
[ 1260.375350][T30245] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1260.402867][T30245] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1260.430781][ T2155] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1260.430831][ T2155] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1260.430866][ T2155] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1260.430899][ T2155] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1260.608730][T23641] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1260.778727][T23641] usb 7-1: Using ep0 maxpacket: 32
[ 1260.807834][T23641] usb 7-1: config 170 has an invalid interface number: 248 but max is 0
[ 1260.807868][T23641] usb 7-1: config 170 has no interface number 0
[ 1260.807922][T23641] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1260.807948][T23641] usb 7-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1260.807974][T23641] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1260.808005][T23641] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1260.808036][T23641] usb 7-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1260.808061][T23641] usb 7-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1260.808086][T23641] usb 7-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1260.808109][T23641] usb 7-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1260.808132][T23641] usb 7-1: config 170 interface 248 has no altsetting 0
[ 1260.840216][T23641] usb 7-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1260.840334][T23641] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1260.840356][T23641] usb 7-1: Product: Ъ
[ 1260.840370][T23641] usb 7-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1260.840393][T23641] usb 7-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1261.394351][ T3543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1261.394374][ T3543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1261.559363][T23641] usb 7-1: USB disconnect, device number 35
[ 1262.529855][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1262.529878][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1262.639098][T30739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9009'.
[ 1263.397443][T30755] FAULT_INJECTION: forcing a failure.
[ 1263.397443][T30755] name failslab, interval 1, probability 0, space 0, times 0
[ 1263.397475][T30755] CPU: 0 UID: 0 PID: 30755 Comm: syz.3.8847 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1263.397499][T30755] Tainted: [L]=SOFTLOCKUP
[ 1263.397505][T30755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1263.397515][T30755] Call Trace:
[ 1263.397522][T30755]  <TASK>
[ 1263.397530][T30755]  dump_stack_lvl+0xe8/0x150
[ 1263.397558][T30755]  should_fail_ex+0x46c/0x600
[ 1263.397582][T30755]  ? mas_alloc_nodes+0x291/0x350
[ 1263.397605][T30755]  should_failslab+0xa8/0x100
[ 1263.397622][T30755]  ? mas_alloc_nodes+0x291/0x350
[ 1263.397642][T30755]  kmem_cache_alloc_noprof+0x84/0x6c0
[ 1263.397674][T30755]  mas_alloc_nodes+0x291/0x350
[ 1263.397702][T30755]  mas_preallocate+0x2e0/0x670
[ 1263.397729][T30755]  ? __pfx_mas_preallocate+0x10/0x10
[ 1263.397758][T30755]  ? __asan_memset+0x22/0x50
[ 1263.397786][T30755]  commit_merge+0x1fa/0x620
[ 1263.397807][T30755]  ? __pfx_commit_merge+0x10/0x10
[ 1263.397828][T30755]  ? vma_modify+0xc6b/0x1c00
[ 1263.397842][T30755]  ? dup_anon_vma+0x7b/0x2c0
[ 1263.397860][T30755]  vma_modify+0x1118/0x1c00
[ 1263.397888][T30755]  vma_modify_flags+0x208/0x2e0
[ 1263.397905][T30755]  ? __pfx_vma_modify_flags+0x10/0x10
[ 1263.397931][T30755]  ? mas_next_slot+0xc23/0xd00
[ 1263.397949][T30755]  mlock_fixup+0x29f/0x420
[ 1263.397971][T30755]  ? __pfx_mlock_fixup+0x10/0x10
[ 1263.397989][T30755]  ? mas_find+0xb0e/0xd30
[ 1263.398007][T30755]  apply_mlockall_flags+0x2eb/0x3b0
[ 1263.398028][T30755]  ? __pfx_apply_mlockall_flags+0x10/0x10
[ 1263.398058][T30755]  ? __ia32_sys_munlockall+0x5a/0x220
[ 1263.398078][T30755]  __ia32_sys_munlockall+0x10a/0x220
[ 1263.398099][T30755]  do_syscall_64+0xec/0xf80
[ 1263.398115][T30755]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1263.398132][T30755]  ? trace_irq_disable+0x37/0x100
[ 1263.398150][T30755]  ? clear_bhb_loop+0x60/0xb0
[ 1263.398168][T30755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1263.398182][T30755] RIP: 0033:0x7fe89ffbf749
[ 1263.398196][T30755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1263.398209][T30755] RSP: 002b:00007fe89e1fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[ 1263.398225][T30755] RAX: ffffffffffffffda RBX: 00007fe8a0216090 RCX: 00007fe89ffbf749
[ 1263.398236][T30755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1263.398244][T30755] RBP: 00007fe89e1fd090 R08: 0000000000000000 R09: 0000000000000000
[ 1263.398254][T30755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1263.398262][T30755] R13: 00007fe8a0216128 R14: 00007fe8a0216090 R15: 00007ffe3a25a518
[ 1263.398293][T30755]  </TASK>
[ 1264.437209][T30773] comedi comedi3: comedi_config --init_data is deprecated
[ 1265.429114][T30779] overlayfs: failed to clone lowerpath
[ 1265.618738][T23631] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1265.768681][T23631] usb 3-1: Using ep0 maxpacket: 32
[ 1265.781175][T23631] usb 3-1: config 170 has an invalid interface number: 248 but max is 0
[ 1265.781207][T23631] usb 3-1: config 170 has no interface number 0
[ 1265.781256][T23631] usb 3-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1265.781282][T23631] usb 3-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1265.781306][T23631] usb 3-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1265.781337][T23631] usb 3-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1265.781366][T23631] usb 3-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1265.781390][T23631] usb 3-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1265.781415][T23631] usb 3-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1265.781439][T23631] usb 3-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1265.781462][T23631] usb 3-1: config 170 interface 248 has no altsetting 0
[ 1265.786048][T23631] usb 3-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1265.786079][T23631] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1265.786100][T23631] usb 3-1: Product: Ъ
[ 1265.786115][T23631] usb 3-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1265.786141][T23631] usb 3-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1266.412692][T23631] usb 3-1: USB disconnect, device number 38
[ 1266.733149][T30797] affs: No valid root block on device nullb0
[ 1267.781114][T30805] affs: No valid root block on device nullb0
[ 1268.553936][T30808] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9030'.
[ 1268.553957][T30808] netlink: 'syz.7.9030': attribute type 14 has an invalid length.
[ 1268.620562][T30808] bond1: option xmit_hash_policy: invalid value (11)
[ 1268.966504][T30808] bond1 (unregistering): Released all slaves
[ 1269.008722][ T5882] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1269.135668][T30820] affs: No valid root block on device nullb0
[ 1269.789475][ T5882] usb 3-1: Using ep0 maxpacket: 16
[ 1269.791345][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1269.791364][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1269.791377][ T5882] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1269.791402][ T5882] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1269.791415][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1269.794189][ T5882] usb 3-1: config 0 descriptor??
[ 1269.897508][T30808] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9030'.
[ 1269.897536][T30808] netlink: 'syz.7.9030': attribute type 14 has an invalid length.
[ 1269.915868][T30808] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1270.205960][ T5882] usbhid 3-1:0.0: can't add hid device: -71
[ 1270.206067][ T5882] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1270.210926][ T5882] usb 3-1: USB disconnect, device number 39
[ 1272.002355][T30842] overlay: filesystem on ./bus is read-only
[ 1272.098928][T30850] netlink: 188 bytes leftover after parsing attributes in process `syz.3.9041'.
