last executing test programs:

26.799435484s ago: executing program 3 (id=1369):
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)

26.605903245s ago: executing program 3 (id=1372):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x5)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a41, 0x0)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/244)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000300)=0x8224440)
dup(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
ioprio_set$uid(0x0, 0x0, 0x6000)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x12a)
clock_gettime(0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
futimesat(0xffffffffffffffff, 0x0, &(0x7f0000000080)={{0x77359400}, {r3, r4/1000+10000}})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, <r6=>0xffffffffffffffff})
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000480)=0x2)
socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x1}, 0x8)
prlimit64(0x0, 0x6, &(0x7f00000002c0), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100)=0x41)
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000040))

25.118125069s ago: executing program 3 (id=1377):
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e)
sendmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x700003a, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x4}], 0x400000000000085, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002440)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in6=@private2}, @in=@dev, {@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {{@in=@multicast2, @in6=@mcast1}}}}, 0x128}}, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000100)=""/240, &(0x7f0000000000)=0xf0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x29c, r4, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_NODE={0xd8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0xcd, 0x3, "ae1a6fa791997f914bbed6b21cbe155435ea8e19f38709ced059af9bd3f697e691d47c30014a89815df6cb829459d363007bdd1a5077eae0e272b3fe5c996d88cfc373a7fb295daced58552d302c30fc204ecbd7e01528f52c01b317fdeb3ca327f1178c05599b3c724672416c1cdfd200d00a36b431bb8c7b3d8b63afb925438ac7b9d5ce1381a8c5845352d7a3a298318fa31443b9affa00bebe064c7b63ddccfb6b6a59fea7735d2c8ba2f9876ebd508061a92e90857296749efc4066dadeec0588307b0cc73eb4"}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8c41}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "69b210c15b6c29ea1a7608ce20a36a76ce42c421ec5f9bbe"}}]}, @TIPC_NLA_MEDIA={0x98, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x34, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040044)
connect$pppl2tp(r0, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @local}, 0x4, 0x3, 0x1, 0x1}}, 0x2e)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1cf90103", @ANYRES16=0x0, @ANYBLOB="c89045b2a6c0b186f6eb1f00000008003617"], 0x1c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x303, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r6)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), r6)
socket$nl_route(0x10, 0x3, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0604250c"], 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

23.808103907s ago: executing program 3 (id=1384):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = socket$unix(0x1, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x90)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
socket$kcm(0x2, 0x1, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000040))
close(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r1}}, './file0\x00'})
r3 = dup2(r1, r0)
close_range(r3, 0xffffffffffffffff, 0xca)

19.300807307s ago: executing program 3 (id=1394):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockname(r0, 0x0, &(0x7f0000000300))
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r0, 0x8983, &(0x7f0000000000))

19.150907041s ago: executing program 3 (id=1395):
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e)
sendmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x700003a, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x4}], 0x400000000000085, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002440)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in6=@private2}, @in=@dev, {@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {{@in=@multicast2, @in6=@mcast1}}}}, 0x128}}, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000100)=""/240, &(0x7f0000000000)=0xf0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x29c, r4, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_NODE={0xd8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0xcd, 0x3, "ae1a6fa791997f914bbed6b21cbe155435ea8e19f38709ced059af9bd3f697e691d47c30014a89815df6cb829459d363007bdd1a5077eae0e272b3fe5c996d88cfc373a7fb295daced58552d302c30fc204ecbd7e01528f52c01b317fdeb3ca327f1178c05599b3c724672416c1cdfd200d00a36b431bb8c7b3d8b63afb925438ac7b9d5ce1381a8c5845352d7a3a298318fa31443b9affa00bebe064c7b63ddccfb6b6a59fea7735d2c8ba2f9876ebd508061a92e90857296749efc4066dadeec0588307b0cc73eb4"}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8c41}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "69b210c15b6c29ea1a7608ce20a36a76ce42c421ec5f9bbe"}}]}, @TIPC_NLA_MEDIA={0x98, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x34, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040044)
connect$pppl2tp(r0, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @local}, 0x4, 0x3, 0x1, 0x1}}, 0x2e)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1cf90103", @ANYRES16=0x0, @ANYBLOB="c89045b2a6c0b186f6eb1f00000008003617"], 0x1c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x303, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r6)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), r6)
socket$nl_route(0x10, 0x3, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0604250c"], 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

15.201588909s ago: executing program 4 (id=1410):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x100000001, 0x76dc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000080)={r5, @in={{0x2, 0x0, @empty}}, 0x73ce}, 0x90)

14.87933649s ago: executing program 1 (id=1411):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000740)={'filter\x00', 0x10, 0x4, 0x408, 0x1f0, 0x1f0, 0xe8, 0x320, 0x320, 0x320, 0x4, 0x0, {[{{@arp={@private, @broadcast, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@random="bd22fdd68c29"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 'veth0_macvtap\x00'}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}, {{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "0d6581a280a9fd38cc0cd92b7c41598c1625a223e855c9fbc1389f5d44ef17d4f24b7890dbf5909d70031d8427048dc1646921eaa7e6ac8400"}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x458)
pipe2$9p(&(0x7f0000000140), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f00005ff000/0x4000)=nil, 0x4000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x0, 0x20000081)
r6 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r6, 0x29, 0x17, &(0x7f0000000100), 0x4)
setsockopt$inet6_udp_int(r6, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
io_uring_setup(0x6a7f, &(0x7f0000000380)={0x0, 0x0, 0x2000, 0x1, 0x40000db})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x19, 0x0, 0xffffffffffffff4a)
shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='ntfs\x00', 0x202c0c, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a0102000000000000000002000000090001"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x5)

13.880638618s ago: executing program 1 (id=1414):
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a0102000000000000000002000000090001"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) (fail_nth: 6)

12.947872298s ago: executing program 1 (id=1415):
r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '-Wbl'}]}, 0x10)

12.729724613s ago: executing program 1 (id=1416):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@delchain={0x2c, 0x65, 0x300, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0x8, 0x1}, {0x4, 0x4}}, [@TCA_CHAIN={0x8, 0xb, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x40080)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000016000000eb0000000000000000000000040000000c000a00c40000000000000000"], 0x24}}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
rseq(&(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x7, 0xe7b4, 0x8}, 0x5}, 0x20, 0x1, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r6, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/139, 0x8b}, {0x0}], 0x2)
ioctl$TCSETS(r6, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"})
r7 = syz_open_pts(r6, 0x42)
dup3(r7, r6, 0x0)
write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x200000000622c, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}}, 0x1c)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_setup(0x22e, &(0x7f0000000140)={0x0, 0x0, 0x10500}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000380)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r9, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)='o', 0x1}], 0x1})
fcntl$setpipe(r9, 0x407, 0x80000001)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r8, &(0x7f0000000080)={0x1, 0x70}, 0x2)

12.713228987s ago: executing program 4 (id=1417):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}, @NFT_MSG_NEWSET={0x14}], {0x14}}, 0x78}}, 0x0) (fail_nth: 3)

12.569943405s ago: executing program 4 (id=1419):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = epoll_create1(0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
mount$afs(0x0, &(0x7f00000011c0)='./control\x00', &(0x7f0000000100), 0x400092, &(0x7f0000000000)=ANY=[@ANYBLOB='dyn,flock=write'])
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000003480)={0x2020}, 0x2020)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f00000001c0)=[@acquire, @enter_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})

12.442543036s ago: executing program 4 (id=1421):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001})

12.069819867s ago: executing program 4 (id=1422):
syz_emit_vhci(0x0, 0x22)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c"], 0xd)
write$binfmt_script(r0, &(0x7f0000000780), 0x208e24b)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79})
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x4, &(0x7f0000000b80))
io_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000001500))
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0xe729, 0x1, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffc, 0x5, 0x0, 0x0, 0x67, 0xfffffffffffff924]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="2800330080000000ffffffffffff080211"], 0x44}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

11.804771507s ago: executing program 1 (id=1425):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x13, 0x5, &(0x7f0000000140)=@framed={{}, [@map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xffffffff}]}, &(0x7f0000000040)='syzkaller\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90)

11.561380099s ago: executing program 1 (id=1427):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000340)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
preadv(r0, &(0x7f0000001b80)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
signalfd(r0, &(0x7f0000000000)={[0x6]}, 0x8)

11.019935836s ago: executing program 4 (id=1428):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x40d81, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
eventfd2(0x5, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x4, r1})
io_submit(0x0, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x9, r0, 0x0, 0x0, 0x0, 0x0, 0x1}])
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x11, 0x40, 0xa, 0x3}, 0x48)
socket$packet(0x11, 0x2, 0x300)
ioctl$PPPIOCGIDLE(r0, 0x8010743f, &(0x7f0000000a00))
ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'veth0_to_batadv\x00', {0x2, 0x0, @private}})
syz_open_dev$usbfs(&(0x7f0000000200), 0x5785, 0x803)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9}, 0x48)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000080)=0x1, 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x541b, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='cgroup\x00', 0x0, &(0x7f0000000380)='source')
recvmmsg(r2, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)=""/106, 0x6a}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/220, 0xdc}, {&(0x7f00000005c0)=""/246, 0xf6}], 0x4, &(0x7f00000003c0)=""/77, 0x4d}, 0xd40}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000d80)=""/234, 0xdf}, {&(0x7f00000007c0)=""/63, 0x3f}, {&(0x7f0000003280)=""/4096, 0x1000}], 0x3}, 0x3fe}, {{&(0x7f0000000900)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000e80)=[{0x0}, {0x0}, {&(0x7f0000000c00)=""/118, 0x76}, {&(0x7f0000000c80)=""/240, 0xf0}, {&(0x7f0000000a40)=""/251, 0xee}], 0x5, &(0x7f0000000f00)=""/199, 0xc7}, 0x40}, {{&(0x7f0000001000)=@x25={0x9, @remote}, 0x80, &(0x7f0000004480)=[{&(0x7f0000001080)=""/176, 0x109}, {&(0x7f00000046c0)=""/4098, 0x1002}, {&(0x7f0000001140)=""/99, 0x63}, {&(0x7f0000004280)=""/146, 0x92}, {&(0x7f0000004340)=""/177, 0xb1}, {&(0x7f0000004400)=""/55, 0x37}, {&(0x7f0000004440)=""/34, 0x22}], 0x7, &(0x7f0000004500)=""/100, 0x64}, 0x7}], 0x4, 0x61, &(0x7f0000004680))
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000006000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
mq_open(&(0x7f0000000440)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xceq\xa2\xa5\t\x98\x8a\x8f>\xba', 0x6e93ebbbcc088cf2, 0x0, 0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0x0, 0x400, 0xfffffffc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140))
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_FALLOCATE={0x11, 0x2b, 0x0, @fd_index=0x4, 0x4, 0x0, 0x23e, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x184c, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)

4.515571738s ago: executing program 2 (id=1443):
syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2)
futex(&(0x7f0000000040), 0x5, 0x0, 0x0, 0x0, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000280)=""/252})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000018c0)={{{@in=@remote, @in6=@private2, 0x0, 0xfffc, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xee}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x2, @in=@multicast1, 0x3503, 0x4}}, 0xe4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x5, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0xfffffffd}, 0x1c)
mmap(&(0x7f00000cb000/0x1000)=nil, 0x1000, 0x6, 0x10, r3, 0x841ea000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x46, &(0x7f00000001c0), 0xfffffffffffffc91)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0xa4200, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000680)={0xffffffffffffffff, 0x1, 0x5, 0x0, 0x4}, 0xc)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = dup(r4)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x228, 0x0, 0x6affffff, 0x3403000b, 0x0, 0x7, 0x190, 0x230, 0x230, 0x190, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8, 0x0, {0x1000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'erspan0\x00', 'ip_vti0\x00', {}, {}, 0x0, 0x0, 0x5a}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)

4.211339807s ago: executing program 2 (id=1444):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x1de)
close(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000070000006a0a90ff0000000027000000000010009500000000000000181000008639369f554288e121e7e1479594bd86279600e9d86b86badb115d770e9f9373d833487e40631725e39078674dbf4d5c4778d646d325e315751450f0256f7dab30be2630a78d6bc01c55b75ffbead8448a5be71b71e422c0", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], 0x0, 0x0, 0x95, &(0x7f0000000180)=""/149}, 0x90)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000002c0)={0x35})

4.07390859s ago: executing program 0 (id=1445):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
ftruncate(r2, 0x8001)
getsockopt$netlink(r1, 0x10e, 0x4, 0x0, &(0x7f0000000040))
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0)
r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r3, 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(r0, 0x8004551a, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffc9, 0x0, 0x0})

3.968726809s ago: executing program 0 (id=1446):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r0, 0x4020aed2, 0x0)

3.927814873s ago: executing program 2 (id=1447):
syz_usb_connect(0x0, 0x2d, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x40, 0x572, 0xcb01, 0x2665, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xaa, 0x75, 0xb7, 0x0, [], [{{0x9, 0x5, 0x6, 0x3, 0x40}}]}}]}}]}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="2e000300010000", 0x7)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg1\x00'})

3.757149148s ago: executing program 0 (id=1448):
syz_open_pts(0xffffffffffffffff, 0x40) (async)
r0 = syz_open_pts(0xffffffffffffffff, 0x40)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x1, 0x6}, {0xd, 0x4}, {0x9, 0xffff}, {0x10, 0x9}]})
r1 = socket$inet(0x2, 0x1, 0x3)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r2, 0x4068aea3, &(0x7f0000000080))
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000140)={'hsr0\x00', @random="272f954f9b9e"})
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)=0x819000)
r5 = fsmount(0xffffffffffffffff, 0x0, 0x8)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r5, 0xc0845658, &(0x7f00000001c0)={0x0, @bt={0xfffffb56, 0x0, 0x0, 0x2, 0xfffffffffffffe00, 0x6, 0x7, 0x5ab, 0xa, 0x6, 0x3, 0x92000, 0xe, 0x7, 0x14, 0x2, {0xffff, 0xf}, 0x3, 0x1}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200000, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0)={<r6=>0x0, 0x2, 0x3, 0xf}, &(0x7f0000000300)=0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={r6, 0x3ff}, 0xc) (async)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={r6, 0x3ff}, 0xc)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000380)={r6, 0x6}, 0x8)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0)
ioctl$KDGKBSENT(r7, 0x4b48, &(0x7f0000000400)={0x80, "f74b25220a2b21621413dffe7443e6584ac3c6522cb7c42fc5e9081b469a95dc3d34523b2e6c0eed80bc65324903f897bb97c53aa857aa96677be76b6289313df742eeac8716292ff83f30ca675f82829a5109b44ac4d0287588e186a8f5e5d3656b6c9f2434b38d73a14c62ee94e275275bdd19d6f32e193c750bbc1f381975b3acce13698ace02b13211df18dded02daf11d33643d545ccb21d6f18e2ef6d2d90a04b88051658db69825d0f29101e380336dc3b03687e1cf47e42d151f177b282e650975ae9d2bc64b2eabbe941dde7fcdf88f592963400f96f4de6106e3e8b255a7c725fb89cfa408496b3c9d5fdc2fa1f5f317f9849d830defc05a6501f0fd8ba684012b13868dc84d72a72c4529f6ea75958f77f5c4ca4477a1b34451def3557d990a6dd705178d2cdb2785ed0e48949062996b538ef6f4ea9bad08744b3f03335b7272381315199750c9e45dbd3cb879019644c8be1502cbb89924edcbd13a098454f7d9b7d517f4fbfe62d9c7d29240c67d348b903dcc28e6db84f48fc80c9a0e69ceb5f338be8eb1d984e61f07e5c39f1fce29daaf268327aa7a0c7a743a99a2670c904502edbff9d3d2f5c9abfc87c9320e06daded4cf37a8a552c9d899e21b33e9d7bca9b017d4e75ed4b2005e855be0c36d8700bb13f7012012a7a0e63f4e7b94fce2f690419f31ba885700250b456a8fe1b5471e32461928eb01"}) (async)
ioctl$KDGKBSENT(r7, 0x4b48, &(0x7f0000000400)={0x80, "f74b25220a2b21621413dffe7443e6584ac3c6522cb7c42fc5e9081b469a95dc3d34523b2e6c0eed80bc65324903f897bb97c53aa857aa96677be76b6289313df742eeac8716292ff83f30ca675f82829a5109b44ac4d0287588e186a8f5e5d3656b6c9f2434b38d73a14c62ee94e275275bdd19d6f32e193c750bbc1f381975b3acce13698ace02b13211df18dded02daf11d33643d545ccb21d6f18e2ef6d2d90a04b88051658db69825d0f29101e380336dc3b03687e1cf47e42d151f177b282e650975ae9d2bc64b2eabbe941dde7fcdf88f592963400f96f4de6106e3e8b255a7c725fb89cfa408496b3c9d5fdc2fa1f5f317f9849d830defc05a6501f0fd8ba684012b13868dc84d72a72c4529f6ea75958f77f5c4ca4477a1b34451def3557d990a6dd705178d2cdb2785ed0e48949062996b538ef6f4ea9bad08744b3f03335b7272381315199750c9e45dbd3cb879019644c8be1502cbb89924edcbd13a098454f7d9b7d517f4fbfe62d9c7d29240c67d348b903dcc28e6db84f48fc80c9a0e69ceb5f338be8eb1d984e61f07e5c39f1fce29daaf268327aa7a0c7a743a99a2670c904502edbff9d3d2f5c9abfc87c9320e06daded4cf37a8a552c9d899e21b33e9d7bca9b017d4e75ed4b2005e855be0c36d8700bb13f7012012a7a0e63f4e7b94fce2f690419f31ba885700250b456a8fe1b5471e32461928eb01"})
ioctl$VIDIOC_G_INPUT(r5, 0x80045626, &(0x7f0000000640)) (async)
ioctl$VIDIOC_G_INPUT(r5, 0x80045626, &(0x7f0000000640))
connect$pppl2tp(r5, &(0x7f0000000680)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x3, 0x3, 0x3, 0x4, {0xa, 0x4e20, 0x5, @remote, 0x8}}}, 0x3a) (async)
connect$pppl2tp(r5, &(0x7f0000000680)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x3, 0x3, 0x3, 0x4, {0xa, 0x4e20, 0x5, @remote, 0x8}}}, 0x3a)
r8 = creat(&(0x7f00000006c0)='./file0\x00', 0x40)
write$binfmt_script(r8, &(0x7f0000000700)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', [{0x20, 'hsr0\x00'}, {0x20, ':*\x94+:['}, {0x20, '/dev/kvm\x00'}, {0x20, '%'}], 0xa, "436514651c6e202af03a0ac2dd61f6914bb549fe221adff0eb862cfca7cc7eefe366373506cee47368efb9a55a34189bacfee59b797b2a36becb8b1a7925b5b2b90e62021431b5"}, 0x105a)
getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000001780), &(0x7f00000017c0)=0x4) (async)
getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000001780), &(0x7f00000017c0)=0x4)
r9 = syz_open_dev$cec(&(0x7f0000001800), 0x0, 0x84000)
ioctl$CEC_ADAP_G_CONNECTOR_INFO(r9, 0x8044610a, &(0x7f0000001840))
ioctl$TIOCSCTTY(r5, 0x540e, 0x4a) (async)
ioctl$TIOCSCTTY(r5, 0x540e, 0x4a)
ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f00000018c0)=0xfffffffb)
fanotify_mark(r8, 0x1, 0x8000029, r8, &(0x7f0000001900)='./file0\x00')
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001940)={<r10=>r6, 0xffffb872}, &(0x7f0000001980)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f00000019c0)={r10, 0xa3, "121f3e2cceb959c082a287aa8c8767d9851b1800373ead7a5d1f5bb25ae9bab59e277a360570f3d598c7ff96daf7278f7e071325e5988a0f74f8cee1d60243db40ef0a1dc2df72cbc88178ed74de19e08976d846a3101242bf1ae386bfc31c87c3553bd3c06645bbf21fdb6c236d91bd0f8974453d3945a6e1699727316181b01d16f3b4c4c655a1c2f0385de9cf11999daafb6b1da497ca2ae4e406177c25e1148ac0"}, &(0x7f0000001a80)=0xab) (async)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f00000019c0)={r10, 0xa3, "121f3e2cceb959c082a287aa8c8767d9851b1800373ead7a5d1f5bb25ae9bab59e277a360570f3d598c7ff96daf7278f7e071325e5988a0f74f8cee1d60243db40ef0a1dc2df72cbc88178ed74de19e08976d846a3101242bf1ae386bfc31c87c3553bd3c06645bbf21fdb6c236d91bd0f8974453d3945a6e1699727316181b01d16f3b4c4c655a1c2f0385de9cf11999daafb6b1da497ca2ae4e406177c25e1148ac0"}, &(0x7f0000001a80)=0xab)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$nl_xfrm(0x10, 0x3, 0x6)