[ 1272.267192][T30854] overlay: filesystem on ./bus is read-only
[ 1273.008950][ T5882] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1273.190992][ T5882] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1273.191029][ T5882] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1273.191066][ T5882] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1273.191086][ T5882] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1273.220832][T30864] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1273.281409][ T5882] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1273.288717][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1273.543489][   T37] kauditd_printk_skb: 52 callbacks suppressed
[ 1273.543503][   T37] audit: type=1326 audit(1768477821.035:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30862 comm="syz.7.9049" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84c4b0f749 code=0x0
[ 1273.549983][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1273.553279][    T9] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1273.553313][    T9] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1273.735839][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1273.735872][    T9] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1273.735894][    T9] usb 4-1: Product: syz
[ 1273.735903][    T9] usb 4-1: Manufacturer: syz
[ 1274.040950][T30874] FAULT_INJECTION: forcing a failure.
[ 1274.040950][T30874] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1274.041014][T30874] CPU: 0 UID: 0 PID: 30874 Comm: syz.6.9052 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1274.041049][T30874] Tainted: [L]=SOFTLOCKUP
[ 1274.041057][T30874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1274.041068][T30874] Call Trace:
[ 1274.041075][T30874]  <TASK>
[ 1274.041083][T30874]  dump_stack_lvl+0xe8/0x150
[ 1274.041105][T30874]  should_fail_ex+0x46c/0x600
[ 1274.041135][T30874]  prepare_alloc_pages+0x22b/0x6c0
[ 1274.041162][T30874]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1274.041186][T30874]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1274.041204][T30874]  ? __sanitizer_cov_trace_switch+0x9c/0x150
[ 1274.041232][T30874]  ? policy_nodemask+0x27c/0x720
[ 1274.041254][T30874]  alloc_pages_mpol+0xd1/0x380
[ 1274.041266][T30874]  vma_alloc_folio_noprof+0xe4/0x280
[ 1274.041280][T30874]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1274.041299][T30874]  ? folio_prealloc+0x18/0x180
[ 1274.041331][T30874]  folio_prealloc+0x30/0x180
[ 1274.041361][T30874]  do_pte_missing+0x86a/0x27a0
[ 1274.041388][T30874]  ? handle_mm_fault+0xd1/0x1330
[ 1274.041409][T30874]  ? handle_mm_fault+0xd1/0x1330
[ 1274.041423][T30874]  handle_mm_fault+0xcc1/0x1330
[ 1274.041441][T30874]  ? handle_mm_fault+0xd1/0x1330
[ 1274.041461][T30874]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1274.041484][T30874]  ? lock_vma_under_rcu+0x42c/0x4a0
[ 1274.041525][T30874]  ? __pfx___schedule+0x10/0x10
[ 1274.041560][T30874]  do_user_addr_fault+0xa7c/0x1380
[ 1274.041580][T30874]  ? rcu_is_watching+0x15/0xb0
[ 1274.041591][T30874]  ? trace_page_fault_user+0x84/0x1c0
[ 1274.041604][T30874]  exc_page_fault+0x71/0xd0
[ 1274.041615][T30874]  asm_exc_page_fault+0x26/0x30
[ 1274.041632][T30874] RIP: 0033:0x7f25fcf6a65b
[ 1274.041650][T30874] Code: 00 00 00 48 8d 3d dd 5a 19 00 48 89 c1 31 c0 e8 2b 39 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 5b 19 00 48 89 34 24 48 8b 14 24 48 8b
[ 1274.041666][T30874] RSP: 002b:00007f25fb2bafb0 EFLAGS: 00010202
[ 1274.041684][T30874] RAX: 0000000000000000 RBX: 00007f25fd2f6180 RCX: 0000000000000000
[ 1274.041698][T30874] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000080
[ 1274.041712][T30874] RBP: 00007f25fb2bc090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.041724][T30874] R10: 0000200000000080 R11: 0000000000000000 R12: 0000000000000001
[ 1274.041735][T30874] R13: 00007f25fd2f6218 R14: 00007f25fd2f6180 R15: 00007ffc527ea188
[ 1274.041753][T30874]  </TASK>
[ 1274.042097][T30874] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 1274.487125][    T9] hub 4-1:4.0: USB hub found
[ 1274.813184][    T9] hub 4-1:4.0: config failed, can't read hub descriptor (err -22)
[ 1275.014673][    T9] usb 4-1: USB disconnect, device number 17
[ 1276.348926][T30891] overlay: filesystem on ./bus is read-only
[ 1276.790502][   T49] usb 8-1: USB disconnect, device number 14
[ 1276.827445][T30901] FAULT_INJECTION: forcing a failure.
[ 1276.827445][T30901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1276.827487][T30901] CPU: 0 UID: 0 PID: 30901 Comm: syz.6.9060 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1276.827515][T30901] Tainted: [L]=SOFTLOCKUP
[ 1276.827522][T30901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1276.827534][T30901] Call Trace:
[ 1276.827542][T30901]  <TASK>
[ 1276.827551][T30901]  dump_stack_lvl+0xe8/0x150
[ 1276.827581][T30901]  should_fail_ex+0x46c/0x600
[ 1276.827613][T30901]  _copy_from_user+0x2d/0xb0
[ 1276.827633][T30901]  ___sys_sendmsg+0x158/0x2a0
[ 1276.827660][T30901]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1276.827724][T30901]  ? __fget_files+0x2a/0x420
[ 1276.827744][T30901]  ? __fget_files+0x3a6/0x420
[ 1276.827773][T30901]  __x64_sys_sendmsg+0x1a1/0x260
[ 1276.827800][T30901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1276.827833][T30901]  ? __might_fault+0xb0/0x130
[ 1276.827860][T30901]  ? rcu_is_watching+0x15/0xb0
[ 1276.827880][T30901]  ? trace_sys_enter+0x25/0xf0
[ 1276.827910][T30901]  do_syscall_64+0xec/0xf80
[ 1276.827930][T30901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.827949][T30901]  ? trace_irq_disable+0x37/0x100
[ 1276.827968][T30901]  ? clear_bhb_loop+0x60/0xb0
[ 1276.827992][T30901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.828010][T30901] RIP: 0033:0x7f25fd09f749
[ 1276.828027][T30901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.828044][T30901] RSP: 002b:00007f25fb2fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1276.828065][T30901] RAX: ffffffffffffffda RBX: 00007f25fd2f5fa0 RCX: 00007f25fd09f749
[ 1276.828080][T30901] RDX: 00000000000c2010 RSI: 0000200000000a00 RDI: 0000000000000003
[ 1276.828094][T30901] RBP: 00007f25fb2fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1276.828106][T30901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1276.828118][T30901] R13: 00007f25fd2f6038 R14: 00007f25fd2f5fa0 R15: 00007ffc527ea188
[ 1276.828149][T30901]  </TASK>
[ 1277.438848][T23626] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1277.531068][T30916] netlink: 188 bytes leftover after parsing attributes in process `syz.7.9066'.
[ 1277.589644][T23626] usb 3-1: Using ep0 maxpacket: 16
[ 1277.618710][T23626] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1277.618764][T23626] usb 3-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1277.618793][T23626] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1277.618834][T23626] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1277.618858][T23626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1277.622293][T23626] usb 3-1: config 0 descriptor??
[ 1277.638078][T23626] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1277.688659][   T49] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1277.772810][T30915] overlay: filesystem on ./bus is read-only
[ 1277.888817][   T49] usb 7-1: Using ep0 maxpacket: 16
[ 1277.903098][   T49] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1277.921852][   T49] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1277.921885][   T49] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.921907][   T49] usb 7-1: Product: syz
[ 1277.921921][   T49] usb 7-1: Manufacturer: syz
[ 1277.921937][   T49] usb 7-1: SerialNumber: syz
[ 1279.012383][T30935] affs: No valid root block on device nullb0
[ 1279.712503][T30941] netlink: 87 bytes leftover after parsing attributes in process `syz.1.9073'.
[ 1279.949319][   T49] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1279.949337][   T49] cdc_ncm 7-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1279.949349][   T49] cdc_ncm 7-1:1.0: setting rx_max = 2048
[ 1280.152938][   T49] cdc_ncm 7-1:1.0: setting tx_max = 88
[ 1280.200969][   T49] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1280.244662][   T49] usb 7-1: USB disconnect, device number 36
[ 1280.244692][    T9] usb 3-1: USB disconnect, device number 40
[ 1280.280224][   T49] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[ 1280.287202][T30956] FAULT_INJECTION: forcing a failure.