3.553554901s ago: executing program 0 (id=1449):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x29)
fcntl$setsig(r1, 0xa, 0x21)
syz_emit_ethernet(0x66, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaa1ca10824ccf9e088a82dbb3c641a0086dd6006211100282900fe800000000000000000000040000000ff02000000000000000000000000000100030000eeffffff050200800710000000004a48000009000000010000000401ff00000000000000"], 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3800000001010101000000000000000002000000182f41f18a7ace0001801400018008000100ac1414aa080002007f0000010c001980010081010000cbe44440f99d82d41d3f91a2ceb63f4f440f2f59170000c53650b63c4eb12bb295d871fb1d1657d0b86d90984c8edb601e00017868c12d6b27eb200c00b1b9670717d9638df06e9bd49a0fb26c6dff74cae8c10418cbe687bfd97f039c9bdce0aacf1a"], 0x38}, 0x1, 0x0, 0x0, 0x4c854}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="600000000206050000000000000000feff00000014000300686173683a69702c706f72742c6970000900020073797a32000000000500040000000000050005000a000000050001000600000014000780"], 0x60}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r4, 0x30, 0x0, @ib={0x1b, 0x4, 0x0, {"00000000000000000000000000000001"}, 0x0, 0x80000}}}, 0x90)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYRES8=0x0])
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000440)={'macvtap0\x00'})
openat(0xffffffffffffffff, 0x0, 0x0, 0x5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x5, 0x2, 0x9}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r7, &(0x7f0000000080), 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1d, 0xe, &(0x7f0000000480)=ANY=[@ANYRESHEX=r2], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82de0ffff200000000002000aac14140ce000006a49e832f0", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

3.114537294s ago: executing program 0 (id=1450):
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000004c0)={0x1d, r1}, 0x10)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r2, 0x7a6, &(0x7f0000000100)={0x0, 0x8})
syz_emit_ethernet(0x175, &(0x7f0000000780)=ANY=[@ANYBLOB="195df410d4240180c200000086dd65ff9609013f210120010000000000000000000000000002ff0200000000000000000000000000013303000000000000050200200502d34ac910fc0100000000000000000000000000050000000000002e0000000000000004010500000000004e244e2004d19078905860f9805bcaa5b000aa9411492d1730dd7cde327c3e38b16ac12d7bdd2c1799e41d9be223f9715fd232df7739b340ba7025992880cd1b72350704cce18cae2b454461e632d66bfbf043e59588bb95706b53c6f3049a021545b4b11e7c953a71cf523755a1cc61f19ee548a8131616fd05a66fffff67ae162ebec3ee45021a2c09a92c2ac0fa3d21f721e21106df91dd78af3b39d7a762896349edef23aef22e5e11e49761f24b6fcfc110108f6f23a9c8b1f66a0029406fa7000000000000000000a0a21e48eb7c0dc37e037717d25f3a897775324ad5497f7f22f1033c4263e8507257ae4ca2cdb4fe2458a157e05bfc88c9638756bc9f9eb5923e6133"], 0x0)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x5, 0x40, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x3, 0x0, 0x0, "5f67de5272232c32"}}, 0x48}}, 0x20000010)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1d, 0x2, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee6}, &(0x7f0000000000)=0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r7=>0x0})
sendmsg$nl_route(r3, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r7], 0x20}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa}, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_usb_connect$uac1(0x0, 0xa1, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8f, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@processing_unit={0xb, 0x24, 0x7, 0x0, 0x0, 0x0, "32341681"}, @output_terminal={0x9}, @selector_unit={0xa, 0x24, 0x5, 0x0, 0x0, "e0182c1423"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9, 0x3, 0x1}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x0, 0x4, 0xa1, 0x58, "aa8ec4"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x1, 0x3f, 0x0, {0x7, 0x25, 0x1, 0x2, 0xff, 0x3f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x0, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x84}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f00000004c0)={0xa, 0x6, 0x201, 0x81, 0x40, 0x4, 0x20, 0x81}, 0x15, &(0x7f0000000500)={0x5, 0xf, 0x15, 0x1, [@ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0xc, 0xf00, 0x101, [0x0]}]}, 0x3, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x2c01}}, {0x9d, &(0x7f0000000580)=@string={0x9d, 0x3, "79594b8573ba1de807f914061bb486a9eeb5549fd83515f82e0ca4117d5ecd579cf2a3eafef7377079eb0ecbf1b89b7a7dd3f19e9d890fe3648f133d8272af8bcd089bd8594252b1872d5a6286907b9542e69738c76ff4da43850d9423d6322609bc995eb8b7b088fd0910d90259ac61a382107a555f6cbedf657fae87a95e5a3336f40b91e28bfeca08fe7e43e2139e2a1b34eefdf6f454730039"}}, {0x3d, &(0x7f0000000680)=@string={0x3d, 0x3, "a162a8057c983cc4c9206ba7e83958361307aac221a037db83269f2d9458f0e1fc84a4f2230f3e9d90a6275173d68b06f6dc97ca15d80e9efad8aa"}}]})
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05040500d3fc09000000478803", 0xd, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x28}, 0x20)

2.145907505s ago: executing program 2 (id=1451):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001})

2.011609587s ago: executing program 2 (id=1452):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001})

1.845169804s ago: executing program 2 (id=1453):
syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2)
futex(&(0x7f0000000040), 0x5, 0x0, 0x0, 0x0, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000280)=""/252})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000018c0)={{{@in=@remote, @in6=@private2, 0x0, 0xfffc, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xee}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x2, @in=@multicast1, 0x3503, 0x4}}, 0xe4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x5, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0xfffffffd}, 0x1c)
mmap(&(0x7f00000cb000/0x1000)=nil, 0x1000, 0x6, 0x100010, 0xffffffffffffffff, 0x841ea000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x46, &(0x7f00000001c0), 0xfffffffffffffc91)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0xa4200, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000680)={0xffffffffffffffff, 0x1, 0x5, 0x0, 0x4}, 0xc)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = dup(r4)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x228, 0x0, 0x6affffff, 0x3403000b, 0x0, 0x7, 0x190, 0x230, 0x230, 0x190, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8, 0x0, {0x1000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'erspan0\x00', 'ip_vti0\x00', {}, {}, 0x0, 0x0, 0x5a}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)

0s ago: executing program 0 (id=1456):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000180)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="01020000000001d548374b2d80c200000000060001080006ffffff00000000fffffffffffbac1414bb00"], 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r1, 0x80049370, &(0x7f00000001c0))
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000002c0)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000080)='jbd2_handle_stats\x00', r8}, 0x10)
fchdir(r5)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r9 = inotify_init1(0x0)
fcntl$setown(r9, 0x8, 0xffffffffffffffff)
fcntl$getownex(r9, 0x10, &(0x7f0000000140)={0x0, <r10=>0x0})
r11 = syz_open_procfs(r10, &(0x7f0000000040)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r11, 0x40086610, &(0x7f0000000180)={@id={0x40000, 0x0, @b}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