[ 1280.287202][T30956] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1280.287240][T30956] CPU: 0 UID: 0 PID: 30956 Comm: syz.3.9080 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1280.287268][T30956] Tainted: [L]=SOFTLOCKUP
[ 1280.287275][T30956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1280.287287][T30956] Call Trace:
[ 1280.287295][T30956]  <TASK>
[ 1280.287304][T30956]  dump_stack_lvl+0xe8/0x150
[ 1280.287335][T30956]  should_fail_ex+0x46c/0x600
[ 1280.287365][T30956]  _copy_from_user+0x2d/0xb0
[ 1280.287385][T30956]  get_timespec64+0x8e/0x1a0
[ 1280.287411][T30956]  ? __pfx_get_timespec64+0x10/0x10
[ 1280.287444][T30956]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1280.287469][T30956]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1280.287499][T30956]  __se_sys_pselect6+0x129/0x300
[ 1280.287534][T30956]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1280.287560][T30956]  ? __pfx_ksys_write+0x10/0x10
[ 1280.287590][T30956]  ? __x64_sys_pselect6+0x21/0xf0
[ 1280.287617][T30956]  do_syscall_64+0xec/0xf80
[ 1280.287634][T30956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.287651][T30956]  ? trace_irq_disable+0x37/0x100
[ 1280.287670][T30956]  ? clear_bhb_loop+0x60/0xb0
[ 1280.287690][T30956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.287706][T30956] RIP: 0033:0x7fe89ffbf749
[ 1280.287722][T30956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1280.287737][T30956] RSP: 002b:00007fe89e21e038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1280.287757][T30956] RAX: ffffffffffffffda RBX: 00007fe8a0215fa0 RCX: 00007fe89ffbf749
[ 1280.287771][T30956] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040
[ 1280.287784][T30956] RBP: 00007fe89e21e090 R08: 0000200000000280 R09: 0000000000000000
[ 1280.287797][T30956] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1280.287809][T30956] R13: 00007fe8a0216038 R14: 00007fe8a0215fa0 R15: 00007ffe3a25a518
[ 1280.287838][T30956]  </TASK>
[ 1280.819979][T30963] FAULT_INJECTION: forcing a failure.
[ 1280.819979][T30963] name failslab, interval 1, probability 0, space 0, times 0
[ 1280.820038][T30963] CPU: 0 UID: 0 PID: 30963 Comm: syz.3.9082 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1280.820067][T30963] Tainted: [L]=SOFTLOCKUP
[ 1280.820075][T30963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1280.820087][T30963] Call Trace:
[ 1280.820096][T30963]  <TASK>
[ 1280.820105][T30963]  dump_stack_lvl+0xe8/0x150
[ 1280.820135][T30963]  should_fail_ex+0x46c/0x600
[ 1280.820165][T30963]  ? getname_flags+0xb8/0x540
[ 1280.820184][T30963]  should_failslab+0xa8/0x100
[ 1280.820205][T30963]  ? getname_flags+0xb8/0x540
[ 1280.820221][T30963]  kmem_cache_alloc_noprof+0x84/0x6c0
[ 1280.820245][T30963]  ? __pfx___schedule+0x10/0x10
[ 1280.820290][T30963]  getname_flags+0xb8/0x540
[ 1280.820314][T30963]  do_sys_openat2+0xbc/0x200
[ 1280.820336][T30963]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1280.820356][T30963]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1280.820390][T30963]  __x64_sys_openat+0x138/0x170
[ 1280.820416][T30963]  do_syscall_64+0xec/0xf80
[ 1280.820435][T30963]  ? rcu_is_watching+0x15/0xb0
[ 1280.820452][T30963]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.820471][T30963]  ? clear_bhb_loop+0x60/0xb0
[ 1280.820494][T30963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.820513][T30963] RIP: 0033:0x7fe89ffbf749
[ 1280.820530][T30963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1280.820546][T30963] RSP: 002b:00007fe89e1dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1280.820568][T30963] RAX: ffffffffffffffda RBX: 00007fe8a0216180 RCX: 00007fe89ffbf749
[ 1280.820583][T30963] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 1280.820597][T30963] RBP: 00007fe89e1dc090 R08: 0000000000000000 R09: 0000000000000000
[ 1280.820610][T30963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1280.820622][T30963] R13: 00007fe8a0216218 R14: 00007fe8a0216180 R15: 00007ffe3a25a518
[ 1280.820654][T30963]  </TASK>
[ 1282.170283][   T49] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1282.238846][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1282.298723][ T5875] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1282.328871][   T49] usb 3-1: Using ep0 maxpacket: 16
[ 1282.331364][   T49] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1282.334347][   T49] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1282.334376][   T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.334397][   T49] usb 3-1: Product: syz
[ 1282.334411][   T49] usb 3-1: Manufacturer: syz
[ 1282.334427][   T49] usb 3-1: SerialNumber: syz
[ 1282.388824][    T9] usb 4-1: Using ep0 maxpacket: 16
[ 1282.405571][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1282.408150][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1282.408181][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.408202][    T9] usb 4-1: Product: syz
[ 1282.408217][    T9] usb 4-1: Manufacturer: syz
[ 1282.408233][    T9] usb 4-1: SerialNumber: syz
[ 1282.451068][ T5875] usb 7-1: Using ep0 maxpacket: 16
[ 1282.457970][ T5875] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1282.471398][ T5875] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1282.471478][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.471499][ T5875] usb 7-1: Product: syz
[ 1282.471515][ T5875] usb 7-1: Manufacturer: syz
[ 1282.471530][ T5875] usb 7-1: SerialNumber: syz
[ 1282.517863][    T9] usb 4-1: config 0 descriptor??
[ 1282.529241][    T9] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1282.529278][    T9] em28xx 4-1:0.0: DVB interface 0 found: bulk
[ 1283.417977][   T49] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1283.418006][   T49] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1283.418026][   T49] cdc_ncm 3-1:1.0: setting rx_max = 2048
[ 1283.615517][    T9] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1283.622325][   T49] cdc_ncm 3-1:1.0: setting tx_max = 88
[ 1283.636097][   T49] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1283.691121][   T49] usb 3-1: USB disconnect, device number 41
[ 1283.701989][   T49] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[ 1284.021636][ T5875] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1284.021661][ T5875] cdc_ncm 7-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1284.021682][ T5875] cdc_ncm 7-1:1.0: setting rx_max = 2048
[ 1284.225861][ T5875] cdc_ncm 7-1:1.0: setting tx_max = 88
[ 1284.364977][ T5875] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1284.419100][ T5875] usb 7-1: USB disconnect, device number 37
[ 1284.432928][ T5875] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[ 1284.806608][   T49] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1284.832363][T23641] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1284.958863][   T49] usb 3-1: Using ep0 maxpacket: 16
[ 1284.961422][   T49] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1284.961464][   T49] usb 3-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1284.961492][   T49] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1284.961527][   T49] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1284.961552][   T49] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.978137][   T49] usb 3-1: config 0 descriptor??
[ 1285.003287][   T49] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1285.018717][T23641] usb 2-1: Using ep0 maxpacket: 32
[ 1285.093273][T23641] usb 2-1: config 170 has an invalid interface number: 248 but max is 0
[ 1285.093305][T23641] usb 2-1: config 170 has no interface number 0
[ 1285.093356][T23641] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1285.093383][T23641] usb 2-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1285.093407][T23641] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1285.093438][T23641] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1285.093468][T23641] usb 2-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1285.093491][T23641] usb 2-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1285.093507][T23641] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1285.093519][T23641] usb 2-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1285.093530][T23641] usb 2-1: config 170 interface 248 has no altsetting 0
[ 1285.097289][T23641] usb 2-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1285.097320][T23641] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.097340][T23641] usb 2-1: Product: Ъ
[ 1285.097355][T23641] usb 2-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1285.097382][T23641] usb 2-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1285.388944][    T9] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1285.388978][    T9] em28xx 4-1:0.0: board has no eeprom
[ 1285.468769][    T9] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1285.468798][    T9] em28xx 4-1:0.0: dvb set to bulk mode.