 tx timeout
[  330.614188][ T8265] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  330.682562][ T8265] batman_adv: batadv0: Removing interface: batadv_slave_1
[  330.798046][ T8277] netlink: 20 bytes leftover after parsing attributes in process `syz.0.863'.
[  330.814225][ T8277] netlink: 216 bytes leftover after parsing attributes in process `syz.0.863'.
[  331.280695][ T5170] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  331.955131][ T8287] netlink: 96 bytes leftover after parsing attributes in process `syz.2.867'.
[  332.037859][ T5170] usb 4-1: Using ep0 maxpacket: 16
[  332.059181][ T5170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  332.117048][ T5170] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  332.126162][ T5170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.176593][ T5170] usb 4-1: config 0 descriptor??
[  332.578329][ T8292] mmap: syz.2.869 (8292) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  332.684485][ T8279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.735477][ T8279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.812874][ T5170] hid (null): unknown global tag 0x83
[  333.078351][ T5170] hid-generic 0003:0158:0100.000F: unknown main item tag 0x1
[  333.114110][ T5170] hid-generic 0003:0158:0100.000F: unexpected long global item
[  333.149296][ T8299] mkiss: ax0: crc mode is auto.
[  333.173355][ T5170] hid-generic 0003:0158:0100.000F: probe with driver hid-generic failed with error -22
[  333.262509][ T5170] usb 4-1: USB disconnect, device number 27
[  333.977028][ T8308] overlayfs: overlapping lowerdir path
[  334.353546][ T8305] netlink: 40 bytes leftover after parsing attributes in process `syz.2.872'.
[  334.805126][ T8321] netlink: 20 bytes leftover after parsing attributes in process `syz.2.875'.
[  334.987926][ T8321] netlink: 216 bytes leftover after parsing attributes in process `syz.2.875'.
[  335.830851][ T8323] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'.
[  335.873135][ T8323] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  336.056421][ T8323] batman_adv: batadv0: Removing interface: batadv_slave_0
[  336.087383][ T8323] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  336.117140][   T46] usb 2-1: new low-speed USB device number 28 using dummy_hcd
[  336.957386][ T8323] batman_adv: batadv0: Removing interface: batadv_slave_1
[  336.973700][ T8337] xt_CT: You must specify a L4 protocol and not use inversions on it
[  337.198927][   T46] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.226974][   T46] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  337.257169][ T5170] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  337.257186][   T46] usb 2-1: too many endpoints for config 1 interface 1 altsetting 0: 222, using maximum allowed: 30
[  337.257235][   T46] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  337.356961][   T46] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 222
[  337.390945][   T46] usb 2-1: string descriptor 0 read error: -22
[  337.397541][   T46] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  337.406629][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.453575][   T46] usb 2-1: 0:2 : does not exist
[  337.480082][ T5170] usb 5-1: not running at top speed; connect to a high speed hub
[  337.508722][ T5170] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  337.571113][ T5170] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  337.604901][ T5170] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  337.633880][ T5170] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.646446][ T8344] xt_CT: You must specify a L4 protocol and not use inversions on it
[  337.656202][ T5170] usb 5-1: Product: syz
[  337.665489][ T5170] usb 5-1: Manufacturer: о
[  337.673906][ T5170] usb 5-1: SerialNumber: syz
[  337.696633][ T8347] xt_TCPMSS: Only works on TCP SYN packets
[  338.035451][ T8349] netlink: 40 bytes leftover after parsing attributes in process `syz.3.886'.
[  338.745290][ T5170] cdc_ncm 5-1:1.0: bind() failure
[  338.772737][ T5170] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  338.789649][ T5170] cdc_ncm 5-1:1.1: bind() failure
[  338.805649][ T5170] usb 5-1: USB disconnect, device number 31
[  338.971604][ T8355] mkiss: ax0: crc mode is auto.
[  339.171505][ T5170] usb 2-1: USB disconnect, device number 28
[  339.530297][ T8365] netlink: 20 bytes leftover after parsing attributes in process `syz.4.891'.
[  339.583607][ T8365] netlink: 216 bytes leftover after parsing attributes in process `syz.4.891'.
[  342.523071][ T8392] xt_CT: You must specify a L4 protocol and not use inversions on it
[  342.917789][ T5170] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  343.113557][ T8401] netlink: 20 bytes leftover after parsing attributes in process `syz.4.902'.
[  343.122788][ T5170] usb 3-1: device descriptor read/64, error -71
[  343.138401][ T8401] netlink: 216 bytes leftover after parsing attributes in process `syz.4.902'.
[  343.397051][ T5170] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  343.558602][ T5140] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  343.749995][ T5170] usb 3-1: device descriptor read/64, error -71
[  343.818135][ T5140] usb 5-1: Using ep0 maxpacket: 32
[  343.837039][ T5140] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  343.846346][ T5140] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.926993][ T5170] usb usb3-port1: attempt power cycle
[  343.986771][ T5140] usb 5-1: config 0 descriptor??
[  344.136652][ T5140] gspca_main: sunplus-2.14.0 probing 0458:7006
[  344.213195][ T8403] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  344.326987][ T5227] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[  344.377037][ T5170] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  344.427654][ T5170] usb 3-1: device descriptor read/8, error -71
[  344.510669][ T5227] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  344.537430][ T5227] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  344.580275][ T5227] usb 2-1: too many endpoints for config 1 interface 1 altsetting 0: 222, using maximum allowed: 30
[  344.624822][ T5227] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  344.639698][ T5227] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 222
[  344.657963][ T5227] usb 2-1: string descriptor 0 read error: -22
[  344.669786][ T5227] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  344.679859][ T5227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.717186][ T5170] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  344.733643][ T5227] usb 2-1: 0:2 : does not exist
[  344.787736][ T5170] usb 3-1: device descriptor read/8, error -71
[  344.829756][ T5140] gspca_sunplus: reg_w_riv err -71
[  344.835090][ T5140] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  344.875987][ T5140] usb 5-1: USB disconnect, device number 32
[  344.923138][ T5170] usb usb3-port1: unable to enumerate USB device
[  345.418738][ T5140] usb 2-1: USB disconnect, device number 29
[  345.947657][ T8421] xt_CT: No such helper "syz0"
[  346.989580][ T8434] xt_CT: You must specify a L4 protocol and not use inversions on it
[  347.817138][ T8440] xt_TCPMSS: Only works on TCP SYN packets
[  348.176231][ T8447] overlayfs: overlapping lowerdir path
[  349.390551][    C0] TCP: MD5 Hash mismatch for [::1].2->[::1].2 [.]L3 index 0
[  349.398597][    C0] TCP: MD5 Hash mismatch for [::1].2->[::1].2 [P.]L3 index 0
[  350.476978][ T5140] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  351.587051][ T5140] usb 1-1: Using ep0 maxpacket: 32
[  351.604523][ T5140] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  351.628058][ T5140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.641182][ T8469] netlink: 20 bytes leftover after parsing attributes in process `syz.4.922'.
[  351.663483][ T5140] usb 1-1: config 0 descriptor??
[  351.676225][ T8469] netlink: 216 bytes leftover after parsing attributes in process `syz.4.922'.
[  351.688711][ T5140] gspca_main: sunplus-2.14.0 probing 0458:7006
[  352.160780][ T5140] gspca_sunplus: reg_w_riv err -71
[  352.188841][ T5140] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  352.331509][ T5140] usb 1-1: USB disconnect, device number 25
[  354.537428][ T8491] overlayfs: overlapping lowerdir path
[  356.254825][ T8507] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  356.320021][ T8513] xt_TCPMSS: Only works on TCP SYN packets
[  356.687056][ T8522] overlayfs: overlapping lowerdir path
[  362.493482][ T8587] xt_TCPMSS: Only works on TCP SYN packets
[  369.588498][ T5087] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:200'
[  369.599485][ T5087] CPU: 1 PID: 5087 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  369.609781][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  369.620031][ T5087] Workqueue: hci1 hci_rx_work
[  369.624751][ T5087] Call Trace:
[  369.628065][ T5087]  <TASK>
[  369.631025][ T5087]  dump_stack_lvl+0x241/0x360
[  369.635736][ T5087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.640961][ T5087]  ? __pfx__printk+0x10/0x10
[  369.645600][ T5087]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  369.650968][ T5087]  ? kmalloc_trace_noprof+0x19c/0x2c0
[  369.656380][ T5087]  sysfs_create_dir_ns+0x2ce/0x3a0
[  369.661537][ T5087]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  369.667191][ T5087]  kobject_add_internal+0x435/0x8d0
[  369.672412][ T5087]  kobject_add+0x152/0x220
[  369.676851][ T5087]  ? do_raw_spin_unlock+0x13c/0x8b0
[  369.682105][ T5087]  ? device_add+0x3e7/0xbf0
[  369.686677][ T5087]  ? __pfx_kobject_add+0x10/0x10
[  369.691637][ T5087]  ? _raw_spin_unlock+0x28/0x50
[  369.696507][ T5087]  ? get_device_parent+0x165/0x410
[  369.701637][ T5087]  device_add+0x4e5/0xbf0
[  369.705995][ T5087]  hci_conn_add_sysfs+0xe8/0x200
[  369.710977][ T5087]  hci_sync_conn_complete_evt+0x789/0xaa0
[  369.716725][ T5087]  hci_event_packet+0xac0/0x1540
[  369.721690][ T5087]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  369.727956][ T5087]  ? __pfx_hci_event_packet+0x10/0x10
[  369.733341][ T5087]  ? do_raw_spin_unlock+0x13c/0x8b0
[  369.738576][ T5087]  ? hci_send_to_monitor+0xd8/0x7f0
[  369.743783][ T5087]  ? kcov_remote_start+0x9e/0x7e0
[  369.748822][ T5087]  hci_rx_work+0x3e8/0xca0
[  369.753349][ T5087]  ? process_scheduled_works+0x945/0x1830
[  369.759123][ T5087]  process_scheduled_works+0xa2c/0x1830
[  369.764767][ T5087]  ? __pfx_process_scheduled_works+0x10/0x10
[  369.770768][ T5087]  ? assign_work+0x364/0x3d0
[  369.775398][ T5087]  worker_thread+0x86d/0xd50
[  369.780033][ T5087]  ? __kthread_parkme+0x169/0x1d0
[  369.785087][ T5087]  ? __pfx_worker_thread+0x10/0x10
[  369.790264][ T5087]  kthread+0x2f0/0x390
[  369.794347][ T5087]  ? __pfx_worker_thread+0x10/0x10
[  369.799470][ T5087]  ? __pfx_kthread+0x10/0x10
[  369.804166][ T5087]  ret_from_fork+0x4b/0x80
[  369.808597][ T5087]  ? __pfx_kthread+0x10/0x10
[  369.813202][ T5087]  ret_from_fork_asm+0x1a/0x30
[  369.818002][ T5087]  </TASK>
[  369.830406][ T5087] kobject: kobject_add_internal failed for hci1:200 with -EEXIST, don't try to register things with the same name in the same directory.
[  369.845099][ T5087] Bluetooth: hci1: failed to register connection device
[  371.264723][ T8659] xt_TCPMSS: Only works on TCP SYN packets
[  371.307615][ T5103] Bluetooth: hci1: command 0x0406 tx timeout
[  371.485343][ T8658] ip6t_REJECT: ECHOREPLY is not supported
[  372.047137][ T5103] Bluetooth: hci1: ACL packet for unknown connection handle 2207
[  372.566997][ T5142] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  373.447051][ T5103] Bluetooth: hci1: command 0x0406 tx timeout
[  374.991119][ T5142] usb 4-1: not running at top speed; connect to a high speed hub
[  375.042310][ T5142] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  375.066549][ T5142] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  375.083779][ T5142] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  375.126936][ T5142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.158065][ T5142] usb 4-1: Product: syz
[  375.162317][ T5142] usb 4-1: Manufacturer: о
[  375.186097][ T5142] usb 4-1: SerialNumber: syz
[  375.227171][ T5142] usb 4-1: can't set config #1, error -71
[  375.281151][ T5142] usb 4-1: USB disconnect, device number 28
[  375.643819][ T8701] ip6t_REJECT: ECHOREPLY is not supported
[  375.676981][ T5142] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  376.544388][ T5142] usb 4-1: Using ep0 maxpacket: 16
[  376.557270][ T5142] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  376.570464][ T5142] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  376.579829][ T5142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.601583][ T5142] usb 4-1: config 0 descriptor??
[  377.047974][ T8696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  377.130899][ T8696] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  377.215639][ T5142] hid (null): report_id 653656870 is invalid
[  377.290344][ T5142] hid (null): unknown global tag 0x8d
[  377.314649][ T5142] hid (null): unknown global tag 0xd
[  377.351574][ T5142] hid-generic 0003:0158:0100.0010: unknown main item tag 0x1
[  377.362565][ T5142] hid-generic 0003:0158:0100.0010: unexpected long global item
[  377.383562][ T5142] hid-generic 0003:0158:0100.0010: probe with driver hid-generic failed with error -22
[  377.475129][ T5142] usb 4-1: USB disconnect, device number 29
[  377.857115][ T5170] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  377.857675][ T8737] xt_TCPMSS: Only works on TCP SYN packets
[  378.061756][ T5170] usb 3-1: not running at top speed; connect to a high speed hub
[  378.109569][ T5170] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  378.140871][ T5170] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  378.179774][ T5170] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  378.195040][ T5170] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.212553][ T5170] usb 3-1: Product: syz
[  378.232715][ T5170] usb 3-1: Manufacturer: о
[  378.242715][ T5170] usb 3-1: SerialNumber: syz
[  379.579657][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  379.586487][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  380.347407][ T5170] cdc_ncm 3-1:1.0: bind() failure
[  380.367230][ T5170] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  380.456944][ T5170] cdc_ncm 3-1:1.1: bind() failure
[  380.486042][ T5170] usb 3-1: USB disconnect, device number 26
[  382.019600][ T5142] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  382.200693][ T5227] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  382.216689][ T5142] usb 2-1: Using ep0 maxpacket: 16
[  382.237637][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  382.262805][ T5142] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  382.280872][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.304384][ T5142] usb 2-1: config 0 descriptor??
[  382.455713][ T5227] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  382.495533][ T5227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.509583][ T5227] usb 3-1: Product: syz
[  382.514007][ T5227] usb 3-1: Manufacturer: о
[  382.519709][ T5227] usb 3-1: SerialNumber: syz
[  382.811545][ T8784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.870463][ T8784] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.887508][ T5142] hid (null): report_id 653656870 is invalid
[  382.929581][ T5142] hid (null): unknown global tag 0x8d
[  382.937301][ T5142] hid (null): unknown global tag 0xd
[  382.954832][ T5227] cdc_ncm 3-1:1.0: bind() failure
[  382.962688][ T5142] hid-generic 0003:0158:0100.0011: unknown main item tag 0x1
[  382.982401][ T5227] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  382.992410][ T5142] hid-generic 0003:0158:0100.0011: unexpected long global item
[  383.004917][ T5227] cdc_ncm 3-1:1.1: bind() failure
[  383.013307][ T5142] hid-generic 0003:0158:0100.0011: probe with driver hid-generic failed with error -22
[  383.041289][ T5227] usb 3-1: USB disconnect, device number 27
[  383.130568][  T932] usb 2-1: USB disconnect, device number 30
[  383.252415][ T8808] xt_TCPMSS: Only works on TCP SYN packets
[  384.167141][  T932] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  384.367506][  T932] usb 1-1: Using ep0 maxpacket: 8
[  385.743255][  T932] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  385.835242][  T932] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  385.908207][  T932] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255
[  385.940273][  T932] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  385.984694][  T932] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  386.012610][  T932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.267034][  T932] usb 1-1: GET_CAPABILITIES returned 0
[  386.274142][  T932] usbtmc 1-1:16.0: can't read capabilities
[  386.541874][ T5140] usb 1-1: USB disconnect, device number 26
[  386.608164][  T932] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  386.777128][ T5227] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  386.807992][  T932] usb 5-1: Using ep0 maxpacket: 32
[  386.829789][  T932] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  386.846737][  T932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.875640][  T932] usb 5-1: config 0 descriptor??
[  386.923378][  T932] gspca_main: sunplus-2.14.0 probing 0458:7006
[  386.938101][ T5170] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  386.987803][ T5227] usb 3-1: Using ep0 maxpacket: 16
[  387.025744][ T5227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  387.072795][ T5227] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  387.093130][ T5227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.112639][ T5227] usb 3-1: config 0 descriptor??
[  387.137301][ T5170] usb 4-1: Using ep0 maxpacket: 16
[  387.145611][ T5170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  387.178674][ T5170] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  387.191104][ T5170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.233072][ T5170] usb 4-1: config 0 descriptor??
[  387.270734][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1042'.
[  387.304658][ T8845] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  387.354064][ T8865] mmap: syz.0.1042 (8865): VmData 54366208 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  387.549839][ T8847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.587823][ T8847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.624879][ T5227] hid (null): unknown global tag 0xd
[  387.661117][ T5227] hid-generic 0003:0158:0100.0012: unknown main item tag 0x1
[  387.673912][ T5227] hid-generic 0003:0158:0100.0012: unexpected long global item
[  387.675578][ T8854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.703541][ T5227] hid-generic 0003:0158:0100.0012: probe with driver hid-generic failed with error -22
[  387.711452][ T8854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.746552][ T5170] hid (null): report_id 653656870 is invalid
[  387.755141][ T5170] hid (null): unknown global tag 0x8d
[  387.762740][ T5170] hid (null): unknown global tag 0xd
[  387.978153][ T5140] usb 3-1: USB disconnect, device number 28
[  388.022730][ T5170] hid-generic 0003:0158:0100.0013: unknown main item tag 0x1
[  388.048586][ T5170] hid-generic 0003:0158:0100.0013: unexpected long global item
[  388.064654][ T5170] hid-generic 0003:0158:0100.0013: probe with driver hid-generic failed with error -22
[  388.081704][ T5170] usb 4-1: USB disconnect, device number 30
[  388.191728][  T932] gspca_sunplus: reg_w_riv err -71
[  388.205270][  T932] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  388.223550][  T932] usb 5-1: USB disconnect, device number 33
[  389.270942][ T8901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1053'.
[  389.403476][ T8907] netlink: 'syz.4.1055': attribute type 1 has an invalid length.
[  389.412706][ T8907] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.1055'.
[  389.573527][ T8909] netlink: 'syz.1.1053': attribute type 2 has an invalid length.
[  389.972616][ T5227] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  390.251047][ T5227] usb 5-1: Using ep0 maxpacket: 16
[  390.288416][ T5227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  390.331588][ T5227] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  390.356527][ T5227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.414066][ T5227] usb 5-1: config 0 descriptor??
[  390.884953][ T8913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.920284][ T8913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.957527][ T5227] hid (null): report_id 653656870 is invalid
[  390.982824][ T5227] hid (null): unknown global tag 0x8d
[  391.013952][ T5227] hid (null): unknown global tag 0xd
[  391.050339][ T5227] hid-generic 0003:0158:0100.0014: unknown main item tag 0x1
[  391.216017][ T5227] hid-generic 0003:0158:0100.0014: unexpected long global item
[  391.226023][ T5227] hid-generic 0003:0158:0100.0014: probe with driver hid-generic failed with error -22
[  391.269300][ T5227] usb 5-1: USB disconnect, device number 34
[  391.342128][   T29] audit: type=1326 audit(1720397971.188:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8942 comm="syz.1.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a9f175bd9 code=0x7ffc0000
[  391.427087][   T29] audit: type=1326 audit(1720397971.188:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8942 comm="syz.1.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a9f175bd9 code=0x7ffc0000
[  391.470271][ T8949] FAULT_INJECTION: forcing a failure.
[  391.470271][ T8949] name failslab, interval 1, probability 0, space 0, times 0
[  391.512206][ T8949] CPU: 0 PID: 8949 Comm: syz.1.1068 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  391.522399][ T8949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  391.532538][ T8949] Call Trace:
[  391.535850][ T8949]  <TASK>
[  391.538827][ T8949]  dump_stack_lvl+0x241/0x360
[  391.543561][ T8949]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.548904][ T8949]  ? __pfx__printk+0x10/0x10
[  391.553673][ T8949]  ? __pfx___might_resched+0x10/0x10
[  391.559013][ T8949]  should_fail_ex+0x3b0/0x4e0
[  391.563741][ T8949]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  391.569494][ T8949]  should_failslab+0x9/0x20
[  391.574033][ T8949]  __kmalloc_noprof+0xd8/0x400
[  391.578812][ T8949]  ? kfree+0x4e/0x360
[  391.582809][ T8949]  tomoyo_realpath_from_path+0xcf/0x5e0
[  391.588381][ T8949]  tomoyo_path_number_perm+0x23a/0x880
[  391.593867][ T8949]  ? tomoyo_path_number_perm+0x208/0x880
[  391.599525][ T8949]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  391.605574][ T8949]  ? __fget_files+0x29/0x470
[  391.610178][ T8949]  ? __fget_files+0x3f6/0x470
[  391.614949][ T8949]  ? __fget_files+0x29/0x470
[  391.619555][ T8949]  security_file_ioctl+0x75/0xb0
[  391.624513][ T8949]  __se_sys_ioctl+0x47/0x170
[  391.629128][ T8949]  do_syscall_64+0xf3/0x230
[  391.633742][ T8949]  ? clear_bhb_loop+0x35/0x90
[  391.638466][ T8949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.644376][ T8949] RIP: 0033:0x7f3a9f175bd9
[  391.648802][ T8949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.668442][ T8949] RSP: 002b:00007f3a9ffa9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  391.676870][ T8949] RAX: ffffffffffffffda RBX: 00007f3a9f303f60 RCX: 00007f3a9f175bd9
[  391.684851][ T8949] RDX: 0000000020000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  391.692839][ T8949] RBP: 00007f3a9ffa90a0 R08: 0000000000000000 R09: 0000000000000000
[  391.700852][ T8949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.708860][ T8949] R13: 000000000000000b R14: 00007f3a9f303f60 R15: 00007ffeb6ee2438
[  391.716869][ T8949]  </TASK>
[  391.786872][ T8949] ERROR: Out of memory at tomoyo_realpath_from_path.
[  391.804603][ T8949] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  391.811803][ T5170] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  391.996917][ T5170] usb 4-1: Using ep0 maxpacket: 8
[  392.008365][ T5170] usb 4-1: config 255 has an invalid interface number: 71 but max is 1
[  392.017583][ T5170] usb 4-1: config 255 has an invalid interface number: 2 but max is 1
[  392.026713][ T5170] usb 4-1: config 255 has an invalid interface number: 3 but max is 1
[  392.036703][ T5170] usb 4-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  392.058756][ T5170] usb 4-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  392.076324][ T5170] usb 4-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  392.095438][ T5170] usb 4-1: config 255 has no interface number 0
[  392.107187][ T5170] usb 4-1: config 255 has no interface number 1
[  392.133264][ T5170] usb 4-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  392.145245][ T5170] usb 4-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  392.173189][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  392.187137][ T5170] usb 4-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  392.211264][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  392.245313][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  392.281479][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  392.305792][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  392.329340][ T5170] usb 4-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  392.342533][ T5170] usb 4-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  392.369654][ T5170] usb 4-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  392.383798][ T5170] usb 4-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  392.401191][ T5170] usb 4-1: config 255 interface 71 has no altsetting 0
[  392.436173][ T5170] usb 4-1: config 255 interface 2 has no altsetting 0
[  392.470086][ T5170] usb 4-1: config 255 interface 3 has no altsetting 0
[  392.487584][ T5170] usb 4-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  392.499347][ T5170] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.509270][ T5170] usb 4-1: Product: ࠉ
[  392.519468][ T5170] usb 4-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  392.542706][ T5170] usb 4-1: SerialNumber: Е
[  392.996609][ T5170] cp210x 4-1:255.71: cp210x converter detected
[  393.023985][ T5170] cp210x 4-1:255.71: failed to get vendor val 0x370b size 1: -71
[  393.256474][ T5170] cp210x 4-1:255.71: querying part number failed
[  393.285929][ T5170] usb 4-1: cp210x converter now attached to ttyUSB0
[  393.446159][ T8984] FAULT_INJECTION: forcing a failure.
[  393.446159][ T8984] name failslab, interval 1, probability 0, space 0, times 0
[  393.484463][ T8984] CPU: 1 PID: 8984 Comm: syz.0.1079 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  393.494604][ T8984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  393.504789][ T8984] Call Trace:
[  393.508095][ T8984]  <TASK>
[  393.511073][ T8984]  dump_stack_lvl+0x241/0x360
[  393.515800][ T8984]  ? __pfx_dump_stack_lvl+0x10/0x10
[  393.521125][ T8984]  ? __pfx__printk+0x10/0x10
[  393.525758][ T8984]  ? __pfx___might_resched+0x10/0x10
[  393.531251][ T8984]  ? __kasan_kmalloc+0x98/0xb0
[  393.536056][ T8984]  ? __genradix_ptr_alloc+0x196/0x460
[  393.541561][ T8984]  should_fail_ex+0x3b0/0x4e0
[  393.546289][ T8984]  ? sctp_auth_asoc_copy_shkeys+0x13b/0x580
[  393.552225][ T8984]  should_failslab+0x9/0x20
[  393.556763][ T8984]  kmalloc_trace_noprof+0x6c/0x2c0
[  393.561915][ T8984]  sctp_auth_asoc_copy_shkeys+0x13b/0x580
[  393.567688][ T8984]  sctp_association_new+0x15aa/0x23f0
[  393.573147][ T8984]  sctp_connect_new_asoc+0x2d8/0x6c0
[  393.578738][ T8984]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  393.584572][ T8984]  ? sctp_sendmsg+0xbb9/0x3520
[  393.589370][ T8984]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  393.595037][ T8984]  ? security_sctp_bind_connect+0x90/0xb0
[  393.600792][ T8984]  sctp_sendmsg+0x219a/0x3520
[  393.605522][ T8984]  ? __pfx_sctp_sendmsg+0x10/0x10
[  393.610582][ T8984]  ? __might_fault+0xaa/0x120
[  393.615300][ T8984]  ? __pfx_lock_release+0x10/0x10
[  393.620364][ T8984]  ? inet_sendmsg+0x330/0x390
[  393.625087][ T8984]  __sock_sendmsg+0x1a6/0x270
[  393.629803][ T8984]  ____sys_sendmsg+0x525/0x7d0
[  393.634617][ T8984]  ? __pfx_____sys_sendmsg+0x10/0x10
[  393.639961][ T8984]  __sys_sendmsg+0x2b0/0x3a0
[  393.644595][ T8984]  ? __pfx___sys_sendmsg+0x10/0x10
[  393.649786][ T8984]  ? vfs_write+0x7c4/0xc90
[  393.654291][ T8984]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  393.660652][ T8984]  ? do_syscall_64+0x100/0x230
[  393.665457][ T8984]  ? do_syscall_64+0xb6/0x230
[  393.670182][ T8984]  do_syscall_64+0xf3/0x230
[  393.674898][ T8984]  ? clear_bhb_loop+0x35/0x90
[  393.679616][ T8984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.685541][ T8984] RIP: 0033:0x7fc591d75bd9
[  393.689998][ T8984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.709638][ T8984] RSP: 002b:00007fc592bb0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  393.718095][ T8984] RAX: ffffffffffffffda RBX: 00007fc591f03f60 RCX: 00007fc591d75bd9
[  393.726081][ T5170] cp210x 4-1:255.2: cp210x converter detected
[  393.726612][ T5170] cp210x 4-1:255.2: failed to get vendor val 0x370b size 1: -71
[  393.732164][ T8984] RDX: 0000000000000041 RSI: 0000000020000600 RDI: 0000000000000003
[  393.732245][ T8984] RBP: 00007fc592bb00a0 R08: 0000000000000000 R09: 0000000000000000
[  393.732262][ T8984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.732277][ T8984] R13: 000000000000000b R14: 00007fc591f03f60 R15: 00007ffc938cbd78
[  393.732311][ T8984]  </TASK>
[  393.748803][ T5170] cp210x 4-1:255.2: querying part number failed
[  393.805414][ T5170] usb 4-1: cp210x converter now attached to ttyUSB1
[  393.819314][ T5170] cp210x 4-1:255.3: cp210x converter detected
[  393.957035][ T5170] cp210x 4-1:255.3: failed to get vendor val 0x370b size 1: -71
[  393.964763][ T5170] cp210x 4-1:255.3: querying part number failed
[  394.004429][ T5170] usb 4-1: cp210x converter now attached to ttyUSB2
[  394.032609][ T5170] usb 4-1: USB disconnect, device number 31
[  394.098591][ T5170] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  394.120650][ T5170] cp210x 4-1:255.71: device disconnected
[  394.135954][ T5170] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  394.161976][ T5170] cp210x 4-1:255.2: device disconnected
[  394.181487][ T5170] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  394.203214][ T5170] cp210x 4-1:255.3: device disconnected
[  394.340277][ T5140] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  394.550061][ T5140] usb 3-1: Using ep0 maxpacket: 16
[  395.117001][ T5140] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  395.247264][ T5140] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  395.318038][ T5140] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.048193][ T5140] usb 3-1: config 0 descriptor??
[  400.710426][ T5140] usb 3-1: can't set config #0, error -71
[  400.748398][ T5140] usb 3-1: USB disconnect, device number 29
[  401.649537][ T5140] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  401.838923][ T5140] usb 2-1: Using ep0 maxpacket: 8
[  401.875691][ T5140] usb 2-1: config 255 has an invalid interface number: 71 but max is 1
[  401.918775][ T5140] usb 2-1: config 255 has an invalid interface number: 2 but max is 1
[  402.086713][ T5140] usb 2-1: config 255 has an invalid interface number: 3 but max is 1
[  402.102536][ T5140] usb 2-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  402.135152][ T5140] usb 2-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  402.191661][ T5140] usb 2-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  402.217415][ T5140] usb 2-1: config 255 has no interface number 0
[  402.223836][ T5140] usb 2-1: config 255 has no interface number 1
[  402.244616][ T5140] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  402.284748][ T5140] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  402.330786][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  402.384724][ T5140] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  402.411394][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  402.459328][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  402.505255][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  402.527895][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  402.555972][ T5140] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  402.590746][ T5140] usb 2-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  402.616270][ T5140] usb 2-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  402.631954][ T5140] usb 2-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  402.651052][ T5140] usb 2-1: config 255 interface 71 has no altsetting 0
[  402.665528][ T5140] usb 2-1: config 255 interface 2 has no altsetting 0
[  402.681188][ T5140] usb 2-1: config 255 interface 3 has no altsetting 0
[  402.696078][ T5140] usb 2-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  402.705848][ T5140] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.707069][ T5142] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  402.719537][ T5140] usb 2-1: Product: ࠉ
[  402.721757][   T46] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  402.725894][ T5140] usb 2-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  402.767950][ T5140] usb 2-1: SerialNumber: Е
[  402.947026][   T46] usb 5-1: Using ep0 maxpacket: 16
[  402.952302][ T5142] usb 3-1: Using ep0 maxpacket: 16
[  402.962056][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  402.975650][   T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  402.990927][   T46] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  403.000135][ T5142] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  403.009563][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.017746][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.031259][   T46] usb 5-1: config 0 descriptor??
[  403.036411][ T5142] usb 3-1: config 0 descriptor??
[  403.228419][ T5140] cp210x 2-1:255.71: cp210x converter detected
[  403.241940][ T5140] cp210x 2-1:255.71: failed to get vendor val 0x370b size 1: -71
[  403.256199][ T5140] cp210x 2-1:255.71: querying part number failed
[  403.285646][ T5140] usb 2-1: cp210x converter now attached to ttyUSB0
[  403.317759][ T9038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.318540][ T5140] cp210x 2-1:255.2: cp210x converter detected
[  403.345945][ T9038] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.385719][ T5140] cp210x 2-1:255.2: failed to get vendor val 0x370b size 1: -71
[  403.409942][ T5140] cp210x 2-1:255.2: querying part number failed
[  403.432459][ T5140] usb 2-1: cp210x converter now attached to ttyUSB1
[  403.459193][ T5140] cp210x 2-1:255.3: cp210x converter detected
[  403.474767][ T9041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.499106][ T9041] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.507125][ T5140] cp210x 2-1:255.3: failed to get vendor val 0x370b size 1: -71
[  403.515445][ T5140] cp210x 2-1:255.3: querying part number failed
[  403.561201][ T5140] usb 2-1: cp210x converter now attached to ttyUSB2
[  403.565494][ T5142] hid (null): unknown global tag 0xd
[  403.599705][   T46] usbhid 5-1:0.0: can't add hid device: -71
[  403.603250][ T5140] usb 2-1: USB disconnect, device number 31
[  403.605763][   T46] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  403.638121][ T5142] hid-generic 0003:0158:0100.0015: unknown main item tag 0x1
[  403.661179][ T5142] hid-generic 0003:0158:0100.0015: unexpected long global item
[  403.690558][ T5142] hid-generic 0003:0158:0100.0015: probe with driver hid-generic failed with error -22
[  403.705479][ T5140] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  403.716984][   T46] usb 5-1: USB disconnect, device number 35
[  403.743456][ T5140] cp210x 2-1:255.71: device disconnected
[  403.767234][ T5142] usb 3-1: USB disconnect, device number 30
[  403.819648][ T5140] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  403.849531][ T5140] cp210x 2-1:255.2: device disconnected
[  403.873393][ T5140] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  403.892651][ T5140] cp210x 2-1:255.3: device disconnected
[  405.976913][ T5140] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  405.986985][    T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  406.189421][    T9] usb 5-1: Using ep0 maxpacket: 8
[  406.200413][ T5140] usb 4-1: config index 0 descriptor too short (expected 146, got 18)
[  406.216994][ T5140] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  406.257601][    T9] usb 5-1: config 255 has an invalid interface number: 71 but max is 1
[  406.279696][ T5140] usb 4-1: config 0 has no interfaces?
[  406.285404][    T9] usb 5-1: config 255 has an invalid interface number: 2 but max is 1
[  406.321976][    T9] usb 5-1: config 255 has an invalid interface number: 3 but max is 1
[  406.347054][ T5140] usb 4-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  406.356174][ T5140] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.368221][    T9] usb 5-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  406.396874][    T9] usb 5-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  406.413179][ T5140] usb 4-1: Product: syz
[  406.426870][ T5140] usb 4-1: Manufacturer: syz
[  406.431546][ T5140] usb 4-1: SerialNumber: syz
[  406.437386][    T9] usb 5-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  406.453259][ T5140] usb 4-1: config 0 descriptor??
[  406.458872][    T9] usb 5-1: config 255 has no interface number 0
[  406.475681][    T9] usb 5-1: config 255 has no interface number 1
[  406.496070][    T9] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  406.516870][    T9] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  406.551827][    T9] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  406.604557][    T9] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  406.627696][    T9] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  406.646681][    T9] usb 5-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  406.658867][    T9] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  406.670529][    T9] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  406.682501][    T9] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  406.694355][    T9] usb 5-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  406.710524][    T9] usb 5-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  406.752830][    T9] usb 5-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  406.791726][    T9] usb 5-1: config 255 interface 71 has no altsetting 0
[  406.799136][    T9] usb 5-1: config 255 interface 2 has no altsetting 0
[  406.806291][    T9] usb 5-1: config 255 interface 3 has no altsetting 0
[  406.823863][    T9] usb 5-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  406.835790][   T46] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  406.845848][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.855396][    T9] usb 5-1: Product: ࠉ
[  406.860025][    T9] usb 5-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  406.878374][    T9] usb 5-1: SerialNumber: Е
[  407.016903][   T46] usb 1-1: Using ep0 maxpacket: 16
[  407.024416][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  407.039319][   T46] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  407.047035][ T5140] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  407.048865][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.079835][   T46] usb 1-1: config 0 descriptor??
[  407.237054][ T5140] usb 2-1: Using ep0 maxpacket: 16
[  407.245213][ T5140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  407.257094][ T5140] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  407.270397][ T5140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.282859][ T5140] usb 2-1: config 0 descriptor??
[  407.299277][    T9] cp210x 5-1:255.71: cp210x converter detected
[  407.320045][    T9] cp210x 5-1:255.71: failed to get vendor val 0x370b size 1: -71
[  407.328165][    T9] cp210x 5-1:255.71: querying part number failed
[  407.339518][    T9] usb 5-1: cp210x converter now attached to ttyUSB0
[  407.357881][    T9] cp210x 5-1:255.2: cp210x converter detected
[  407.366701][    T9] cp210x 5-1:255.2: failed to get vendor val 0x370b size 1: -71
[  407.374628][    T9] cp210x 5-1:255.2: querying part number failed
[  407.389330][    T9] usb 5-1: cp210x converter now attached to ttyUSB1
[  407.399259][    T9] cp210x 5-1:255.3: cp210x converter detected
[  407.406278][    T9] cp210x 5-1:255.3: failed to get vendor val 0x370b size 1: -71
[  407.414222][    T9] cp210x 5-1:255.3: querying part number failed
[  407.426220][    T9] usb 5-1: cp210x converter now attached to ttyUSB2
[  407.447428][    T9] usb 5-1: USB disconnect, device number 36
[  407.469593][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  407.507151][    T9] cp210x 5-1:255.71: device disconnected
[  407.526039][ T9111] syz.3.1118[9111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.526250][ T9111] syz.3.1118[9111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.543706][    T9] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  407.621457][ T9095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.668816][ T9095] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.679430][    T9] cp210x 5-1:255.2: device disconnected
[  407.686014][ T9108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.712048][ T9108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.722474][    T9] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  407.734480][   T46] hid (null): unknown global tag 0xd
[  407.739585][    T9] cp210x 5-1:255.3: device disconnected
[  407.767899][   T46] hid-generic 0003:0158:0100.0016: unknown main item tag 0x1
[  407.794757][   T46] hid-generic 0003:0158:0100.0016: unexpected long global item
[  407.812434][   T46] hid-generic 0003:0158:0100.0016: probe with driver hid-generic failed with error -22
[  407.981241][   T46] usb 1-1: USB disconnect, device number 27
[  408.129572][ T5140] usbhid 2-1:0.0: can't add hid device: -71
[  408.135663][ T5140] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  408.146427][ T5140] usb 2-1: USB disconnect, device number 32
[  409.060651][ T9122] overlayfs: overlapping lowerdir path
[  410.994139][ T5227] usb 4-1: USB disconnect, device number 32
[  412.357863][ T5170] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  412.579393][ T5170] usb 2-1: Using ep0 maxpacket: 32
[  412.596527][ T5170] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  412.609205][ T5170] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.638775][ T5170] usb 2-1: config 0 descriptor??
[  412.653659][ T5170] gspca_main: sunplus-2.14.0 probing 0458:7006
[  412.797243][   T46] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  413.076615][ T9142] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  413.105357][   T46] usb 1-1: Using ep0 maxpacket: 16
[  413.121825][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  413.150972][   T46] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  413.179852][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.203960][   T46] usb 1-1: config 0 descriptor??
[  413.547135][ T5140] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  413.649466][ T9157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.668218][ T9157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.708649][   T46] hid (null): report_id 653656870 is invalid
[  413.724758][ T5170] gspca_sunplus: reg_w_riv err -71
[  413.735948][ T5170] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  413.740209][   T46] hid (null): unknown global tag 0x8d
[  413.756457][ T5140] usb 5-1: config index 0 descriptor too short (expected 146, got 18)