[ 1285.492891][ T5882] em28xx 4-1:0.0: Binding DVB extension
[ 1285.581519][T23641] usb 2-1: USB disconnect, device number 29
[ 1286.756330][ T5875] usb 4-1: USB disconnect, device number 18
[ 1286.764435][ T5875] em28xx 4-1:0.0: Disconnecting em28xx
[ 1286.907193][ T5882] em28xx 4-1:0.0: Registering input extension
[ 1286.919084][ T5875] em28xx 4-1:0.0: Closing input extension
[ 1287.115008][ T5875] em28xx 4-1:0.0: Freeing device
[ 1287.703091][T31016] binder: 31011:31016 ioctl c0306201 0 returned -14
[ 1287.728995][ T5882] usb 3-1: USB disconnect, device number 42
[ 1288.140325][T31023] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9102'.
[ 1288.338697][T23641] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1291.749980][T23641] usb 3-1: Using ep0 maxpacket: 16
[ 1291.751279][T23641] usb 3-1: device descriptor read/all, error -71
[ 1292.057972][T31038] overlay: filesystem on ./bus is read-only
[ 1292.258866][   T49] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1292.918712][   T49] usb 2-1: device descriptor read/64, error -71
[ 1293.163109][   T49] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1293.258764][T18624] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1293.258918][T23646] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1293.288850][   T49] usb 2-1: device descriptor read/64, error -71
[ 1293.989110][T23641] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1293.989255][   T37] audit: type=1326 audit(1768477841.485:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31049 comm="syz.6.9106" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f25fd09f749 code=0x0
[ 1294.002233][   T49] usb usb2-port1: attempt power cycle
[ 1294.128660][T18624] usb 4-1: Using ep0 maxpacket: 16
[ 1294.128839][T23646] usb 8-1: Using ep0 maxpacket: 32
[ 1294.131312][T18624] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1294.131391][T18624] usb 4-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1294.131420][T18624] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1294.131454][T18624] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1294.131471][T18624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.137078][T23646] usb 8-1: config 170 has an invalid interface number: 248 but max is 0
[ 1294.137109][T23646] usb 8-1: config 170 has no interface number 0
[ 1294.137144][T23646] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1294.137157][T23646] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1294.137171][T23646] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1294.137192][T23646] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1294.137262][T23646] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1294.137286][T23646] usb 8-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1294.137300][T23646] usb 8-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1294.137314][T23646] usb 8-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1294.137327][T23646] usb 8-1: config 170 interface 248 has no altsetting 0
[ 1294.160954][T23646] usb 8-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1294.160985][T23646] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1294.161006][T23646] usb 8-1: Product: Ъ
[ 1294.161021][T23646] usb 8-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1294.161048][T23646] usb 8-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1294.185040][T18624] usb 4-1: config 0 descriptor??
[ 1294.190797][T23641] usb 3-1: Using ep0 maxpacket: 8
[ 1294.199731][T23641] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1294.199761][T23641] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1294.199787][T23641] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1294.199812][T23641] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1294.199854][T23641] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1294.199876][T23641] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.229499][T18624] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1294.398723][   T49] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1294.439444][   T49] usb 2-1: device descriptor read/8, error -71
[ 1294.456853][T23641] usb 3-1: GET_CAPABILITIES returned 0
[ 1294.456903][T23641] usbtmc 3-1:16.0: can't read capabilities
[ 1294.491508][T23646] usb 8-1: USB disconnect, device number 15
[ 1294.678680][   T49] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1294.702354][   T49] usb 2-1: device descriptor read/8, error -71
[ 1294.809925][   T49] usb usb2-port1: unable to enumerate USB device
[ 1294.980418][T31057] binder: 31056:31057 ioctl c0306201 0 returned -14
[ 1295.438809][ T5882] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1295.608741][ T5882] usb 8-1: Using ep0 maxpacket: 16
[ 1295.616853][ T5882] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1295.630648][ T5882] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1295.630669][ T5882] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1295.630680][ T5882] usb 8-1: Product: syz
[ 1295.630689][ T5882] usb 8-1: Manufacturer: syz
[ 1295.630698][ T5882] usb 8-1: SerialNumber: syz
[ 1296.117667][T23626] usb 3-1: USB disconnect, device number 44
[ 1296.239388][T23648] usb 4-1: USB disconnect, device number 19
[ 1296.478221][T31075] overlay: filesystem on ./bus is read-only
[ 1296.899403][ T5882] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1296.899477][ T5882] cdc_ncm 8-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1296.899523][ T5882] cdc_ncm 8-1:1.0: setting rx_max = 2048
[ 1297.597353][T31088] binder: 31085:31088 ioctl c0306201 0 returned -14
[ 1297.629037][ T5882] cdc_ncm 8-1:1.0: setting tx_max = 88
[ 1297.663018][ T5882] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1297.683530][ T5882] usb 8-1: USB disconnect, device number 16
[ 1297.685721][ T5882] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM (NO ZLP)
[ 1297.828907][T23648] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1298.042374][T23648] usb 2-1: Using ep0 maxpacket: 32
[ 1298.385609][T23648] usb 2-1: config 170 has an invalid interface number: 248 but max is 0
[ 1298.385642][T23648] usb 2-1: config 170 has no interface number 0
[ 1298.385690][T23648] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0
[ 1298.385719][T23648] usb 2-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1298.385743][T23648] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 1298.385774][T23648] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1298.385805][T23648] usb 2-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1298.385828][T23648] usb 2-1: config 170 interface 248 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[ 1298.385855][T23648] usb 2-1: config 170 interface 248 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1298.385876][T23648] usb 2-1: config 170 interface 248 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1298.385896][T23648] usb 2-1: config 170 interface 248 has no altsetting 0
[ 1298.503600][T23648] usb 2-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=d3.3a
[ 1298.503634][T23648] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1298.503657][T23648] usb 2-1: Product: Ъ
[ 1298.503673][T23648] usb 2-1: Manufacturer: 肈콍㭉惷䟭἖ἰ﻾⁐둸횡뤗ላ⋨譂箕疨뗦뎋硌휙픘₇뻩瞩줅鳢脴未諕料鄯셟ᨘቇۥᴍ긋ꢫ⥋孋懽랬宎嶫넩䛖鲥妗튭횂议쩲㶖ዕ
[ 1298.503700][T23648] usb 2-1: SerialNumber: 㝢⥟䛡뵚▄馒擨䝋㻿᣸醋ꂊ굡싖춛鳁䀝럨㬙蠇視⚌㐤﬈뛎蹲閪였燺佔枸倒ꑱ쵓ﯕⴑ殔쮚婔ࠢ笽옒ଝ毢꧐ᙐ
[ 1298.812310][T23648] usb 2-1: USB disconnect, device number 34
[ 1298.836281][T31103] netlink: 'syz.6.9119': attribute type 10 has an invalid length.
[ 1298.901466][T31103] netlink: 'syz.6.9119': attribute type 10 has an invalid length.
[ 1298.909217][    T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1298.940887][T31103] team0: Port device dummy0 removed
[ 1298.946340][T31103] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1298.998762][T18624] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1299.148734][T18624] usb 3-1: Using ep0 maxpacket: 16
[ 1299.229881][T18624] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1299.229941][T18624] usb 3-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1299.229964][T18624] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1299.229984][T18624] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1299.229997][T18624] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.239483][    T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1299.239513][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1299.239533][    T9] usb 4-1: Product: syz
[ 1299.239547][    T9] usb 4-1: Manufacturer: syz
[ 1299.239563][    T9] usb 4-1: SerialNumber: syz
[ 1300.190662][T18624] usb 3-1: config 0 descriptor??