[  413.771145][ T5170] usb 2-1: USB disconnect, device number 33
[  413.777936][ T5140] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.792111][   T46] hid (null): unknown global tag 0xd
[  413.794619][ T5140] usb 5-1: config 0 has no interfaces?
[  413.812984][ T5140] usb 5-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  413.832578][ T5140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.838383][   T46] hid-generic 0003:0158:0100.0017: unknown main item tag 0x1
[  413.868940][   T46] hid-generic 0003:0158:0100.0017: unexpected long global item
[  413.891851][   T46] hid-generic 0003:0158:0100.0017: probe with driver hid-generic failed with error -22
[  413.897066][ T5140] usb 5-1: Product: syz
[  413.926883][ T5140] usb 5-1: Manufacturer: syz
[  413.932796][ T5140] usb 5-1: SerialNumber: syz
[  413.938689][   T46] usb 1-1: USB disconnect, device number 28
[  413.960010][ T5140] usb 5-1: config 0 descriptor??
[  415.304633][ T9199] syz.4.1140[9199] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.304941][ T9199] syz.4.1140[9199] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.316432][ T5170] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  415.583282][ T5170] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  415.617946][ T5170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.626164][ T5170] usb 2-1: Product: syz
[  415.653055][ T5170] usb 2-1: Manufacturer: syz
[  415.676317][ T5170] usb 2-1: SerialNumber: syz
[  415.700912][ T5170] usb 2-1: config 0 descriptor??
[  415.986123][ T5170] usb 2-1: USB disconnect, device number 34
[  416.025426][ T9216] overlayfs: overlapping lowerdir path
[  416.975183][ T5200] usb 5-1: USB disconnect, device number 37
[  417.241375][ T9053] udevd[9053]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  417.600045][ T9239] befs: (nullb0): No write support. Marking filesystem read-only
[  417.623150][ T9239] befs: (nullb0): invalid magic header
[  417.677031][ T5200] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  417.897002][ T5200] usb 5-1: Using ep0 maxpacket: 32
[  417.905552][ T5200] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  417.916689][ T5200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.935863][ T5200] usb 5-1: config 0 descriptor??
[  417.947955][ T5200] gspca_main: sunplus-2.14.0 probing 0458:7006
[  418.048475][ T9251] tipc: Started in network mode
[  418.053481][ T9251] tipc: Node identity e2c744c6c204, cluster identity 4711
[  418.068405][ T9251] tipc: Enabled bearer <eth:xfrm0>, priority 0
[  418.360215][ T9227] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  418.719379][ T9259] overlayfs: overlapping lowerdir path
[  419.438780][ T5200] gspca_sunplus: reg_w_riv err -110
[  419.444165][ T5200] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  419.455822][   T46] tipc: Node number set to 549668038
[  419.500620][ T9261] MD5 Hash not found for [fe80::bb].0->[ff02::1].20002 [FP]L3 index 0
[  419.707559][ T5170] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  419.917007][ T5170] usb 4-1: Using ep0 maxpacket: 16
[  419.950585][ T5170] usb 4-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[  420.013906][ T5170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.062002][ T5170] usb 4-1: config 0 descriptor??
[  420.072699][ T9278] xt_CT: You must specify a L4 protocol and not use inversions on it
[  420.079492][ T9279] xt_CT: You must specify a L4 protocol and not use inversions on it
[  420.117127][ T5170] gspca_main: sq905c-2.14.0 probing 2770:9050
[  420.829296][ T5170] gspca_sq905c: sq905c_read: usb_control_msg failed (-110)
[  420.837202][ T5170] sq905c 4-1:0.0: Reading version command failed
[  420.861166][ T5170] sq905c 4-1:0.0: probe with driver sq905c failed with error -110
[  420.937041][  T932] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  421.093536][ T5200] usb 5-1: USB disconnect, device number 38
[  421.127250][  T932] usb 3-1: Using ep0 maxpacket: 16
[  421.153155][  T932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  421.185078][  T932] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  421.203844][  T932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.248789][  T932] usb 3-1: config 0 descriptor??
[  421.706716][ T9281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.730886][ T9281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.784717][  T932] hid (null): unknown global tag 0xd
[  421.826559][  T932] hid-generic 0003:0158:0100.0018: unknown main item tag 0x1
[  421.862119][  T932] hid-generic 0003:0158:0100.0018: unexpected long global item
[  421.911588][  T932] hid-generic 0003:0158:0100.0018: probe with driver hid-generic failed with error -22
[  421.934245][ T5170] usb 4-1: USB disconnect, device number 33
[  421.957099][ T9299] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1190'.
[  422.860252][ T5142] usb 3-1: USB disconnect, device number 31
[  423.287726][ T5200] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  423.296029][ T9315] xt_CT: You must specify a L4 protocol and not use inversions on it
[  423.497066][ T5200] usb 1-1: Using ep0 maxpacket: 32
[  423.509180][ T5200] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  423.519637][   T46] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  423.535306][ T5200] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.593546][ T5200] usb 1-1: config 0 descriptor??
[  423.636153][ T5200] gspca_main: sunplus-2.14.0 probing 0458:7006
[  423.747617][   T46] usb 5-1: Using ep0 maxpacket: 8
[  423.773854][   T46] usb 5-1: New USB device found, idVendor=04b4, idProduct=931d, bcdDevice=c0.eb
[  423.793386][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.807730][   T46] usb 5-1: Product: syz
[  423.812147][   T46] usb 5-1: Manufacturer: syz
[  423.818806][   T46] usb 5-1: SerialNumber: syz
[  423.842792][   T46] usb 5-1: config 0 descriptor??
[  424.184369][ T9335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.209407][ T9335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.264280][ T9299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.424680][ T9299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.478746][ T9299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.519995][ T9299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.547867][ T5200] gspca_sunplus: reg_w_riv err -110
[  424.554363][ T9299] devtmpfs: Unknown parameter 'trans'
[  424.563246][   T46] usb 5-1: can't set first interface for hiFace device.
[  424.582467][ T5200] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  424.600741][   T46] snd-usb-hiface 5-1:0.0: probe with driver snd-usb-hiface failed with error -5
[  424.640961][ T5200] usb 1-1: USB disconnect, device number 29
[  424.678612][   T46] usb 5-1: USB disconnect, device number 39
[  425.287339][ T9353] xt_CT: You must specify a L4 protocol and not use inversions on it
[  427.928357][ T9390] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1221'.
[  428.061606][ T9395] xt_socket: unknown flags 0x8
[  428.071841][ T9395] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  428.229590][ T9392] overlayfs: failed to resolve './file1': -2
[  429.367132][ T5170] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  429.604654][ T9419] xt_CT: You must specify a L4 protocol and not use inversions on it
[  429.713852][ T5170] usb 5-1: config index 0 descriptor too short (expected 146, got 18)
[  429.907010][ T5170] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  430.867323][ T5170] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  430.887867][ T5170] usb 5-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  430.897778][ T5170] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.912203][ T5170] usb 5-1: Product: syz
[  430.941454][ T5170] usb 5-1: Manufacturer: syz
[  430.968819][ T5170] usb 5-1: SerialNumber: syz
[  430.999785][ T5170] usb 5-1: config 0 descriptor??
[  431.005424][ T9430] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1232'.
[  431.026912][ T9430] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1232'.
[  431.287046][ T9442] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1238'.
[  431.917045][ T5227] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  432.292699][ T9457] syz.4.1224[9457] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  432.292870][ T9457] syz.4.1224[9457] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  432.307571][ T5227] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.369619][ T5227] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  433.391073][ T5227] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  433.400320][ T5227] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.417705][ T5227] usb 4-1: config 0 descriptor??
[  433.457295][ T5227] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  433.515702][ T9466] xt_CT: You must specify a L4 protocol and not use inversions on it
[  434.840978][ T5227] usb 5-1: USB disconnect, device number 40
[  434.955029][ T9486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1251'.
[  435.077111][ T9488] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1252'.
[  435.094819][ T9488] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1252'.
[  435.262419][ T5103] Bluetooth: hci4: Ignoring connect complete event for invalid link type
[  435.437067][   T46] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  435.506652][ T9501] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  435.518687][ T9501] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  435.637074][   T46] usb 5-1: Using ep0 maxpacket: 8
[  435.680184][   T46] usb 5-1: config 255 has an invalid interface number: 71 but max is 1
[  435.692349][   T46] usb 5-1: config 255 has an invalid interface number: 2 but max is 1
[  435.746766][   T46] usb 5-1: config 255 has an invalid interface number: 3 but max is 1
[  435.767178][   T46] usb 5-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  435.770303][  T932] usb 4-1: USB disconnect, device number 34
[  435.782410][   T46] usb 5-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  435.804980][   T46] usb 5-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  435.845199][   T46] usb 5-1: config 255 has no interface number 0
[  435.854970][   T46] usb 5-1: config 255 has no interface number 1
[  435.867036][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  435.881238][   T46] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  435.906225][   T46] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  435.976633][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  436.008891][   T46] usb 5-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  436.036641][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  436.114645][   T46] usb 5-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  436.155233][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  436.175611][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  436.357376][   T46] usb 5-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  436.386924][   T46] usb 5-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  436.413246][   T46] usb 5-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  436.478239][   T46] usb 5-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  436.492248][   T46] usb 5-1: config 255 interface 71 has no altsetting 0
[  436.844054][   T46] usb 5-1: config 255 interface 2 has no altsetting 0
[  436.852092][   T46] usb 5-1: config 255 interface 3 has no altsetting 0
[  436.869106][   T46] usb 5-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  436.878723][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.290128][   T46] usb 5-1: Product: ࠉ
[  437.312396][ T9513] xt_CT: You must specify a L4 protocol and not use inversions on it
[  437.326896][   T46] usb 5-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  437.396414][   T46] usb 5-1: SerialNumber: Е
[  437.545558][ T9522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1263'.
[  437.646980][ T5140] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  437.847569][ T5140] usb 3-1: Using ep0 maxpacket: 32
[  437.858680][ T5227] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  437.872926][ T5140] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  437.885613][   T46] cp210x 5-1:255.71: cp210x converter detected
[  437.906716][ T5140] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.934549][ T5140] usb 3-1: config 0 descriptor??
[  437.957053][   T46] cp210x 5-1:255.71: failed to get vendor val 0x370b size 1: -71
[  437.968134][ T5140] gspca_main: sunplus-2.14.0 probing 0458:7006
[  438.016057][   T46] cp210x 5-1:255.71: querying part number failed
[  438.042144][   T46] usb 5-1: cp210x converter now attached to ttyUSB0
[  438.068819][   T46] cp210x 5-1:255.2: cp210x converter detected
[  438.078019][   T46] cp210x 5-1:255.2: failed to get vendor val 0x370b size 1: -71
[  438.101239][   T46] cp210x 5-1:255.2: querying part number failed
[  438.109170][ T5227] usb 2-1: Using ep0 maxpacket: 32
[  438.134139][ T5227] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  438.135566][   T46] usb 5-1: cp210x converter now attached to ttyUSB1
[  438.151892][ T5227] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.183573][ T5227] usb 2-1: config 0 descriptor??
[  438.187056][ T5170] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  438.201554][   T46] cp210x 5-1:255.3: cp210x converter detected
[  438.211236][ T5227] gspca_main: sunplus-2.14.0 probing 0458:7006
[  438.231148][   T46] cp210x 5-1:255.3: failed to get vendor val 0x370b size 1: -71
[  438.249597][   T46] cp210x 5-1:255.3: querying part number failed
[  438.268564][   T46] usb 5-1: cp210x converter now attached to ttyUSB2
[  438.288440][   T46] usb 5-1: USB disconnect, device number 41
[  438.313794][   T46] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  438.327914][   T46] cp210x 5-1:255.71: device disconnected
[  438.365874][ T9516] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  438.390513][ T5170] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.409729][ T5170] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  438.418357][   T46] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  438.448673][ T5170] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  438.461115][   T46] cp210x 5-1:255.2: device disconnected
[  438.490976][   T46] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  438.505061][ T5170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.511438][   T46] cp210x 5-1:255.3: device disconnected
[  438.581259][ T5170] usb 4-1: config 0 descriptor??
[  438.606221][ T5170] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  438.667411][ T9520] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  438.979337][ T5140] gspca_sunplus: reg_w_riv err -71
[  439.008798][ T5140] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  439.057684][ T5140] usb 3-1: USB disconnect, device number 32
[  439.522826][ T9547] overlayfs: overlapping lowerdir path
[  439.648929][ T5227] gspca_sunplus: reg_w_riv err -110
[  439.655917][ T5227] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[  440.510921][ T5227] usb 2-1: USB disconnect, device number 35
[  440.582114][ T9557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1275'.
[  440.725320][ T9564] xt_CT: You must specify a L4 protocol and not use inversions on it
[  440.911314][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  440.918045][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  441.117562][ T5227] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  441.316953][ T5227] usb 2-1: Using ep0 maxpacket: 8
[  441.348065][ T5227] usb 2-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5
[  441.349986][ T5170] usb 4-1: USB disconnect, device number 35
[  441.373821][ T5227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.401848][ T5227] usb 2-1: Product: syz
[  441.427196][ T5227] usb 2-1: Manufacturer: syz
[  441.435799][ T5227] usb 2-1: SerialNumber: syz
[  441.466441][ T5227] usb 2-1: config 0 descriptor??
[  441.670167][ T5227] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected.
[  442.897368][ T5141] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  443.097047][ T5141] usb 4-1: Using ep0 maxpacket: 32
[  443.423765][ T5141] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  443.436000][ T5141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.455245][ T9613] xt_CT: You must specify a L4 protocol and not use inversions on it
[  443.473921][ T5141] usb 4-1: config 0 descriptor??
[  443.514102][ T5141] gspca_main: sunplus-2.14.0 probing 0458:7006
[  443.941929][ T9588] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  443.977205][ T5227] pwc: Failed to set LED on/off time (-71)
[  444.011566][ T5227] pwc: send_video_command error -71
[  444.040831][ T5227] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  444.081689][ T5227] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  444.148759][ T5227] usb 2-1: USB disconnect, device number 36
[  444.477189][ T5170] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  445.129754][ T5141] gspca_sunplus: reg_w_riv err -110
[  445.147136][ T5141] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  445.164397][ T9627] block nbd1: shutting down sockets
[  445.191113][ T5141] usb 4-1: USB disconnect, device number 36
[  445.439010][ T9632] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1300'.
[  445.450649][ T5170] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  445.475507][ T5170] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  445.514711][ T5170] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  445.540049][ T5170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.590171][ T5170] usb 3-1: config 0 descriptor??
[  445.611678][ T5170] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  446.089921][ T9658] xt_CT: You must specify a L4 protocol and not use inversions on it
[  446.117205][ T9659] xt_CT: You must specify a L4 protocol and not use inversions on it
[  446.291726][ T9661] FAULT_INJECTION: forcing a failure.
[  446.291726][ T9661] name failslab, interval 1, probability 0, space 0, times 0
[  446.325965][ T9661] CPU: 1 PID: 9661 Comm: syz.1.1308 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  446.336105][ T9661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  446.346183][ T9661] Call Trace:
[  446.349472][ T9661]  <TASK>
[  446.352407][ T9661]  dump_stack_lvl+0x241/0x360
[  446.357113][ T9661]  ? __pfx_dump_stack_lvl+0x10/0x10
[  446.362321][ T9661]  ? __pfx__printk+0x10/0x10
[  446.366935][ T9661]  ? __pfx___might_resched+0x10/0x10
[  446.372261][ T9661]  should_fail_ex+0x3b0/0x4e0
[  446.376984][ T9661]  ? io_alloc_async_data+0x7a/0x120
[  446.382386][ T9661]  should_failslab+0x9/0x20
[  446.386903][ T9661]  __kmalloc_noprof+0xd8/0x400
[  446.391675][ T9661]  ? percpu_ref_get_many+0x1f/0x1d0
[  446.396894][ T9661]  io_alloc_async_data+0x7a/0x120
[  446.401926][ T9661]  io_msg_alloc_async+0x1b7/0x300
[  446.406963][ T9661]  io_recvmsg_prep+0x5e6/0xf90
[  446.411738][ T9661]  ? __pfx_io_recvmsg_prep+0x10/0x10
[  446.417047][ T9661]  ? __io_alloc_req_refill+0x237/0x2d0
[  446.422529][ T9661]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  446.428368][ T9661]  ? io_task_refs_refill+0xbb/0x180
[  446.433578][ T9661]  io_submit_sqes+0x9c4/0x1bf0
[  446.438383][ T9661]  __se_sys_io_uring_enter+0x2d4/0x2670
[  446.443956][ T9661]  ? vfs_write+0x7c4/0xc90
[  446.448509][ T9661]  ? __pfx_vfs_write+0x10/0x10
[  446.453319][ T9661]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  446.459346][ T9661]  ? __fget_files+0x3f6/0x470
[  446.464072][ T9661]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  446.470092][ T9661]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  446.476442][ T9661]  ? do_syscall_64+0x100/0x230
[  446.481231][ T9661]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  446.486789][ T9661]  do_syscall_64+0xf3/0x230
[  446.491325][ T9661]  ? clear_bhb_loop+0x35/0x90
[  446.496013][ T9661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.502006][ T9661] RIP: 0033:0x7f3a9f175bd9
[  446.506511][ T9661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.526208][ T9661] RSP: 002b:00007f3a9ffa9048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  446.534714][ T9661] RAX: ffffffffffffffda RBX: 00007f3a9f303f60 RCX: 00007f3a9f175bd9
[  446.542710][ T9661] RDX: 0000000000000000 RSI: 00000000000008aa RDI: 0000000000000004
[  446.550686][ T9661] RBP: 00007f3a9ffa90a0 R08: 0000000000000000 R09: 0000000000000000
[  446.558698][ T9661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  446.566669][ T9661] R13: 000000000000000b R14: 00007f3a9f303f60 R15: 00007ffeb6ee2438
[  446.574772][ T9661]  </TASK>
[  446.955876][ T5103] Bluetooth: hci3: unexpected event for opcode 0x0c25
[  446.999070][ T9673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1312'.
[  447.693229][ T5227] usb 3-1: USB disconnect, device number 33
[  448.077134][ T5170] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  448.193183][ T9693] xt_CT: You must specify a L4 protocol and not use inversions on it
[  448.196962][ T5141] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  448.275018][ T5170] usb 4-1: Using ep0 maxpacket: 32
[  448.286018][ T5170] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  448.315737][ T5170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.357612][ T5170] usb 4-1: config 0 descriptor??
[  448.378638][ T5170] gspca_main: sunplus-2.14.0 probing 0458:7006
[  448.427145][ T5141] usb 2-1: Using ep0 maxpacket: 8
[  448.450196][ T5141] usb 2-1: config 255 has an invalid interface number: 71 but max is 1
[  448.471149][ T5141] usb 2-1: config 255 has an invalid interface number: 2 but max is 1
[  448.496761][ T5141] usb 2-1: config 255 has an invalid interface number: 3 but max is 1
[  448.531958][ T5087] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  448.534286][ T5141] usb 2-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  448.551460][ T5087] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  448.561557][ T5087] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  448.575698][ T5087] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  448.590059][ T5087] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  448.602280][ T5141] usb 2-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  448.602528][ T5087] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  448.633260][ T5141] usb 2-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  448.657499][ T5141] usb 2-1: config 255 has no interface number 0
[  448.663881][ T5141] usb 2-1: config 255 has no interface number 1
[  448.671461][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  448.684608][ T5141] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  448.696245][ T5141] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  448.707799][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  448.719350][ T5141] usb 2-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  448.730780][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  448.752845][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  448.765398][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  448.779924][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  448.801089][ T5141] usb 2-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  448.802164][ T2823] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.813011][ T5141] usb 2-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  448.837819][ T5140] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  448.846120][ T9684] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  448.862844][ T5141] usb 2-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  448.876216][ T5141] usb 2-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  448.889550][ T9703] IPVS: set_ctl: invalid protocol: 0 172.20.20.170:0
[  448.897782][ T5141] usb 2-1: config 255 interface 71 has no altsetting 0
[  448.905440][ T5141] usb 2-1: config 255 interface 2 has no altsetting 0
[  448.913539][ T5141] usb 2-1: config 255 interface 3 has no altsetting 0
[  448.944270][ T5141] usb 2-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  448.954601][ T5141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.964777][ T5141] usb 2-1: Product: ࠉ
[  448.977368][ T5141] usb 2-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  448.998193][ T5141] usb 2-1: SerialNumber: Е
[  449.036970][ T5140] usb 1-1: Using ep0 maxpacket: 16
[  449.048334][ T5140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  449.048935][ T2823] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.061501][ T5140] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  449.084879][ T5140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.137002][ T5140] usb 1-1: config 0 descriptor??
[  449.214089][ T2823] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.306190][ T2823] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.441057][ T5141] cp210x 2-1:255.71: cp210x converter detected
[  449.497984][ T5170] gspca_sunplus: reg_w_riv err -71
[  449.503192][ T5170] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  449.534739][ T5141] cp210x 2-1:255.71: failed to get vendor val 0x370b size 1: -71
[  449.580588][ T5170] usb 4-1: USB disconnect, device number 37
[  449.588570][ T5141] cp210x 2-1:255.71: querying part number failed
[  449.599973][ T9700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.636573][ T5141] usb 2-1: cp210x converter now attached to ttyUSB0
[  449.643275][ T9700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.654619][ T5140] hid (null): report_id 653656870 is invalid
[  449.690586][ T5140] hid (null): unknown global tag 0x8d
[  449.717204][ T5140] hid (null): unknown global tag 0xd
[  449.742521][ T5140] hid-generic 0003:0158:0100.0019: unknown main item tag 0x1
[  449.752983][ T5141] cp210x 2-1:255.2: cp210x converter detected
[  449.770621][ T5140] hid-generic 0003:0158:0100.0019: unexpected long global item
[  449.789900][ T5141] cp210x 2-1:255.2: failed to get vendor val 0x370b size 1: -71
[  449.803213][ T9709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1323'.
[  449.811668][ T5140] hid-generic 0003:0158:0100.0019: probe with driver hid-generic failed with error -22
[  449.823188][ T5141] cp210x 2-1:255.2: querying part number failed
[  449.844386][ T2823] bridge_slave_1: left allmulticast mode
[  449.847982][ T5141] usb 2-1: cp210x converter now attached to ttyUSB1
[  449.871448][ T5140] usb 1-1: USB disconnect, device number 30
[  449.881284][ T5141] cp210x 2-1:255.3: cp210x converter detected
[  449.881402][ T2823] bridge_slave_1: left promiscuous mode
[  449.898827][ T5141] cp210x 2-1:255.3: failed to get vendor val 0x370b size 1: -71
[  449.906535][ T5141] cp210x 2-1:255.3: querying part number failed
[  449.912625][ T2823] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.924481][ T5141] usb 2-1: cp210x converter now attached to ttyUSB2
[  449.925715][ T2823] bridge_slave_0: left allmulticast mode
[  449.937550][ T2823] bridge_slave_0: left promiscuous mode
[  449.950039][ T5141] usb 2-1: USB disconnect, device number 37
[  449.957808][ T2823] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.023762][ T2823] tipc: Resetting bearer <eth:xfrm0>
[  450.183081][ T5141] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  450.201032][ T5141] cp210x 2-1:255.71: device disconnected
[  450.238030][ T5141] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  450.263866][ T5141] cp210x 2-1:255.2: device disconnected
[  450.290620][ T5141] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  450.319553][ T5141] cp210x 2-1:255.3: device disconnected
[  450.520569][ T2823] tipc: Disabling bearer <eth:xfrm0>
[  450.657260][ T5103] Bluetooth: hci4: command tx timeout
[  450.705754][ T9730] xt_CT: You must specify a L4 protocol and not use inversions on it
[  451.354748][ T2823] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  451.425423][ T2823] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  451.473312][ T2823] bond0 (unregistering): Released all slaves
[  451.666151][ T9697] chnl_net:caif_netlink_parms(): no params data found
[  451.820455][ T2823] tipc: Left network mode
[  452.014602][ T9749] 9pnet_fd: Insufficient options for proto=fd
[  452.739183][ T5103] Bluetooth: hci4: command tx timeout
[  452.749875][ T9697] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.759165][ T9697] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.767004][ T9697] bridge_slave_0: entered allmulticast mode
[  452.774700][ T9697] bridge_slave_0: entered promiscuous mode
[  452.787934][ T9697] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.795858][ T9697] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.803464][ T9697] bridge_slave_1: entered allmulticast mode
[  452.811188][ T9697] bridge_slave_1: entered promiscuous mode
[  452.927245][ T5141] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  453.126904][ T5141] usb 5-1: Using ep0 maxpacket: 16
[  453.165084][ T5141] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  453.191395][ T9697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.201750][ T5141] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  453.231527][ T9781] xt_CT: You must specify a L4 protocol and not use inversions on it
[  453.248438][ T5141] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.277791][ T2823] hsr_slave_0: left promiscuous mode
[  453.309495][ T2823] hsr_slave_1: left promiscuous mode
[  453.336013][ T5141] usb 5-1: config 0 descriptor??
[  453.383700][ T2823] veth0_macvtap: left promiscuous mode
[  453.392655][ T2823] veth1_vlan: left promiscuous mode
[  453.401814][ T2823] veth0_vlan: left promiscuous mode
[  453.815786][ T9766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.862626][ T9766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.944070][ T5141] hid (null): report_id 653656870 is invalid
[  453.983609][ T5141] hid (null): unknown global tag 0x8d
[  453.991718][ T5141] hid (null): unknown global tag 0xd
[  454.024982][ T5141] hid-generic 0003:0158:0100.001A: unknown main item tag 0x1
[  454.043229][ T5141] hid-generic 0003:0158:0100.001A: unexpected long global item
[  454.070258][ T5141] hid-generic 0003:0158:0100.001A: probe with driver hid-generic failed with error -22
[  454.195001][ T5227] usb 5-1: USB disconnect, device number 42
[  454.337124][ T9789] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1344'.
[  454.703632][ T5103] Bluetooth: hci1: unexpected event for opcode 0x0c25
[  454.816896][ T5103] Bluetooth: hci4: command tx timeout
[  455.102729][ T9803] FAULT_INJECTION: forcing a failure.
[  455.102729][ T9803] name failslab, interval 1, probability 0, space 0, times 0
[  455.147917][ T9803] CPU: 1 PID: 9803 Comm: syz.0.1348 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  455.158054][ T9803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  455.168136][ T9803] Call Trace:
[  455.171544][ T9803]  <TASK>
[  455.174571][ T9803]  dump_stack_lvl+0x241/0x360
[  455.179357][ T9803]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.184577][ T9803]  ? __pfx__printk+0x10/0x10
[  455.189196][ T9803]  ? __pfx___might_resched+0x10/0x10
[  455.194517][ T9803]  should_fail_ex+0x3b0/0x4e0
[  455.199247][ T9803]  ? nla_strdup+0x9c/0x140
[  455.203701][ T9803]  should_failslab+0x9/0x20
[  455.208235][ T9803]  __kmalloc_noprof+0xd8/0x400
[  455.213009][ T9803]  ? __kasan_kmalloc+0x98/0xb0
[  455.217791][ T9803]  nla_strdup+0x9c/0x140
[  455.222069][ T9803]  nf_tables_newtable+0x59d/0x1dc0
[  455.227190][ T9803]  ? nfnl_pernet+0x23/0x240
[  455.231703][ T9803]  ? __pfx_nf_tables_newtable+0x10/0x10
[  455.237287][ T9803]  ? __nla_parse+0x40/0x60
[  455.241726][ T9803]  nfnetlink_rcv+0x1427/0x2a80
[  455.246545][ T9803]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  455.251756][ T9803]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  455.257695][ T9803]  ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70
[  455.264327][ T9803]  ? rcu_read_unlock_special+0x470/0x550
[  455.270006][ T9803]  ? skb_clone+0x240/0x390
[  455.274450][ T9803]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  455.280469][ T9803]  ? __rcu_read_unlock+0xa1/0x110
[  455.285524][ T9803]  netlink_unicast+0x7ea/0x980
[  455.290329][ T9803]  ? __pfx_netlink_unicast+0x10/0x10
[  455.295625][ T9803]  ? __virt_addr_valid+0x183/0x520
[  455.300757][ T9803]  ? __check_object_size+0x49c/0x900
[  455.306052][ T9803]  ? bpf_lsm_netlink_send+0x9/0x10
[  455.311178][ T9803]  netlink_sendmsg+0x8db/0xcb0
[  455.315968][ T9803]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.321266][ T9803]  ? __mutex_trylock_common+0x183/0x2e0
[  455.326839][ T9803]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  455.332134][ T9803]  ? security_socket_sendmsg+0x87/0xb0
[  455.337612][ T9803]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.342934][ T9803]  __sock_sendmsg+0x221/0x270
[  455.347618][ T9803]  sock_sendmsg+0x134/0x200
[  455.352147][ T9803]  ? __pfx_sock_sendmsg+0x10/0x10
[  455.357207][ T9803]  ? iov_iter_bvec+0x4e/0x180
[  455.361901][ T9803]  splice_to_socket+0xa13/0x10b0
[  455.366889][ T9803]  ? __pfx_splice_to_socket+0x10/0x10
[  455.372314][ T9803]  ? __lock_acquire+0x1346/0x1fd0
[  455.377357][ T9803]  ? bpf_lsm_file_permission+0x9/0x10
[  455.382730][ T9803]  ? security_file_permission+0x7f/0xa0
[  455.388291][ T9803]  ? rw_verify_area+0x1d2/0x6b0
[  455.393162][ T9803]  ? __pfx_splice_to_socket+0x10/0x10
[  455.398548][ T9803]  do_splice+0xd77/0x1900
[  455.402902][ T9803]  ? __pfx_lock_release+0x10/0x10
[  455.408023][ T9803]  ? vfs_write+0x7c4/0xc90
[  455.412470][ T9803]  ? __mutex_unlock_slowpath+0x21d/0x750
[  455.418155][ T9803]  ? pipe_clear_nowait+0x196/0x220
[  455.423379][ T9803]  ? __pfx_do_splice+0x10/0x10
[  455.428170][ T9803]  __se_sys_splice+0x331/0x4a0
[  455.432962][ T9803]  ? __pfx___se_sys_splice+0x10/0x10
[  455.438266][ T9803]  ? do_syscall_64+0x100/0x230
[  455.443049][ T9803]  ? __x64_sys_splice+0x21/0xf0
[  455.447943][ T9803]  do_syscall_64+0xf3/0x230
[  455.452491][ T9803]  ? clear_bhb_loop+0x35/0x90
[  455.457281][ T9803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.463212][ T9803] RIP: 0033:0x7fc591d75bd9
[  455.467641][ T9803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.487267][ T9803] RSP: 002b:00007fc592b8f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  455.495713][ T9803] RAX: ffffffffffffffda RBX: 00007fc591f04038 RCX: 00007fc591d75bd9
[  455.503693][ T9803] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  455.511669][ T9803] RBP: 00007fc592b8f0a0 R08: 0000000000007fff R09: 0000000000000000
[  455.519644][ T9803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.527740][ T9803] R13: 000000000000006e R14: 00007fc591f04038 R15: 00007ffc938cbd78
[  455.535766][ T9803]  </TASK>
[  455.627025][ T5200] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  455.818124][ T5200] usb 5-1: Using ep0 maxpacket: 16
[  455.853156][ T5200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  455.887907][ T5200] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  455.966700][ T5200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.013402][ T5200] usb 5-1: config 0 descriptor??
[  456.127819][ T2823] team0 (unregistering): Port device team_slave_1 removed
[  456.285343][ T2823] team0 (unregistering): Port device team_slave_0 removed
[  456.466460][ T9801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.493228][ T9801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.516009][ T5200] hid (null): unknown global tag 0xd
[  456.548815][ T5200] hid-generic 0003:0158:0100.001B: unknown main item tag 0x1
[  456.575733][ T5200] hid-generic 0003:0158:0100.001B: unexpected long global item
[  456.594401][ T5200] hid-generic 0003:0158:0100.001B: probe with driver hid-generic failed with error -22
[  456.718664][ T5200] usb 5-1: USB disconnect, device number 43
[  456.897356][ T5103] Bluetooth: hci4: command tx timeout
[  457.318026][ T9697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  457.503177][ T9697] team0: Port device team_slave_0 added
[  457.545344][ T9697] team0: Port device team_slave_1 added
[  457.615498][ T9813] xt_CT: You must specify a L4 protocol and not use inversions on it
[  457.764408][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_0
[  457.774714][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  457.831076][ T9697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  457.890671][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_1
[  457.922859][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  457.960340][   T46] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  458.019445][ T9697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.103197][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1354'.
[  458.167451][   T46] usb 2-1: Using ep0 maxpacket: 16
[  458.205175][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  458.222091][   T46] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  458.236118][   T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.282034][   T46] usb 2-1: config 0 descriptor??
[  458.293168][ T9697] hsr_slave_0: entered promiscuous mode
[  458.321292][ T9697] hsr_slave_1: entered promiscuous mode
[  458.497814][ T9828] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1355'.
[  458.680417][ T2823] IPVS: stop unused estimator thread 0...
[  458.783505][ T9816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.797234][ T9816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.867696][   T46] hid (null): report_id 653656870 is invalid
[  458.901532][   T46] hid (null): unknown global tag 0x8d
[  458.928073][   T46] hid (null): unknown global tag 0xd
[  458.956059][   T46] hid-generic 0003:0158:0100.001C: unknown main item tag 0x1
[  458.976640][   T46] hid-generic 0003:0158:0100.001C: unexpected long global item
[  458.999631][   T46] hid-generic 0003:0158:0100.001C: probe with driver hid-generic failed with error -22
[  459.028890][ T9840] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1357'.
[  459.103431][ T5170] usb 2-1: USB disconnect, device number 38
[  459.724046][ T9697] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  459.760954][ T9697] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  459.818921][ T9697] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  459.867945][ T9697] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  460.101858][ T9864] xt_CT: You must specify a L4 protocol and not use inversions on it
[  460.330286][ T9697] 8021q: adding VLAN 0 to HW filter on device bond0
[  460.399752][ T9697] 8021q: adding VLAN 0 to HW filter on device team0
[  460.474544][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.481916][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.521045][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.528361][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  460.566125][ T9871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1364'.
[  461.321984][ T9897] mkiss: ax0: crc mode is auto.
[  461.386587][ T9697] 8021q: adding VLAN 0 to HW filter on device batadv0
[  461.417126][ T5143] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  461.637346][ T5143] usb 5-1: Using ep0 maxpacket: 16
[  461.660326][ T5143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  461.682076][ T9697] veth0_vlan: entered promiscuous mode
[  461.691763][ T5143] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  461.745665][ T5143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.753859][ T9697] veth1_vlan: entered promiscuous mode
[  461.824407][ T5143] usb 5-1: config 0 descriptor??
[  461.982738][ T9697] veth0_macvtap: entered promiscuous mode
[  462.041233][ T9697] veth1_macvtap: entered promiscuous mode
[  462.156185][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  462.178776][ T9913] xt_CT: You must specify a L4 protocol and not use inversions on it
[  462.179495][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.205322][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  462.223175][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.236506][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_0
[  462.307327][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.326870][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.366075][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.377354][ T9892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.410545][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.437625][ T9892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.450019][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.491800][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.502005][ T5143] hid (null): report_id 653656870 is invalid
[  462.513992][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_1
[  462.539986][ T5143] hid (null): unknown global tag 0x8d
[  462.562598][ T5143] hid (null): unknown global tag 0xd
[  462.625709][ T5143] hid-generic 0003:0158:0100.001D: unknown main item tag 0x1
[  462.664086][ T9697] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  462.672978][ T5143] hid-generic 0003:0158:0100.001D: unexpected long global item
[  462.689453][ T9697] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  462.734531][ T9697] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  462.742754][ T5143] hid-generic 0003:0158:0100.001D: probe with driver hid-generic failed with error -22
[  462.783423][ T9697] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  462.846197][ T5142] usb 5-1: USB disconnect, device number 44
[  462.944068][ T5103] Bluetooth: hci3: unexpected event for opcode 0x0c25
[  463.261653][ T6456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  463.315890][ T6456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  463.547598][ T2823] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  463.592991][ T2823] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.838814][ T9982] overlayfs: overlapping lowerdir path
[  467.028409][   T46] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  467.723388][   T46] usb 3-1: Using ep0 maxpacket: 16
[  467.742155][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  467.760658][   T46] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  467.775476][ T9978] xt_CT: You must specify a L4 protocol and not use inversions on it
[  467.800149][ T9988] FAULT_INJECTION: forcing a failure.
[  467.800149][ T9988] name failslab, interval 1, probability 0, space 0, times 0
[  467.807102][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.812990][ T9988] CPU: 0 PID: 9988 Comm: syz.4.1391 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  467.830939][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  467.841004][ T9988] Call Trace:
[  467.844323][ T9988]  <TASK>
[  467.847273][ T9988]  dump_stack_lvl+0x241/0x360
[  467.852037][ T9988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  467.857289][ T9988]  ? __pfx__printk+0x10/0x10
[  467.861935][ T9988]  should_fail_ex+0x3b0/0x4e0
[  467.866647][ T9988]  ? skb_clone+0x20c/0x390
[  467.871074][ T9988]  should_failslab+0x9/0x20
[  467.875583][ T9988]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  467.880980][ T9988]  skb_clone+0x20c/0x390
[  467.885253][ T9988]  ? dev_queue_xmit_nit+0x220/0xc10
[  467.890457][ T9988]  dev_queue_xmit_nit+0x419/0xc10
[  467.895491][ T9988]  ? dev_queue_xmit_nit+0x2b/0xc10
[  467.900636][ T9988]  ? validate_xmit_skb+0xa04/0x1120
[  467.905844][ T9988]  dev_hard_start_xmit+0x15f/0x7e0
[  467.910968][ T9988]  ? __pfx_validate_xmit_skb+0x10/0x10
[  467.916450][ T9988]  __dev_queue_xmit+0x1b0e/0x3d30