[ 1300.273906][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.273978][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.286215][    T9] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1300.333069][T18624] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1300.867276][ T5882] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1301.026167][T31131] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9138'.
[ 1301.054130][T31131] netlink: 84 bytes leftover after parsing attributes in process `syz.7.9138'.
[ 1301.054158][T31131] netlink: 84 bytes leftover after parsing attributes in process `syz.7.9138'.
[ 1301.347512][T31137] overlayfs: missing 'lowerdir'
[ 1301.912923][T23641] usb 3-1: USB disconnect, device number 45
[ 1406.328584][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1406.328621][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P31094/2:b..l P31135/3:b..l
[ 1406.328667][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=137957, q=1076 ncpus=2)
[ 1406.328691][    C1] task:syz.6.9139      state:R  running task     stack:25944 pid:31135 tgid:31130 ppid:26455  task_flags:0x400040 flags:0x00080000
[ 1406.328752][    C1] Call Trace:
[ 1406.328760][    C1]  <TASK>
[ 1406.328776][    C1]  __schedule+0x145f/0x5070
[ 1406.328834][    C1]  ? __lock_acquire+0x6b6/0x2cf0
[ 1406.328858][    C1]  ? __pfx___schedule+0x10/0x10
[ 1406.328886][    C1]  ? __lock_acquire+0x6b6/0x2cf0
[ 1406.328920][    C1]  preempt_schedule_irq+0x4d/0xa0
[ 1406.328939][    C1]  irqentry_exit+0x5e3/0x670
[ 1406.328964][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1406.328985][    C1] RIP: 0010:lock_acquire+0x222/0x340
[ 1406.329007][    C1] Code: ff ff ff e8 d0 40 35 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 aa 9f 16 10 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 4f ff 38 09 cc 48 8d 3d a7 c9 41
[ 1406.329023][    C1] RSP: 0018:ffffc90004b3f4c0 EFLAGS: 00000286
[ 1406.329040][    C1] RAX: 1902d30790721f00 RBX: 0000000000000000 RCX: 0000000000000046
[ 1406.329053][    C1] RDX: 00000000ef846500 RSI: ffffffff8cfdf9c8 RDI: ffffffff8b3f5ae0
[ 1406.329067][    C1] RBP: ffffffff820eb12e R08: ffffffff820eb12e R09: ffff888062cef598
[ 1406.329091][    C1] R10: dffffc0000000000 R11: fffff940005903e1 R12: 0000000000000000
[ 1406.329105][    C1] R13: ffff888062cef598 R14: 0000000000000001 R15: 0000000000000246
[ 1406.329122][    C1]  ? __pte_offset_map_lock+0x13e/0x210
[ 1406.329147][    C1]  ? __pte_offset_map_lock+0x13e/0x210
[ 1406.329182][    C1]  rt_spin_lock+0x88/0x3e0
[ 1406.329203][    C1]  ? __pte_offset_map_lock+0x13e/0x210
[ 1406.329229][    C1]  ? __pfx_rt_spin_lock+0x10/0x10
[ 1406.329256][    C1]  ? ___pte_offset_map+0x178/0x200
[ 1406.329282][    C1]  __pte_offset_map_lock+0x13e/0x210
[ 1406.329314][    C1]  filemap_map_pages+0x616/0x1cc0
[ 1406.329337][    C1]  ? rt_spin_lock+0x1c1/0x3e0
[ 1406.329362][    C1]  ? __lock_acquire+0x6b6/0x2cf0
[ 1406.329387][    C1]  ? __lock_acquire+0x6b6/0x2cf0
[ 1406.329417][    C1]  ? filemap_map_pages+0x182/0x1cc0
[ 1406.329441][    C1]  ? __lock_acquire+0x6b6/0x2cf0
[ 1406.329491][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1406.329523][    C1]  ? ___pte_offset_map+0x29/0x200
[ 1406.329549][    C1]  ? do_pte_missing+0x14c6/0x27a0
[ 1406.329568][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1406.329590][    C1]  do_pte_missing+0x175b/0x27a0
[ 1406.329625][    C1]  ? handle_mm_fault+0xd1/0x1330
[ 1406.329651][    C1]  ? handle_mm_fault+0xd1/0x1330
[ 1406.329673][    C1]  handle_mm_fault+0xcc1/0x1330
[ 1406.329705][    C1]  ? handle_mm_fault+0xd1/0x1330
[ 1406.329730][    C1]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1406.329755][    C1]  ? follow_page_pte+0xc0d/0x1360
[ 1406.329787][    C1]  ? __pfx_follow_page_pte+0x10/0x10
[ 1406.329819][    C1]  __get_user_pages+0x166e/0x2830
[ 1406.329874][    C1]  populate_vma_page_range+0x29f/0x3a0
[ 1406.329900][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1406.329919][    C1]  ? userfaultfd_unmap_complete+0x278/0x2d0
[ 1406.329939][    C1]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1406.329960][    C1]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1406.329984][    C1]  __mm_populate+0x24c/0x380
[ 1406.330009][    C1]  ? __pfx___mm_populate+0x10/0x10
[ 1406.330030][    C1]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1406.330050][    C1]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1406.330068][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1406.330090][    C1]  vm_mmap_pgoff+0x38a/0x4d0
[ 1406.330111][    C1]  ? __se_sys_futex+0x36f/0x400
[ 1406.330140][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1406.330165][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1406.330188][    C1]  ? __x64_sys_mmap+0x7f/0x140
[ 1406.330213][    C1]  do_syscall_64+0xec/0xf80
[ 1406.330231][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.330248][    C1]  ? trace_irq_disable+0x37/0x100
[ 1406.330266][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1406.330289][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.330307][    C1] RIP: 0033:0x7f25fd09f749
[ 1406.330323][    C1] RSP: 002b:00007f25fb2dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1406.330341][    C1] RAX: ffffffffffffffda RBX: 00007f25fd2f6090 RCX: 00007f25fd09f749
[ 1406.330355][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[ 1406.330368][    C1] RBP: 00007f25fd123f91 R08: ffffffffffffffff R09: 0000000000000000
[ 1406.330381][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 1406.330394][    C1] R13: 00007f25fd2f6128 R14: 00007f25fd2f6090 R15: 00007ffc527ea188
[ 1406.330426][    C1]  </TASK>
[ 1406.330435][    C1] task:syz.3.9127      state:R  running task     stack:24952 pid:31094 tgid:31094 ppid:30245  task_flags:0x400040 flags:0x00080002
[ 1406.330492][    C1] Call Trace:
[ 1406.330499][    C1]  <TASK>
[ 1406.330511][    C1]  __schedule+0x145f/0x5070
[ 1406.330564][    C1]  ? __pfx___schedule+0x10/0x10
[ 1406.330593][    C1]  ? __pfx___calc_delta+0x10/0x10
[ 1406.330636][    C1]  preempt_schedule_irq+0x4d/0xa0
[ 1406.330655][    C1]  irqentry_exit+0x5e3/0x670
[ 1406.330680][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1406.330699][    C1] RIP: 0010:unwind_next_frame+0x51a/0x23d0
[ 1406.330722][    C1] Code: 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 27 49 63 07 <4c> 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49 8d 47 fc 48 0f 47 d8
[ 1406.330739][    C1] RSP: 0018:ffffc90004cff598 EFLAGS: 00000246
[ 1406.330754][    C1] RAX: fffffffff79f94f9 RBX: ffffffff8f2f601c RCX: dffffc0000000000
[ 1406.330769][    C1] RDX: ffffffff8f2f6004 RSI: ffffffff8fc41808 RDI: ffffffff8b3f5a80
[ 1406.330783][    C1] RBP: ffffffff8f2f6004 R08: 0000000000000007 R09: ffffffff8d5ae940
[ 1406.330797][    C1] R10: ffffc90004cff6b8 R11: ffffffff81ab9960 R12: ffffffff86cef5c8
[ 1406.330811][    C1] R13: ffffffff8f2f6004 R14: ffffc90004cff668 R15: ffffffff8f2f6010
[ 1406.330827][    C1]  ? dummy_pullup+0xc8/0x1e0
[ 1406.330852][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1406.330884][    C1]  ? unwind_next_frame+0xd4/0x23d0
[ 1406.330912][    C1]  ? unwind_next_frame+0xa5/0x23d0
[ 1406.330934][    C1]  ? dummy_pullup+0xc9/0x1e0
[ 1406.330956][    C1]  ? dummy_pullup+0xc9/0x1e0
[ 1406.330982][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1406.331004][    C1]  arch_stack_walk+0x11c/0x150
[ 1406.331031][    C1]  ? dummy_pullup+0xc9/0x1e0
[ 1406.331059][    C1]  stack_trace_save+0x9c/0xe0
[ 1406.331080][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1406.331099][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1406.331130][    C1]  kasan_save_track+0x3e/0x80
[ 1406.331152][    C1]  ? kasan_save_track+0x3e/0x80
[ 1406.331173][    C1]  ? __kasan_kmalloc+0x93/0xb0
[ 1406.331194][    C1]  ? __kmalloc_noprof+0x23e/0x7e0
[ 1406.331216][    C1]  ? raw_queue_event+0x83/0x2e0
[ 1406.331240][    C1]  ? gadget_suspend+0x51/0xf0
[ 1406.331261][    C1]  ? set_link_state+0xb9b/0x1220
[ 1406.331283][    C1]  ? dummy_pullup+0xc9/0x1e0
[ 1406.331349][    C1]  ? __slab_alloc+0xc6/0x1f0
[ 1406.331369][    C1]  __kasan_kmalloc+0x93/0xb0
[ 1406.331394][    C1]  __kmalloc_noprof+0x23e/0x7e0
[ 1406.331418][    C1]  ? raw_queue_event+0x83/0x2e0
[ 1406.331447][    C1]  raw_queue_event+0x83/0x2e0
[ 1406.331476][    C1]  gadget_suspend+0x51/0xf0
[ 1406.331499][    C1]  ? __pfx_gadget_suspend+0x10/0x10
[ 1406.331523][    C1]  set_link_state+0xb9b/0x1220
[ 1406.331559][    C1]  dummy_pullup+0xc9/0x1e0
[ 1406.331583][    C1]  ? __pfx_dummy_pullup+0x10/0x10
[ 1406.331615][    C1]  usb_gadget_disconnect_locked+0x143/0x490
[ 1406.331640][    C1]  gadget_unbind_driver+0xc7/0x460
[ 1406.331662][    C1]  ? __pfx_gadget_unbind_driver+0x10/0x10
[ 1406.331684][    C1]  device_release_driver_internal+0x46f/0x800
[ 1406.331715][    C1]  driver_detach+0x1f3/0x2d0
[ 1406.331739][    C1]  bus_remove_driver+0x229/0x320
[ 1406.331758][    C1]  ? __pfx_raw_release+0x10/0x10
[ 1406.331783][    C1]  usb_gadget_unregister_driver+0x4e/0x70
[ 1406.331803][    C1]  raw_release+0xd2/0x260
[ 1406.331830][    C1]  __fput+0x45b/0xa80
[ 1406.331862][    C1]  task_work_run+0x1d4/0x260
[ 1406.331891][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1406.331925][    C1]  exit_to_user_mode_loop+0xef/0x4e0
[ 1406.331949][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1406.331968][    C1]  do_syscall_64+0x2c1/0xf80
[ 1406.331984][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.332001][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1406.332021][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.332038][    C1] RIP: 0033:0x7fe89ffbf749
[ 1406.332052][    C1] RSP: 002b:00007ffe3a25a678 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1406.332071][    C1] RAX: 0000000000000000 RBX: 000000000013d029 RCX: 00007fe89ffbf749
[ 1406.332084][    C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1406.332095][    C1] RBP: 00007fe8a0217da0 R08: 0000000000000001 R09: 0000000c3a25a96f
[ 1406.332108][    C1] R10: 0000001b2de20000 R11: 0000000000000246 R12: 00007fe8a0215fac
[ 1406.332121][    C1] R13: 00007fe8a0215fa0 R14: ffffffffffffffff R15: 00007ffe3a25a790
[ 1406.332153][    C1]  </TASK>
[ 1406.332161][    C1] rcu: rcu_preempt kthread starved for 10399 jiffies! g137957 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1406.332182][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1406.332192][    C1] rcu: RCU grace-period kthread stack dump:
[ 1406.332200][    C1] task:rcu_preempt     state:R  running task     stack:27544 pid:18    tgid:18    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1406.332258][    C1] Call Trace:
[ 1406.332264][    C1]  <TASK>
[ 1406.332276][    C1]  __schedule+0x145f/0x5070
[ 1406.332327][    C1]  ? __pfx___schedule+0x10/0x10
[ 1406.332361][    C1]  ? schedule+0x91/0x360
[ 1406.332389][    C1]  schedule+0x165/0x360
[ 1406.332416][    C1]  schedule_timeout+0x12b/0x270
[ 1406.332441][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1406.332467][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1406.332491][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1406.332510][    C1]  ? prepare_to_swait_event+0x341/0x380
[ 1406.332537][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[ 1406.332574][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1406.332603][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1406.332625][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1406.332649][    C1]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1406.332673][    C1]  rcu_gp_kthread+0x99/0x390
[ 1406.332699][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1406.332723][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1406.332745][    C1]  ? __kthread_parkme+0x1a1/0x200
[ 1406.332772][    C1]  kthread+0x711/0x8a0
[ 1406.332797][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1406.332820][    C1]  ? __pfx_kthread+0x10/0x10
[ 1406.332840][    C1]  ? rt_spin_unlock+0x150/0x200
[ 1406.332867][    C1]  ? rt_spin_unlock+0x161/0x200
[ 1406.332888][    C1]  ? __pfx_kthread+0x10/0x10
[ 1406.332911][    C1]  ret_from_fork+0x510/0xa50
[ 1406.332933][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1406.332951][    C1]  ? __switch_to+0xc9e/0x1480
[ 1406.332980][    C1]  ? __pfx_kthread+0x10/0x10
[ 1406.333004][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1406.333044][    C1]  </TASK>
[ 1406.333052][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1406.333074][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1406.333103][    C1] Tainted: [L]=SOFTLOCKUP
[ 1406.333111][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1406.333122][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1406.333140][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 97 16 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1406.333156][    C1] RSP: 0018:ffffc900001d7e20 EFLAGS: 000002c2
[ 1406.333172][    C1] RAX: 000000000089a7bf RBX: ffffffff8195d83e RCX: 0000000080000001
[ 1406.333186][    C1] RDX: 0000000000000001 RSI: ffffffff8ce0c91e RDI: ffffffff8b3f5ae0
[ 1406.333199][    C1] RBP: ffffc900001d7f10 R08: ffff8880b8933c5b R09: 1ffff1101712678b
[ 1406.333213][    C1] R10: dffffc0000000000 R11: ffffed101712678c R12: ffffffff8edb3670
[ 1406.333227][    C1] R13: 1ffff11003757b58 R14: 0000000000000001 R15: 0000000000000001
[ 1406.333240][    C1] FS:  0000000000000000(0000) GS:ffff888126dee000(0000) knlGS:0000000000000000
[ 1406.333255][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1406.333268][    C1] CR2: 00007f84c2d2cd58 CR3: 000000002f08e000 CR4: 00000000003526f0
[ 1406.333285][    C1] Call Trace:
[ 1406.333291][    C1]  <TASK>
[ 1406.333298][    C1]  default_idle+0x13/0x20
[ 1406.333317][    C1]  default_idle_call+0x73/0xb0
[ 1406.333337][    C1]  do_idle+0x1be/0x4d0
[ 1406.333353][    C1]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1406.333375][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1406.333402][    C1]  cpu_startup_entry+0x44/0x60
[ 1406.333419][    C1]  start_secondary+0x101/0x110
[ 1406.333438][    C1]  common_startup_64+0x13e/0x147
[ 1406.333475][    C1]  </TASK>
[ 1446.749006][   T38] INFO: task syz.1.9137:31137 blocked for more than 143 seconds.