[  467.921494][ T9988]  ? __dev_queue_xmit+0x2d2/0x3d30
[  467.926616][ T9988]  ? __pfx___dev_queue_xmit+0x10/0x10
[  467.931999][ T9988]  ? __copy_skb_header+0x437/0x5b0
[  467.937144][ T9988]  ? __asan_memcpy+0x40/0x70
[  467.941747][ T9988]  ? __copy_skb_header+0x437/0x5b0
[  467.947069][ T9988]  ? __skb_clone+0x454/0x6c0
[  467.951672][ T9988]  ? skb_clone+0x240/0x390
[  467.956227][ T9988]  __netlink_deliver_tap+0x54d/0x7c0
[  467.961569][ T9988]  ? netlink_deliver_tap+0x2e/0x1b0
[  467.966800][ T9988]  netlink_deliver_tap+0x19d/0x1b0
[  467.971950][ T9988]  netlink_unicast+0x7b8/0x980
[  467.976740][ T9988]  ? __pfx_netlink_unicast+0x10/0x10
[  467.982057][ T9988]  ? __virt_addr_valid+0x183/0x520
[  467.987193][ T9988]  ? __check_object_size+0x49c/0x900
[  467.992507][ T9988]  ? bpf_lsm_netlink_send+0x9/0x10
[  467.997634][ T9988]  netlink_sendmsg+0x8db/0xcb0
[  468.002438][ T9988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  468.007738][ T9988]  ? __import_iovec+0x536/0x820
[  468.012609][ T9988]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  468.017916][ T9988]  ? security_socket_sendmsg+0x87/0xb0
[  468.023385][ T9988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  468.028703][ T9988]  __sock_sendmsg+0x221/0x270
[  468.033388][ T9988]  ____sys_sendmsg+0x525/0x7d0
[  468.038169][ T9988]  ? __pfx_____sys_sendmsg+0x10/0x10
[  468.043484][ T9988]  __sys_sendmsg+0x2b0/0x3a0
[  468.048105][ T9988]  ? __pfx___sys_sendmsg+0x10/0x10
[  468.053223][ T9988]  ? vfs_write+0x7c4/0xc90
[  468.057686][ T9988]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  468.064016][ T9988]  ? do_syscall_64+0x100/0x230
[  468.068809][ T9988]  ? do_syscall_64+0xb6/0x230
[  468.073495][ T9988]  do_syscall_64+0xf3/0x230
[  468.078011][ T9988]  ? clear_bhb_loop+0x35/0x90
[  468.082728][ T9988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.088636][ T9988] RIP: 0033:0x7f4b67775bd9
[  468.093055][ T9988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  468.112667][ T9988] RSP: 002b:00007f4b68479048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  468.121089][ T9988] RAX: ffffffffffffffda RBX: 00007f4b67903f60 RCX: 00007f4b67775bd9
[  468.129069][ T9988] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000003
[  468.137063][ T9988] RBP: 00007f4b684790a0 R08: 0000000000000000 R09: 0000000000000000
[  468.145043][ T9988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.153016][ T9988] R13: 000000000000000b R14: 00007f4b67903f60 R15: 00007ffe13e143c8
[  468.161010][ T9988]  </TASK>
[  468.227311][   T46] usb 3-1: config 0 descriptor??
[  468.255000][   T46] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  468.616964][ T5200] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  468.762805][ T5103] Bluetooth: hci3: unexpected event for opcode 0x0c25
[  468.806950][ T5200] usb 1-1: Using ep0 maxpacket: 16
[  468.818169][ T5200] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  468.829909][ T5200] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  468.864058][ T5200] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.965130][T10007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.983741][T10007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.984188][ T5200] usb 1-1: config 0 descriptor??
[  469.650150][ T9989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.667262][ T9989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.689971][ T5200] hid (null): report_id 653656870 is invalid
[  469.719916][ T5200] hid (null): unknown global tag 0x8d
[  469.753613][ T5200] hid (null): unknown global tag 0xd
[  469.790666][ T5200] hid-generic 0003:0158:0100.001E: unknown main item tag 0x1
[  469.822545][ T5200] hid-generic 0003:0158:0100.001E: unexpected long global item
[  469.858942][ T5200] hid-generic 0003:0158:0100.001E: probe with driver hid-generic failed with error -22
[  469.922684][ T5200] usb 1-1: USB disconnect, device number 31
[  470.016322][ T5087] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  470.056980][ T5087] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  470.073561][ T5087] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  470.085297][ T5087] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  470.102230][ T5087] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  470.111152][ T5087] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  470.112061][ T6456] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.308418][ T5141] usb 3-1: USB disconnect, device number 34
[  470.414301][ T6456] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.815359][T10033] overlayfs: overlapping lowerdir path
[  471.545442][ T6456] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.602899][T10049] FAULT_INJECTION: forcing a failure.
[  471.602899][T10049] name failslab, interval 1, probability 0, space 0, times 0
[  471.616007][T10049] CPU: 0 PID: 10049 Comm: syz.4.1405 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  471.626202][T10049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  471.636297][T10049] Call Trace:
[  471.639610][T10049]  <TASK>
[  471.642567][T10049]  dump_stack_lvl+0x241/0x360
[  471.647294][T10049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.652524][T10049]  ? __pfx__printk+0x10/0x10
[  471.657595][T10049]  should_fail_ex+0x3b0/0x4e0
[  471.662293][T10049]  ? skb_clone+0x20c/0x390
[  471.666722][T10049]  should_failslab+0x9/0x20
[  471.671241][T10049]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  471.676630][T10049]  skb_clone+0x20c/0x390
[  471.680900][T10049]  ? dev_queue_xmit_nit+0x220/0xc10
[  471.686113][T10049]  dev_queue_xmit_nit+0x419/0xc10
[  471.691156][T10049]  ? dev_queue_xmit_nit+0x2b/0xc10
[  471.696280][T10049]  ? validate_xmit_skb+0xa04/0x1120
[  471.701500][T10049]  dev_hard_start_xmit+0x15f/0x7e0
[  471.706637][T10049]  ? __pfx_validate_xmit_skb+0x10/0x10
[  471.712122][T10049]  __dev_queue_xmit+0x1b0e/0x3d30
[  471.717274][T10049]  ? __dev_queue_xmit+0x2d2/0x3d30
[  471.722408][T10049]  ? __pfx___dev_queue_xmit+0x10/0x10
[  471.727800][T10049]  ? __copy_skb_header+0x437/0x5b0
[  471.732928][T10049]  ? __asan_memcpy+0x40/0x70
[  471.737535][T10049]  ? __copy_skb_header+0x437/0x5b0
[  471.742749][T10049]  ? __skb_clone+0x454/0x6c0
[  471.747360][T10049]  ? skb_clone+0x240/0x390
[  471.751793][T10049]  __netlink_deliver_tap+0x54d/0x7c0
[  471.757106][T10049]  ? netlink_deliver_tap+0x2e/0x1b0
[  471.762317][T10049]  netlink_deliver_tap+0x19d/0x1b0
[  471.767456][T10049]  netlink_unicast+0x7b8/0x980
[  471.772332][T10049]  ? __pfx_netlink_unicast+0x10/0x10
[  471.777635][T10049]  ? __virt_addr_valid+0x183/0x520
[  471.782767][T10049]  ? __check_object_size+0x49c/0x900
[  471.788067][T10049]  ? bpf_lsm_netlink_send+0x9/0x10
[  471.793196][T10049]  netlink_sendmsg+0x8db/0xcb0
[  471.797989][T10049]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.803293][T10049]  ? __import_iovec+0x536/0x820
[  471.808157][T10049]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  471.813451][T10049]  ? security_socket_sendmsg+0x87/0xb0
[  471.818929][T10049]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.824316][T10049]  __sock_sendmsg+0x221/0x270
[  471.829007][T10049]  ____sys_sendmsg+0x525/0x7d0
[  471.833801][T10049]  ? __pfx_____sys_sendmsg+0x10/0x10
[  471.839129][T10049]  __sys_sendmsg+0x2b0/0x3a0
[  471.843747][T10049]  ? __pfx___sys_sendmsg+0x10/0x10
[  471.848878][T10049]  ? vfs_write+0x7c4/0xc90
[  471.853349][T10049]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  471.859688][T10049]  ? do_syscall_64+0x100/0x230
[  471.864475][T10049]  ? do_syscall_64+0xb6/0x230
[  471.869178][T10049]  do_syscall_64+0xf3/0x230
[  471.873711][T10049]  ? clear_bhb_loop+0x35/0x90
[  471.878503][T10049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.884416][T10049] RIP: 0033:0x7f4b67775bd9
[  471.888845][T10049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.908576][T10049] RSP: 002b:00007f4b68479048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.917007][T10049] RAX: ffffffffffffffda RBX: 00007f4b67903f60 RCX: 00007f4b67775bd9
[  471.924987][T10049] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[  471.932977][T10049] RBP: 00007f4b684790a0 R08: 0000000000000000 R09: 0000000000000000
[  471.940958][T10049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.948946][T10049] R13: 000000000000000b R14: 00007f4b67903f60 R15: 00007ffe13e143c8
[  471.956944][T10049]  </TASK>
[  472.053841][ T6456] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.066518][T10039] xt_CT: You must specify a L4 protocol and not use inversions on it
[  472.165747][T10053] sctp: [Deprecated]: syz.1.1406 (pid 10053) Use of struct sctp_assoc_value in delayed_ack socket option.
[  472.165747][T10053] Use struct sctp_sack_info instead
[  472.182582][ T5087] Bluetooth: hci3: command tx timeout
[  472.787428][T10021] chnl_net:caif_netlink_parms(): no params data found
[  472.885118][ T6456] bridge_slave_1: left allmulticast mode
[  472.905613][ T6456] bridge_slave_1: left promiscuous mode
[  472.929788][ T6456] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.988555][ T6456] bridge_slave_0: left allmulticast mode
[  473.012905][ T6456] bridge_slave_0: left promiscuous mode
[  473.042194][ T6456] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.199436][T10081] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1411'.
[  473.707498][T10088] fuse: Unknown parameter '00000000000000000003W�j��:9�'
[  474.030420][T10098] FAULT_INJECTION: forcing a failure.
[  474.030420][T10098] name failslab, interval 1, probability 0, space 0, times 0
[  474.069408][T10098] CPU: 1 PID: 10098 Comm: syz.1.1414 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  474.079916][T10098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  474.090021][T10098] Call Trace:
[  474.093339][T10098]  <TASK>
[  474.096306][T10098]  dump_stack_lvl+0x241/0x360
[  474.101137][T10098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.106388][T10098]  ? __pfx__printk+0x10/0x10
[  474.111042][T10098]  should_fail_ex+0x3b0/0x4e0
[  474.115771][T10098]  ? nf_tables_newtable+0x52e/0x1dc0
[  474.121095][T10098]  should_failslab+0x9/0x20
[  474.125647][T10098]  kmalloc_trace_noprof+0x6c/0x2c0
[  474.130812][T10098]  ? nft_pernet+0x23/0x240
[  474.135275][T10098]  nf_tables_newtable+0x52e/0x1dc0
[  474.140430][T10098]  ? nfnl_pernet+0x23/0x240
[  474.144985][T10098]  ? __pfx_nf_tables_newtable+0x10/0x10
[  474.150578][T10098]  ? __nla_parse+0x40/0x60
[  474.155036][T10098]  nfnetlink_rcv+0x1427/0x2a80
[  474.159843][T10098]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  474.166248][T10098]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  474.171423][T10098]  ? __dev_queue_xmit+0x2d2/0x3d30
[  474.176634][T10098]  ? netlink_deliver_tap+0x2e/0x1b0
[  474.181885][T10098]  ? skb_clone+0x240/0x390
[  474.186346][T10098]  ? __pfx_lock_release+0x10/0x10
[  474.191430][T10098]  ? netlink_deliver_tap+0x2e/0x1b0
[  474.196683][T10098]  netlink_unicast+0x7ea/0x980
[  474.201515][T10098]  ? __pfx_netlink_unicast+0x10/0x10
[  474.206849][T10098]  ? __virt_addr_valid+0x183/0x520
[  474.212021][T10098]  ? __check_object_size+0x49c/0x900
[  474.217405][T10098]  ? bpf_lsm_netlink_send+0x9/0x10
[  474.222625][T10098]  netlink_sendmsg+0x8db/0xcb0
[  474.227506][T10098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.232931][T10098]  ? __mutex_trylock_common+0x183/0x2e0
[  474.238544][T10098]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  474.243874][T10098]  ? security_socket_sendmsg+0x87/0xb0
[  474.249389][T10098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.254728][T10098]  __sock_sendmsg+0x221/0x270
[  474.259450][T10098]  sock_sendmsg+0x134/0x200
[  474.263999][T10098]  ? __pfx_sock_sendmsg+0x10/0x10
[  474.269102][T10098]  ? iov_iter_bvec+0x4e/0x180
[  474.273822][T10098]  splice_to_socket+0xa13/0x10b0
[  474.278846][T10098]  ? __pfx_splice_to_socket+0x10/0x10
[  474.284296][T10098]  ? __lock_acquire+0x1346/0x1fd0
[  474.289482][T10098]  ? bpf_lsm_file_permission+0x9/0x10
[  474.294928][T10098]  ? security_file_permission+0x7f/0xa0
[  474.300538][T10098]  ? rw_verify_area+0x1d2/0x6b0
[  474.305459][T10098]  ? __pfx_splice_to_socket+0x10/0x10
[  474.310886][T10098]  do_splice+0xd77/0x1900
[  474.315289][T10098]  ? __pfx_lock_release+0x10/0x10
[  474.320360][T10098]  ? vfs_write+0x7c4/0xc90
[  474.324840][T10098]  ? __mutex_unlock_slowpath+0x21d/0x750
[  474.330682][T10098]  ? pipe_clear_nowait+0x196/0x220
[  474.335860][T10098]  ? __pfx_do_splice+0x10/0x10
[  474.340737][T10098]  __se_sys_splice+0x331/0x4a0
[  474.345568][T10098]  ? __pfx___se_sys_splice+0x10/0x10
[  474.350999][T10098]  ? do_syscall_64+0x100/0x230
[  474.355822][T10098]  ? __x64_sys_splice+0x21/0xf0
[  474.360731][T10098]  do_syscall_64+0xf3/0x230
[  474.365288][T10098]  ? clear_bhb_loop+0x35/0x90
[  474.370016][T10098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.375960][T10098] RIP: 0033:0x7f3a9f175bd9
[  474.380414][T10098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.400076][T10098] RSP: 002b:00007f3a9ff88048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  474.408551][T10098] RAX: ffffffffffffffda RBX: 00007f3a9f304038 RCX: 00007f3a9f175bd9
[  474.416568][T10098] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  474.424583][T10098] RBP: 00007f3a9ff880a0 R08: 0000000000007fff R09: 0000000000000000
[  474.432610][T10098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.440713][T10098] R13: 000000000000006e R14: 00007f3a9f304038 R15: 00007ffeb6ee2438
[  474.448768][T10098]  </TASK>
[  474.473046][ T5087] Bluetooth: hci3: command tx timeout
[  474.937502][ T6456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  474.969489][ T6456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  475.013370][ T6456] bond0 (unregistering): Released all slaves
[  475.575753][T10121] xt_CT: You must specify a L4 protocol and not use inversions on it
[  476.083035][T10021] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.112636][T10021] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.145845][T10021] bridge_slave_0: entered allmulticast mode
[  476.187944][T10021] bridge_slave_0: entered promiscuous mode
[  476.202993][ T5142] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  476.240307][T10021] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.264832][T10021] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.291900][T10021] bridge_slave_1: entered allmulticast mode
[  476.323172][T10021] bridge_slave_1: entered promiscuous mode
[  476.437432][ T5142] usb 3-1: Using ep0 maxpacket: 8
[  476.462319][ T5142] usb 3-1: config 255 has an invalid interface number: 71 but max is 1
[  476.486194][ T5142] usb 3-1: config 255 has an invalid interface number: 2 but max is 1
[  476.497324][ T5087] Bluetooth: hci3: command tx timeout
[  476.510368][ T5142] usb 3-1: config 255 has an invalid interface number: 3 but max is 1
[  476.519343][ T5142] usb 3-1: config 255 contains an unexpected descriptor of type 0x2, skipping
[  476.540679][ T5142] usb 3-1: config 255 has an invalid descriptor of length 7, skipping remainder of the config
[  476.570673][ T5142] usb 3-1: config 255 has 3 interfaces, different from the descriptor's value: 2
[  476.598950][ T5142] usb 3-1: config 255 has no interface number 0
[  476.617652][ T5142] usb 3-1: config 255 has no interface number 1
[  476.632359][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  476.647121][ T5142] usb 3-1: config 255 interface 71 altsetting 13 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  476.713001][ T5142] usb 3-1: config 255 interface 71 altsetting 13 endpoint 0xA has invalid maxpacket 512, setting to 64
[  476.758995][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  476.802400][ T5142] usb 3-1: config 255 interface 71 altsetting 13 endpoint 0x6 has invalid maxpacket 911, setting to 64
[  476.831961][ T6456] hsr_slave_0: left promiscuous mode
[  476.842929][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xC, skipping
[  476.870514][ T6456] hsr_slave_1: left promiscuous mode
[  476.880308][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  476.904307][T10151] Non-string source
[  476.936194][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  476.968525][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x2, skipping
[  477.002971][ T5142] usb 3-1: config 255 interface 71 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[  477.028697][ T5142] usb 3-1: config 255 interface 2 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  477.052539][ T6456] veth1_macvtap: left promiscuous mode
[  477.067162][ T6456] veth0_macvtap: left promiscuous mode
[  477.078278][ T5142] usb 3-1: too many endpoints for config 255 interface 3 altsetting 5: 228, using maximum allowed: 30
[  477.079443][ T6456] veth1_vlan: left promiscuous mode
[  477.112304][ T5142] usb 3-1: config 255 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  477.114067][ T6456] veth0_vlan: left promiscuous mode
[  477.146309][ T5142] usb 3-1: config 255 interface 71 has no altsetting 0
[  477.170269][ T5142] usb 3-1: config 255 interface 2 has no altsetting 0
[  477.181781][ T5142] usb 3-1: config 255 interface 3 has no altsetting 0
[  477.192063][ T5142] usb 3-1: New USB device found, idVendor=1901, idProduct=0198, bcdDevice=92.6c
[  477.205002][ T5142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.216238][ T5142] usb 3-1: Product: ࠉ
[  477.224013][ T5142] usb 3-1: Manufacturer: 㸲觏詃춀톕톍몈뛃먬㷖鄽☺閈ɟ绡ꢗ‸❔攨옧氥禤죹嗅弃⩙杶뿤⮡퉚뻶ꥧ럴礨ઌ坯풴뙪⺲ヽ풦꙲촰䖬煉떵㼾팭
[  477.275534][ T5142] usb 3-1: SerialNumber: Е
[  477.723690][ T5142] cp210x 3-1:255.71: cp210x converter detected
[  477.750309][ T5142] cp210x 3-1:255.71: failed to get vendor val 0x370b size 1: -71
[  477.767014][ T5142] cp210x 3-1:255.71: querying part number failed
[  477.781103][ T5142] usb 3-1: cp210x converter now attached to ttyUSB0
[  477.817632][ T5142] cp210x 3-1:255.2: cp210x converter detected
[  477.830982][ T5142] cp210x 3-1:255.2: failed to get vendor val 0x370b size 1: -71
[  477.847968][ T5142] cp210x 3-1:255.2: querying part number failed
[  477.858996][ T5142] usb 3-1: cp210x converter now attached to ttyUSB1
[  477.869764][ T5142] cp210x 3-1:255.3: cp210x converter detected
[  477.876517][ T5142] cp210x 3-1:255.3: failed to get vendor val 0x370b size 1: -71
[  477.884822][ T5142] cp210x 3-1:255.3: querying part number failed
[  477.899035][ T5142] usb 3-1: cp210x converter now attached to ttyUSB2
[  477.925288][ T5142] usb 3-1: USB disconnect, device number 35
[  478.010569][ T5142] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  478.022262][ T5142] cp210x 3-1:255.71: device disconnected
[  478.053422][ T5142] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  478.074805][ T5142] cp210x 3-1:255.2: device disconnected
[  478.095308][ T5142] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  478.104584][ T5142] cp210x 3-1:255.3: device disconnected
[  478.410800][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  478.577449][ T5087] Bluetooth: hci3: command tx timeout
[  478.615237][ T6456] team0 (unregistering): Port device team_slave_1 removed
[  478.733716][ T6456] team0 (unregistering): Port device team_slave_0 removed
[  479.020700][T10190] xt_CT: You must specify a L4 protocol and not use inversions on it
[  479.752042][T10021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  479.894917][T10198] netlink: 'syz.0.1436': attribute type 2 has an invalid length.
[  479.910622][T10198] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  479.947692][T10021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.166013][T10021] team0: Port device team_slave_0 added
[  480.203149][T10151] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  480.223927][T10021] team0: Port device team_slave_1 added
[  480.224740][T10203] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1437'.
[  480.250843][T10151] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  480.568991][T10021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.577834][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.605848][T10021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  480.838505][T10151] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  480.864328][T10151] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  480.877253][T10021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  480.907454][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.984124][T10021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.190878][T10151] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  481.220165][T10151] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  481.339726][T10021] hsr_slave_0: entered promiscuous mode
[  481.368702][T10021] hsr_slave_1: entered promiscuous mode
[  481.388277][T10021] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  481.395908][T10021] Cannot create hsr debugfs directory
[  481.607368][T10151] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  481.642289][T10151] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  483.428299][T10021] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  483.447854][T10021] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  483.487332][T10021] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  483.494646][T10251] xt_CT: You must specify a L4 protocol and not use inversions on it
[  483.527283][T10021] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  483.835043][T10021] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.914549][T10021] 8021q: adding VLAN 0 to HW filter on device team0
[  483.958148][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.965376][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.981001][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.988264][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  484.207210][ T5142] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  484.321667][T10278] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1449'.