[ 1446.749038][   T38]       Tainted: G             L      syzkaller #0
[ 1446.749051][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1446.749062][   T38] task:syz.1.9137      state:D stack:27480 pid:31137 tgid:31125 ppid:22978  task_flags:0x400140 flags:0x00080002
[ 1446.749123][   T38] Call Trace:
[ 1446.749131][   T38]  <TASK>
[ 1446.749147][   T38]  __schedule+0x145f/0x5070
[ 1446.749211][   T38]  ? __pfx___schedule+0x10/0x10
[ 1446.749249][   T38]  ? schedule+0x91/0x360
[ 1446.749279][   T38]  schedule+0x165/0x360
[ 1446.749309][   T38]  schedule_timeout+0x9a/0x270
[ 1446.749336][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[ 1446.749365][   T38]  ? do_raw_spin_lock+0x121/0x290
[ 1446.749406][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1446.749426][   T38]  ? wait_for_completion+0x267/0x5d0
[ 1446.749448][   T38]  wait_for_completion+0x2bf/0x5d0
[ 1446.749481][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[ 1446.749503][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1446.749524][   T38]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1446.749544][   T38]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1446.749569][   T38]  synchronize_rcu_normal+0x17d/0x260
[ 1446.749591][   T38]  ? __pfx_synchronize_rcu_normal+0x10/0x10
[ 1446.749611][   T38]  ? vprintk_store+0xa16/0xcb0
[ 1446.749648][   T38]  ? tick_nohz_tick_stopped+0x86/0xb0
[ 1446.749672][   T38]  ? __irq_work_queue_local+0x2ca/0x560
[ 1446.749713][   T38]  synchronize_rcu_expedited+0x13b/0x6e0
[ 1446.749737][   T38]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 1446.749757][   T38]  ? vprintk_emit+0x4e1/0x550
[ 1446.749789][   T38]  ? iput+0x1a/0x1030
[ 1446.749813][   T38]  ? iput+0x90e/0x1030
[ 1446.749835][   T38]  ? kern_unmount_array+0x68/0x3d0
[ 1446.749856][   T38]  ? __pfx__printk+0x10/0x10
[ 1446.749881][   T38]  ovl_free_fs+0x3f7/0x6c0
[ 1446.749913][   T38]  ovl_fill_super+0x620/0x5a90
[ 1446.749943][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.749974][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.750024][   T38]  ? __pfx_ovl_fill_super+0x10/0x10
[ 1446.750050][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.750083][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.750115][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.750142][   T38]  ? do_raw_spin_lock+0x121/0x290
[ 1446.750176][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1446.750197][   T38]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1446.750217][   T38]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1446.750238][   T38]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1446.750267][   T38]  ? __raw_spin_lock_init+0x45/0x100
[ 1446.750291][   T38]  ? __init_swait_queue_head+0xa9/0x150
[ 1446.750318][   T38]  ? shrinker_register+0x16b/0x230
[ 1446.750345][   T38]  ? sget_fc+0x962/0xa40
[ 1446.750372][   T38]  ? __pfx_set_anon_super_fc+0x10/0x10
[ 1446.750400][   T38]  ? __pfx_ovl_fill_super+0x10/0x10
[ 1446.750425][   T38]  get_tree_nodev+0xbb/0x150
[ 1446.750452][   T38]  vfs_get_tree+0x92/0x2a0
[ 1446.750480][   T38]  do_new_mount+0x302/0xa10
[ 1446.750499][   T38]  ? safesetid_security_capable+0xa9/0x1a0
[ 1446.750531][   T38]  ? __pfx_do_new_mount+0x10/0x10
[ 1446.750551][   T38]  ? ns_capable+0x8a/0xf0
[ 1446.750574][   T38]  ? path_mount+0x628/0xff0
[ 1446.750605][   T38]  __se_sys_mount+0x313/0x410
[ 1446.750632][   T38]  ? __pfx___se_sys_mount+0x10/0x10
[ 1446.750658][   T38]  ? __x64_sys_mount+0x20/0xc0
[ 1446.750681][   T38]  do_syscall_64+0xec/0xf80
[ 1446.750701][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1446.750721][   T38]  ? trace_irq_disable+0x37/0x100
[ 1446.750740][   T38]  ? clear_bhb_loop+0x60/0xb0
[ 1446.750765][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1446.750784][   T38] RIP: 0033:0x7f0e9975f749
[ 1446.750803][   T38] RSP: 002b:00007f0e9797c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1446.750823][   T38] RAX: ffffffffffffffda RBX: 00007f0e999b6180 RCX: 00007f0e9975f749
[ 1446.750838][   T38] RDX: 0000200000000380 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1446.750852][   T38] RBP: 00007f0e997e3f91 R08: 0000200000000000 R09: 0000000000000000
[ 1446.750866][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1446.750879][   T38] R13: 00007f0e999b6218 R14: 00007f0e999b6180 R15: 00007ffde6ab9998
[ 1446.750912][   T38]  </TASK>
[ 1446.750931][   T38] 
[ 1446.750931][   T38] Showing all locks held in the system:
[ 1446.750941][   T38] 3 locks held by kworker/u8:1/13:
[ 1446.750955][   T38] 5 locks held by ktimers/0/16:
[ 1446.750969][   T38] 1 lock held by khungtaskd/38:
[ 1446.750981][   T38]  #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1446.751060][   T38] 2 locks held by getty/5560:
[ 1446.751072][   T38]  #0: ffff88814e5050a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1446.751121][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460
[ 1446.751168][   T38] 2 locks held by kworker/0:4/5882:
[ 1446.751182][   T38] 2 locks held by kworker/u8:21/6546:
[ 1446.751194][   T38]  #0: ffff88813ff69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1446.751242][   T38]  #1: ffffc9000d247bc0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1446.751291][   T38] 4 locks held by kworker/u8:23/20598:
[ 1446.751304][   T38] 1 lock held by syz-executor/22978:
[ 1446.751316][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[ 1446.751370][   T38] 1 lock held by syz-executor/26455:
[ 1446.751381][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[ 1446.751441][   T38] 4 locks held by syz-executor/30245:
[ 1446.751455][   T38] 5 locks held by syz.3.9127/31094:
[ 1446.751467][   T38] 3 locks held by syz.1.9137/31128:
[ 1446.751479][   T38] 1 lock held by syz.1.9137/31137:
[ 1446.751490][   T38]  #0: ffff888027fe40d0 (&type->s_umount_key#58/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0
[ 1446.751546][   T38] 1 lock held by syz.6.9139/31130:
[ 1446.751559][   T38]  #0: ffff88801f7783b0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x214/0x4d0
[ 1446.751606][   T38] 2 locks held by syz.6.9139/31132:
[ 1446.751617][   T38]  #0: ffffffff8d66d590 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x131/0x4b0
[ 1446.751662][   T38]  #1: ffff88801f7783b0 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x125/0x1b40
[ 1446.751713][   T38] 5 locks held by syz.6.9139/31135:
[ 1446.751724][   T38] 3 locks held by syz.2.9142/31146:
[ 1446.751736][   T38] 2 locks held by syz.7.9143/31148:
[ 1446.751748][   T38]  #0: ffffffff8d5e92b0 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x206b/0x3960
[ 1446.751794][   T38]  #1: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: copy_process+0x218d/0x3960
[ 1446.751841][   T38] 
[ 1446.751847][   T38] =============================================
[ 1446.751847][   T38] 
[ 1446.751857][   T38] NMI backtrace for cpu 1
[ 1446.751874][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1446.751902][   T38] Tainted: [L]=SOFTLOCKUP
[ 1446.751909][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1446.751921][   T38] Call Trace:
[ 1446.751930][   T38]  <TASK>
[ 1446.751937][   T38]  dump_stack_lvl+0xe8/0x150
[ 1446.751964][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[ 1446.751989][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1446.752012][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1446.752040][   T38]  sys_info+0x135/0x170
[ 1446.752061][   T38]  watchdog+0xf95/0xfe0
[ 1446.752087][   T38]  ? watchdog+0x20a/0xfe0
[ 1446.752114][   T38]  kthread+0x711/0x8a0
[ 1446.752142][   T38]  ? __pfx_watchdog+0x10/0x10
[ 1446.752161][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.752183][   T38]  ? rt_spin_unlock+0x150/0x200
[ 1446.752212][   T38]  ? rt_spin_unlock+0x161/0x200
[ 1446.752234][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.752259][   T38]  ret_from_fork+0x510/0xa50
[ 1446.752282][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[ 1446.752301][   T38]  ? __switch_to+0xc9e/0x1480
[ 1446.752330][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.752355][   T38]  ret_from_fork_asm+0x1a/0x30
[ 1446.752408][   T38]  </TASK>
[ 1446.752416][   T38] Sending NMI from CPU 1 to CPUs 0:
[ 1446.752449][    C0] NMI backtrace for cpu 0
[ 1446.752466][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1446.752489][    C0] Tainted: [L]=SOFTLOCKUP
[ 1446.752495][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1446.752505][    C0] RIP: 0010:__lock_acquire+0x518/0x2cf0
[ 1446.752527][    C0] Code: 1d 44 89 e0 49 ff c7 49 63 8e 88 0b 00 00 48 83 c3 28 41 89 c4 49 39 cf 0f 8d c7 00 00 00 49 83 ff 31 0f 83 83 00 00 00 8b 03 <25> ff 1f 00 00 48 0f a3 05 bb 3c 1e 11 73 10 48 69 c0 c8 00 00 00
[ 1446.752542][    C0] RSP: 0018:ffffc90000157480 EFLAGS: 00000097
[ 1446.752556][    C0] RAX: 000000000006010d RBX: ffff88801b6de670 RCX: 00000000ffffffff
[ 1446.752569][    C0] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[ 1446.752580][    C0] RBP: ffff88801b6de6f0 R08: ffffffff8ad41cf0 R09: ffff88805c73f4d0
[ 1446.752592][    C0] R10: dffffc0000000000 R11: fffffbfff1db66cf R12: ffffffffffffff05
[ 1446.752605][    C0] R13: ffff88801b6de6f0 R14: ffff88801b6ddac0 R15: 0000000000000000
[ 1446.752617][    C0] FS:  0000000000000000(0000) GS:ffff888126cee000(0000) knlGS:0000000000000000
[ 1446.752631][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1446.752745][    C0] CR2: 0000001b3111f000 CR3: 000000002f08e000 CR4: 00000000003526f0
[ 1446.752763][    C0] Call Trace:
[ 1446.752772][    C0]  <TASK>
[ 1446.752782][    C0]  ? __lock_acquire+0x6b6/0x2cf0
[ 1446.752811][    C0]  ? kasan_save_free_info+0x46/0x50
[ 1446.752830][    C0]  ? __kasan_slab_free+0x5c/0x80
[ 1446.752850][    C0]  ? kfree+0x1bd/0x900
[ 1446.752873][    C0]  ? rt_mutex_slowunlock+0xb0/0x8a0
[ 1446.752896][    C0]  lock_acquire+0x107/0x340
[ 1446.752916][    C0]  ? rt_mutex_slowunlock+0xb0/0x8a0
[ 1446.752938][    C0]  ? rt_spin_lock+0x1c1/0x3e0
[ 1446.752962][    C0]  _raw_spin_lock_irqsave+0x40/0x60
[ 1446.752979][    C0]  ? rt_mutex_slowunlock+0xb0/0x8a0
[ 1446.753000][    C0]  rt_mutex_slowunlock+0xb0/0x8a0
[ 1446.753021][    C0]  ? reacquire_held_locks+0x104/0x190
[ 1446.753043][    C0]  ? rt_spin_lock+0x1c1/0x3e0
[ 1446.753065][    C0]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1446.753087][    C0]  ? rt_spin_unlock+0x150/0x200
[ 1446.753108][    C0]  ? rt_spin_unlock+0x161/0x200
[ 1446.753130][    C0]  __usb_hcd_giveback_urb+0x26c/0x5e0
[ 1446.753157][    C0]  dummy_timer+0x8a0/0x46f0
[ 1446.753180][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[ 1446.753211][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1446.753237][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1446.753255][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1446.753273][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1446.753288][    C0]  __hrtimer_run_queues+0x542/0xd00
[ 1446.753313][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1446.753329][    C0]  ? read_tsc+0x9/0x20
[ 1446.753349][    C0]  hrtimer_run_softirq+0x1a3/0x2e0
[ 1446.753368][    C0]  handle_softirqs+0x1df/0x650
[ 1446.753391][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1446.753410][    C0]  run_ktimerd+0x69/0x100
[ 1446.753429][    C0]  smpboot_thread_fn+0x542/0xa60
[ 1446.753449][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1446.753471][    C0]  kthread+0x711/0x8a0
[ 1446.753494][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1446.753514][    C0]  ? __pfx_kthread+0x10/0x10
[ 1446.753533][    C0]  ? rt_spin_unlock+0x150/0x200
[ 1446.753555][    C0]  ? rt_spin_unlock+0x161/0x200
[ 1446.753576][    C0]  ? __pfx_kthread+0x10/0x10
[ 1446.753596][    C0]  ret_from_fork+0x510/0xa50
[ 1446.753615][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1446.753632][    C0]  ? __switch_to+0xc9e/0x1480
[ 1446.753657][    C0]  ? __pfx_kthread+0x10/0x10
[ 1446.753686][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1446.753716][    C0]  </TASK>
[ 1446.754465][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[ 1446.754493][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1446.754522][   T38] Tainted: [L]=SOFTLOCKUP
[ 1446.754530][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1446.754542][   T38] Call Trace:
[ 1446.754552][   T38]  <TASK>
[ 1446.754561][   T38]  vpanic+0x1e0/0x670
[ 1446.754594][   T38]  panic+0xb9/0xc0
[ 1446.754618][   T38]  ? __pfx_panic+0x10/0x10
[ 1446.754653][   T38]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[ 1446.754683][   T38]  watchdog+0xfdf/0xfe0
[ 1446.754710][   T38]  ? watchdog+0x20a/0xfe0
[ 1446.754738][   T38]  kthread+0x711/0x8a0
[ 1446.754766][   T38]  ? __pfx_watchdog+0x10/0x10
[ 1446.754786][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.754808][   T38]  ? rt_spin_unlock+0x150/0x200
[ 1446.754837][   T38]  ? rt_spin_unlock+0x161/0x200
[ 1446.754860][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.754886][   T38]  ret_from_fork+0x510/0xa50
[ 1446.754909][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[ 1446.754929][   T38]  ? __switch_to+0xc9e/0x1480
[ 1446.754959][   T38]  ? __pfx_kthread+0x10/0x10
[ 1446.754985][   T38]  ret_from_fork_asm+0x1a/0x30
[ 1446.755025][   T38]  </TASK>
[ 1446.755433][   T38] Kernel Offset: disabled