[  484.399440][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  484.420448][ T5142] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  484.434430][ T5142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.452038][ T5142] usb 3-1: Product: syz
[  484.464402][ T5142] usb 3-1: Manufacturer: syz
[  484.471773][ T5142] usb 3-1: SerialNumber: syz
[  484.558983][ T5142] usb 3-1: config 0 descriptor??
[  484.666473][T10021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  484.776016][T10021] veth0_vlan: entered promiscuous mode
[  484.782816][T10262] Bluetooth: MGMT ver 1.22
[  484.823903][T10021] veth1_vlan: entered promiscuous mode
[  484.922690][T10021] veth0_macvtap: entered promiscuous mode
[  484.990133][T10021] veth1_macvtap: entered promiscuous mode
[  485.052256][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.063729][ T5142] cx82310_eth 3-1:0.0: probe with driver cx82310_eth failed with error -22
[  485.083691][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.094803][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.108891][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.119822][ T5142] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[  485.134821][ T5142] usb 3-1: USB disconnect, device number 36
[  485.146871][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.176872][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.199575][T10021] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.224004][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.238095][ T5141] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  485.251288][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.261835][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.275524][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.286145][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.297735][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.308536][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.320153][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.334721][T10021] batman_adv: batadv0: Interface activated: batadv_slave_1
[  485.359451][T10021] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  485.373502][T10021] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  485.384197][T10021] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  485.398629][T10021] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  485.407706][ T5141] usb 1-1: device descriptor read/64, error -71
[  485.688638][ T5141] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  485.877265][ T5141] usb 1-1: device descriptor read/64, error -71
[  485.998494][ T5141] usb usb1-port1: attempt power cycle
[  486.158481][T10330] xt_CT: You must specify a L4 protocol and not use inversions on it
[  486.437257][ T5141] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  486.489175][ T5141] usb 1-1: device descriptor read/8, error -71
[  486.757171][ T5141] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  486.809262][ T5141] usb 1-1: device descriptor read/8, error -71
[  486.927209][ T5141] usb usb1-port1: unable to enumerate USB device
[  487.912356][T10391] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  502.339407][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  502.345748][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  563.781753][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  563.788417][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  625.220908][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  625.222635][   T30] INFO: task kworker/1:7:5227 blocked for more than 143 seconds.
[  625.227971][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  625.245018][   T30]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  625.254837][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  625.269927][   T30] task:kworker/1:7     state:D stack:21160 pid:5227  tgid:5227  ppid:2      flags:0x00004000
[  625.280550][   T30] Workqueue: events rfkill_global_led_trigger_worker
[  625.294198][   T30] Call Trace:
[  625.297994][   T30]  <TASK>
[  625.300998][   T30]  __schedule+0x1796/0x49d0
[  625.305575][   T30]  ? __pfx___schedule+0x10/0x10
[  625.344623][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  625.351365][   T30]  ? __pfx_lock_release+0x10/0x10
[  625.356430][   T30]  ? kick_pool+0x1bd/0x620
[  625.361147][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  625.366411][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  625.371961][   T30]  ? schedule+0x90/0x320
[  625.376306][   T30]  schedule+0x14b/0x320
[  625.380787][   T30]  schedule_preempt_disabled+0x13/0x30
[  625.386296][   T30]  __mutex_lock+0x6a4/0xd70
[  625.391182][   T30]  ? __mutex_lock+0x527/0xd70
[  625.396187][   T30]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  625.402606][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  625.407830][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  625.413958][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  625.420434][   T30]  ? process_scheduled_works+0x945/0x1830
[  625.426223][   T30]  rfkill_global_led_trigger_worker+0x27/0xd0
[  625.432493][   T30]  ? process_scheduled_works+0x945/0x1830
[  625.438466][   T30]  process_scheduled_works+0xa2c/0x1830
[  625.444075][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  625.450213][   T30]  ? assign_work+0x364/0x3d0
[  625.455019][   T30]  worker_thread+0x86d/0xd50
[  625.460126][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  625.466244][   T30]  ? __kthread_parkme+0x169/0x1d0
[  625.472552][   T30]  ? __pfx_worker_thread+0x10/0x10
[  625.480143][   T30]  kthread+0x2f0/0x390
[  625.484282][   T30]  ? __pfx_worker_thread+0x10/0x10
[  625.489619][   T30]  ? __pfx_kthread+0x10/0x10
[  625.494254][   T30]  ret_from_fork+0x4b/0x80
[  625.501746][   T30]  ? __pfx_kthread+0x10/0x10
[  625.506514][   T30]  ret_from_fork_asm+0x1a/0x30
[  625.511467][   T30]  </TASK>
[  625.514569][   T30] INFO: task syz.1.1427:10137 blocked for more than 143 seconds.
[  625.522813][   T30]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  625.530523][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  625.539301][   T30] task:syz.1.1427      state:D stack:24672 pid:10137 tgid:10137 ppid:6346   flags:0x00004006
[  625.549540][   T30] Call Trace:
[  625.552836][   T30]  <TASK>
[  625.555821][   T30]  __schedule+0x1796/0x49d0
[  625.560480][   T30]  ? __pfx___schedule+0x10/0x10
[  625.565373][   T30]  ? __pfx_lock_release+0x10/0x10
[  625.570510][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  625.576061][   T30]  ? schedule+0x90/0x320
[  625.580388][   T30]  schedule+0x14b/0x320
[  625.584575][   T30]  schedule_preempt_disabled+0x13/0x30
[  625.590442][   T30]  __mutex_lock+0x6a4/0xd70
[  625.594993][   T30]  ? kobject_put+0x443/0x480
[  625.599894][   T30]  ? __mutex_lock+0x527/0xd70
[  625.604626][   T30]  ? rfkill_unregister+0xd0/0x230
[  625.609906][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  625.615061][   T30]  ? __pfx_device_del+0x10/0x10
[  625.620614][   T30]  ? __pfx_nfc_genl_device_removed+0x10/0x10
[  625.626659][   T30]  rfkill_unregister+0xd0/0x230
[  625.631656][   T30]  nfc_unregister_device+0x96/0x2a0
[  625.637215][   T30]  virtual_ncidev_close+0x59/0x90
[  625.642277][   T30]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  625.648117][   T30]  __fput+0x24a/0x8a0
[  625.652172][   T30]  task_work_run+0x24f/0x310
[  625.656879][   T30]  ? __pfx_task_work_run+0x10/0x10
[  625.662038][   T30]  ? syscall_exit_to_user_mode+0xa3/0x360
[  625.667859][   T30]  syscall_exit_to_user_mode+0x168/0x360
[  625.673537][   T30]  do_syscall_64+0x100/0x230
[  625.678220][   T30]  ? clear_bhb_loop+0x35/0x90
[  625.682938][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.688926][   T30] RIP: 0033:0x7f3a9f175bd9
[  625.693374][   T30] RSP: 002b:00007ffeb6ee2518 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  625.702144][   T30] RAX: 0000000000000000 RBX: 00007f3a9f305a60 RCX: 00007f3a9f175bd9
[  625.710358][   T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  625.718481][   T30] RBP: 00007f3a9f305a60 R08: 0000000000000006 R09: 00000014b6ee284f
[  625.726575][   T30] R10: 00000000005eaa38 R11: 0000000000000246 R12: 00000000000747b1
[  625.734644][   T30] R13: 0000000000000032 R14: 00007f3a9f305a60 R15: 00007f3a9f304110
[  625.742798][   T30]  </TASK>
[  625.745876][   T30] INFO: task syz.4.1428:10151 blocked for more than 143 seconds.
[  625.754387][   T30]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  625.762582][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  625.771353][   T30] task:syz.4.1428      state:D stack:23736 pid:10151 tgid:10150 ppid:5083   flags:0x00004006
[  625.781718][   T30] Call Trace:
[  625.785014][   T30]  <TASK>
[  625.788039][   T30]  __schedule+0x1796/0x49d0
[  625.792614][   T30]  ? __pfx___schedule+0x10/0x10
[  625.797702][   T30]  ? __pfx_lock_release+0x10/0x10
[  625.802765][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  625.808342][   T30]  ? schedule+0x90/0x320
[  625.812627][   T30]  schedule+0x14b/0x320
[  625.817606][   T30]  schedule_preempt_disabled+0x13/0x30
[  625.823110][   T30]  __mutex_lock+0x6a4/0xd70
[  625.827709][   T30]  ? __mutex_lock+0x527/0xd70
[  625.832423][   T30]  ? nfc_rfkill_set_block+0x50/0x310
[  625.837803][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  625.842858][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  625.848186][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  625.854118][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  625.860955][   T30]  nfc_rfkill_set_block+0x50/0x310
[  625.866129][   T30]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  625.872189][   T30]  rfkill_set_block+0x1f1/0x440
[  625.877223][   T30]  rfkill_fop_write+0x5bb/0x790
[  625.882137][   T30]  ? __pfx_rfkill_fop_write+0x10/0x10
[  625.887633][   T30]  ? bpf_lsm_file_permission+0x9/0x10
[  625.893040][   T30]  ? rw_verify_area+0x1d2/0x6b0
[  625.898008][   T30]  ? __pfx_rfkill_fop_write+0x10/0x10
[  625.903417][   T30]  vfs_write+0x2a2/0xc90
[  625.907797][   T30]  ? __pfx_vfs_write+0x10/0x10
[  625.912600][   T30]  ? do_futex+0x33b/0x560
[  625.917061][   T30]  ? __fget_files+0x29/0x470
[  625.921679][   T30]  ? __fget_files+0x3f6/0x470
[  625.926393][   T30]  ? __fget_files+0x29/0x470
[  625.931081][   T30]  ksys_write+0x1a0/0x2c0
[  625.935458][   T30]  ? __pfx_ksys_write+0x10/0x10
[  625.940707][   T30]  ? do_syscall_64+0x100/0x230
[  625.945519][   T30]  ? do_syscall_64+0xb6/0x230
[  625.950302][   T30]  do_syscall_64+0xf3/0x230
[  625.954852][   T30]  ? clear_bhb_loop+0x35/0x90
[  625.959626][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.965532][   T30] RIP: 0033:0x7f4b67775bd9
[  625.970079][   T30] RSP: 002b:00007f4b68479048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  625.978636][   T30] RAX: ffffffffffffffda RBX: 00007f4b67903f60 RCX: 00007f4b67775bd9
[  625.986637][   T30] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003
[  625.994764][   T30] RBP: 00007f4b677e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  626.003226][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  626.011283][   T30] R13: 000000000000000b R14: 00007f4b67903f60 R15: 00007ffe13e143c8
[  626.019373][   T30]  </TASK>
[  626.022427][   T30] 
[  626.022427][   T30] Showing all locks held in the system:
[  626.030732][   T30] 1 lock held by rcu_preempt/17:
[  626.035710][   T30]  #0: ffff8880b943e758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  626.045806][   T30] 1 lock held by khungtaskd/30:
[  626.050739][   T30]  #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  626.060781][   T30] 2 locks held by getty/4843:
[  626.065483][   T30]  #0: ffff88802ab370a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  626.075377][   T30]  #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  626.085650][   T30] 3 locks held by kworker/1:7/5227:
[  626.090958][   T30]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  626.102057][   T30]  #1: ffffc900046dfd00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  626.115684][   T30]  #2: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  626.127150][   T30] 2 locks held by syz-executor/10021:
[  626.132530][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.141152][   T30]  #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_open+0x131/0x850
[  626.151502][   T30] 2 locks held by syz.1.1427/10137:
[  626.156777][   T30]  #0: ffff888069fca100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0
[  626.166607][   T30]  #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230
[  626.176962][   T30] 2 locks held by syz.4.1428/10151:
[  626.182370][   T30]  #0: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a9/0x790
[  626.192747][   T30]  #1: ffff888069fca100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x310
[  626.202560][   T30] 1 lock held by syz.2.1453/10326:
[  626.207829][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.216372][   T30] 1 lock held by syz.2.1453/10328:
[  626.221576][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.230272][   T30] 1 lock held by syz-executor/10370:
[  626.235576][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.244159][   T30] 1 lock held by syz-executor/10372:
[  626.249545][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.258169][   T30] 1 lock held by syz.0.1456/10388:
[  626.263316][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.271928][   T30] 1 lock held by syz-executor/10457:
[  626.277381][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.285947][   T30] 1 lock held by syz-executor/10459:
[  626.291371][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.299953][   T30] 1 lock held by syz-executor/10465:
[  626.305239][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.313926][   T30] 1 lock held by syz-executor/10467:
[  626.319300][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.327929][   T30] 1 lock held by syz-executor/10469:
[  626.333240][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.341957][   T30] 1 lock held by syz-executor/10471:
[  626.347371][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.355882][   T30] 1 lock held by syz-executor/10473:
[  626.361230][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.369975][   T30] 1 lock held by syz-executor/10475:
[  626.375264][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.383836][   T30] 1 lock held by syz-executor/10477:
[  626.389213][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.397817][   T30] 1 lock held by syz-executor/10479:
[  626.403137][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.411784][   T30] 1 lock held by syz-executor/10481:
[  626.417209][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.425778][   T30] 1 lock held by syz-executor/10483:
[  626.431225][   T30]  #0: ffffffff8eb1d168 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390
[  626.439849][   T30] 
[  626.442221][   T30] =============================================
[  626.442221][   T30] 
[  626.450846][   T30] NMI backtrace for cpu 1
[  626.455201][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  626.465275][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  626.475341][   T30] Call Trace:
[  626.478630][   T30]  <TASK>
[  626.481652][   T30]  dump_stack_lvl+0x241/0x360
[  626.486558][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.491789][   T30]  ? __pfx__printk+0x10/0x10
[  626.496400][   T30]  ? vprintk_emit+0x631/0x770
[  626.501116][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  626.506242][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  626.511222][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  626.516974][   T30]  ? _printk+0xd5/0x120
[  626.521230][   T30]  ? __pfx__printk+0x10/0x10
[  626.525844][   T30]  ? __wake_up_klogd+0xcc/0x110
[  626.530702][   T30]  ? __pfx__printk+0x10/0x10
[  626.535318][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  626.540351][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  626.546336][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  626.552345][   T30]  watchdog+0xfde/0x1020
[  626.556595][   T30]  ? watchdog+0x1ea/0x1020
[  626.561031][   T30]  ? __pfx_watchdog+0x10/0x10
[  626.565766][   T30]  kthread+0x2f0/0x390
[  626.569848][   T30]  ? __pfx_watchdog+0x10/0x10
[  626.574537][   T30]  ? __pfx_kthread+0x10/0x10
[  626.579141][   T30]  ret_from_fork+0x4b/0x80
[  626.583657][   T30]  ? __pfx_kthread+0x10/0x10
[  626.588258][   T30]  ret_from_fork_asm+0x1a/0x30
[  626.593059][   T30]  </TASK>
[  626.596909][   T30] Sending NMI from CPU 1 to CPUs 0:
[  626.602230][    C0] NMI backtrace for cpu 0
[  626.602243][    C0] CPU: 0 PID: 45 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  626.602263][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  626.602276][    C0] Workqueue: events_unbound toggle_allocation_gate
[  626.602299][    C0] RIP: 0010:__mutex_lock+0x9bc/0xd70
[  626.602323][    C0] Code: 8b 7c 24 40 e8 05 29 01 00 bf 01 00 00 00 e8 7b b6 de f5 65 8b 05 3c ee 7c 74 45 31 ff 85 c0 0f 84 3a 02 00 00 48 8b 44 24 28 <48> c7 84 24 80 00 00 00 0e 36 e0 45 41 c7 04 04 00 00 00 00 41 c7
[  626.602340][    C0] RSP: 0018:ffffc90000b57940 EFLAGS: 00000286
[  626.602354][    C0] RAX: 1ffff9200016af38 RBX: 0000000000000000 RCX: 0000000000000001
[  626.602367][    C0] RDX: 0000000000000000 RSI: ffffffff8c1f15a0 RDI: 0000000000000001
[  626.602379][    C0] RBP: ffffc90000b57a98 R08: ffffffff8fac1d2f R09: 1ffffffff1f583a5
[  626.602393][    C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: dffffc0000000000
[  626.602406][    C0] R13: ffffffff8e3e1820 R14: 0000000000000000 R15: 0000000000000000
[  626.602419][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  626.602435][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  626.602448][    C0] CR2: 00007ffd1520ffb8 CR3: 000000000e132000 CR4: 00000000003506f0
[  626.602465][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  626.602475][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  626.602487][    C0] Call Trace:
[  626.602493][    C0]  <NMI>
[  626.602501][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  626.602520][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  626.602541][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  626.602559][    C0]  ? nmi_handle+0x2a/0x5a0
[  626.602595][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  626.602615][    C0]  ? nmi_handle+0x14f/0x5a0
[  626.602639][    C0]  ? nmi_handle+0x2a/0x5a0
[  626.602666][    C0]  ? __mutex_lock+0x9bc/0xd70
[  626.602684][    C0]  ? default_do_nmi+0x63/0x160
[  626.602704][    C0]  ? exc_nmi+0x123/0x1f0
[  626.602722][    C0]  ? end_repeat_nmi+0xf/0x53
[  626.602754][    C0]  ? __mutex_lock+0x9bc/0xd70
[  626.602775][    C0]  ? __mutex_lock+0x9bc/0xd70
[  626.602795][    C0]  ? __mutex_lock+0x9bc/0xd70
[  626.602815][    C0]  </NMI>
[  626.602820][    C0]  <TASK>
[  626.602832][    C0]  ? static_key_disable_cpuslocked+0x9b/0x1c0
[  626.602860][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  626.602890][    C0]  static_key_disable_cpuslocked+0x9b/0x1c0
[  626.602919][    C0]  static_key_disable+0x1a/0x20
[  626.602945][    C0]  toggle_allocation_gate+0x1b8/0x250
[  626.602963][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  626.602981][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  626.603014][    C0]  ? process_scheduled_works+0x945/0x1830
[  626.603031][    C0]  process_scheduled_works+0xa2c/0x1830
[  626.603065][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  626.603088][    C0]  ? assign_work+0x364/0x3d0
[  626.603107][    C0]  worker_thread+0x86d/0xd50
[  626.603131][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  626.603160][    C0]  ? __kthread_parkme+0x169/0x1d0
[  626.603181][    C0]  ? __pfx_worker_thread+0x10/0x10
[  626.603199][    C0]  kthread+0x2f0/0x390
[  626.603219][    C0]  ? __pfx_worker_thread+0x10/0x10
[  626.603236][    C0]  ? __pfx_kthread+0x10/0x10
[  626.603257][    C0]  ret_from_fork+0x4b/0x80
[  626.603279][    C0]  ? __pfx_kthread+0x10/0x10
[  626.603300][    C0]  ret_from_fork_asm+0x1a/0x30
[  626.603333][    C0]  </TASK>
[  626.607518][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  626.607535][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  626.607562][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  626.607577][   T30] Call Trace:
[  626.607586][   T30]  <TASK>
[  626.607596][   T30]  dump_stack_lvl+0x241/0x360
[  626.607638][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.607674][   T30]  ? __pfx__printk+0x10/0x10
[  626.607714][   T30]  ? vscnprintf+0x5d/0x90
[  626.607742][   T30]  panic+0x349/0x860
[  626.607785][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  626.607813][   T30]  ? __pfx_panic+0x10/0x10
[  626.607842][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  626.607877][   T30]  ? __irq_work_queue_local+0x137/0x410
[  626.607905][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  626.607931][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  626.607957][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  626.607987][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  626.608018][   T30]  watchdog+0x101d/0x1020
[  626.608046][   T30]  ? watchdog+0x1ea/0x1020
[  626.608079][   T30]  ? __pfx_watchdog+0x10/0x10
[  626.608104][   T30]  kthread+0x2f0/0x390
[  626.608133][   T30]  ? __pfx_watchdog+0x10/0x10
[  626.608158][   T30]  ? __pfx_kthread+0x10/0x10
[  626.608189][   T30]  ret_from_fork+0x4b/0x80
[  626.608220][   T30]  ? __pfx_kthread+0x10/0x10
[  626.608250][   T30]  ret_from_fork_asm+0x1a/0x30
[  626.608300][   T30]  </TASK>
[  626.611376][   T30] Kernel Offset: disabled
[  627.087370][   T30] Rebooting in 86400 seconds..